Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/PxhD3NCms2_K1qoOJvcHx0G9F1U.cer
File:                     PxhD3NCms2_K1qoOJvcHx0G9F1U.cer (raw, json)
Hash identifier:          FKz9zZoXXdHWXMplLRvWStwGc+ykGGksY4OCn7SKnGw=
Subject key identifier:   3F:18:43:DC:D0:A6:B3:6F:CA:D6:AA:0E:26:F7:07:C7:41:BD:17:55
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01856CAD3A0E31572C486EFE1712908D14CE
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/ba/f2ed3d-97f6-4a10-9010-6aff06d368e9/1/PxhD3NCms2_K1qoOJvcHx0G9F1U.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/ba/f2ed3d-97f6-4a10-9010-6aff06d368e9/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Sun 01 Jan 2023 09:32:50 +0000
Certificate not after:    Mon 01 Jul 2024 00:00:00 +0000
Subordinate resources:    AS: 60133
                          IP: 91.198.135.0/24
                          IP: 2001:67c:578::/48

Validation:               Failed, certificate revoked on Mon 09 Jan 2023 10:24:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6c:ad:3a:0e:31:57:2c:48:6e:fe:17:12:90:8d:14:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 09:32:50 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3f1843dcd0a6b36fcad6aa0e26f707c741bd1755
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:15:cf:9a:2c:e6:90:78:41:65:36:ae:51:f6:
                    cb:ab:2b:5d:05:42:ab:cf:ad:3b:9b:9e:56:bf:03:
                    f8:ed:98:d2:7d:f8:03:38:1d:bf:5a:24:d4:71:be:
                    ae:18:27:9f:d1:89:ff:05:8f:2a:d4:b8:7f:5e:6e:
                    95:cb:5c:bd:af:4a:39:39:ca:c0:69:5e:f6:0a:6d:
                    38:4e:cd:0c:af:3e:e3:c6:27:c0:70:d3:d5:ea:71:
                    cd:5b:0d:d8:16:94:87:ac:89:2c:6d:60:2b:4e:41:
                    8b:44:44:8e:39:23:76:9b:e3:49:02:6e:a7:9f:6e:
                    ea:6d:77:f6:c3:ba:ec:b0:d8:85:55:76:d4:72:37:
                    bb:0d:0d:4a:e8:ce:49:6a:c0:39:f0:e1:22:84:b3:
                    e7:b9:38:62:d2:8d:74:be:46:6c:28:99:a5:d1:62:
                    33:75:07:9f:a0:9a:24:86:ed:7f:cd:fb:20:e7:37:
                    86:e9:f3:06:c6:ef:d0:85:ab:ea:39:cd:80:3a:1f:
                    d1:2e:49:21:92:1c:0d:20:b5:8d:8b:66:8c:98:db:
                    f5:6e:2f:a4:85:77:b6:e5:23:4e:c5:3f:03:d7:07:
                    c8:1f:3b:c6:c9:05:1f:24:f5:2f:66:ce:ae:fb:6b:
                    e8:9f:ac:54:35:9f:1f:ce:a7:00:c5:5f:02:0d:77:
                    5a:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:18:43:DC:D0:A6:B3:6F:CA:D6:AA:0E:26:F7:07:C7:41:BD:17:55
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/f2ed3d-97f6-4a10-9010-6aff06d368e9/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/f2ed3d-97f6-4a10-9010-6aff06d368e9/1/PxhD3NCms2_K1qoOJvcHx0G9F1U.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.198.135.0/24
                IPv6:
                  2001:67c:578::/48

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  60133

    Signature Algorithm: sha256WithRSAEncryption
         a5:92:19:aa:ea:d5:0b:99:01:33:fd:91:e6:f0:75:1b:75:13:
         a5:71:8e:f3:00:b3:74:32:06:a5:84:7e:e6:44:e3:f7:b4:c1:
         16:76:2a:30:8c:55:b4:38:13:dc:ce:0f:2a:6d:00:70:d7:8c:
         e2:8d:c3:0b:90:03:83:3d:d3:cb:2e:2a:d8:b0:48:8c:e0:08:
         b3:59:2c:31:d8:07:a6:00:e5:c7:4d:2a:cf:15:8b:df:0e:fd:
         a5:41:92:cf:dc:bb:4f:d4:b6:5b:5c:19:43:06:66:90:53:b0:
         91:2f:0f:eb:f0:6e:44:b2:49:68:f4:8d:d9:27:b3:a6:a8:5e:
         8c:76:4d:79:47:69:7f:31:7c:54:cf:ee:5f:68:c8:dd:8b:fd:
         38:46:72:80:71:f7:c3:cd:1d:a3:a5:3e:c2:77:5f:da:5a:22:
         10:67:3a:c6:ca:10:0f:91:38:ec:ad:1f:0b:35:6b:49:4f:9f:
         ed:a9:b3:8c:39:f3:65:6d:19:46:6d:ff:01:6a:7c:e0:50:b3:
         56:de:80:4c:16:73:b9:2a:3b:4b:4a:ac:f0:cd:bb:3f:6a:32:
         2b:dd:fa:8c:94:10:cc:08:1b:0e:f7:d7:44:4b:bb:e1:d9:ee:
         69:4f:2b:f1:94:6a:45:87:82:82:b3:81:a3:43:04:db:8e:e4:
         22:d3:a6:ec
-----BEGIN CERTIFICATE-----
MIIFpTCCBI2gAwIBAgISAYVsrToOMVcsSG7+FxKQjRTOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjMwMTAxMDkzMjUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjE4NDNkY2QwYTZiMzZmY2FkNmFhMGUyNmY3MDdjNzQxYmQxNzU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtxXPmizmkHhBZTauUfbLqytdBUKr
z607m55WvwP47ZjSffgDOB2/WiTUcb6uGCef0Yn/BY8q1Lh/Xm6Vy1y9r0o5OcrA
aV72Cm04Ts0Mrz7jxifAcNPV6nHNWw3YFpSHrIksbWArTkGLRESOOSN2m+NJAm6n
n27qbXf2w7rssNiFVXbUcje7DQ1K6M5JasA58OEihLPnuThi0o10vkZsKJml0WIz
dQefoJokhu1/zfsg5zeG6fMGxu/QhavqOc2AOh/RLkkhkhwNILWNi2aMmNv1bi+k
hXe25SNOxT8D1wfIHzvGyQUfJPUvZs6u+2von6xUNZ8fzqcAxV8CDXda8wIDAQAB
o4ICsTCCAq0wHQYDVR0OBBYEFD8YQ9zQprNvytaqDib3B8dBvRdVMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2JhL2YyZWQz
ZC05N2Y2LTRhMTAtOTAxMC02YWZmMDZkMzY4ZTkvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYmEvZjJlZDNk
LTk3ZjYtNGExMC05MDEwLTZhZmYwNmQzNjhlOS8xL1B4aEQzTkNtczJfSzFxb09K
dmNIeDBHOUYxVS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDAGCCsGAQUF
BwEHAQH/BCEwHzAMBAIAATAGAwQAW8aHMA8EAgACMAkDBwAgAQZ8BXgwGgYIKwYB
BQUHAQgBAf8ECzAJoAcwBQIDAOrlMA0GCSqGSIb3DQEBCwUAA4IBAQClkhmq6tUL
mQEz/ZHm8HUbdROlcY7zALN0MgalhH7mROP3tMEWdiowjFW0OBPczg8qbQBw14zi
jcMLkAODPdPLLirYsEiM4AizWSwx2AemAOXHTSrPFYvfDv2lQZLP3LtP1LZbXBlD
BmaQU7CRLw/r8G5Esklo9I3ZJ7OmqF6Mdk15R2l/MXxUz+5faMjdi/04RnKAcffD
zR2jpT7Cd1/aWiIQZzrGyhAPkTjsrR8LNWtJT5/tqbOMOfNlbRlGbf8BanzgULNW
3oBMFnO5KjtLSqzwzbs/ajIr3fqMlBDMCBsO99dES7vh2e5pTyvxlGpFh4KCs4Gj
QwTbjuQi06bs
-----END CERTIFICATE-----