Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/lX_Q-1YhVrWBmvzlAywQSDsBbNg.cer
File:                     lX_Q-1YhVrWBmvzlAywQSDsBbNg.cer (raw, json)
Hash identifier:          MdlYonpG2l8dnKRv9o8grKFMRnytbnsG/1wVO5CPnbw=
Subject key identifier:   95:7F:D0:FB:56:21:56:B5:81:9A:FC:E5:03:2C:10:48:3B:01:6C:D8
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0187222C0DBA32D19B13EEA21AFCA97A922D
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/201/957FD0FB562156B5819AFCE5032C10483B016CD8.mft
caRepository:             rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/201
Notify URL:               https://rrdp.paas.rpki.ripe.net/notification.xml
Certificate not before:   Mon 27 Mar 2023 08:25:25 +0000
Certificate not after:    Mon 01 Jul 2024 00:00:00 +0000
Subordinate resources:    IP: 193.46.221.0/24

Validation:               Failed, certificate revoked on Fri 20 Oct 2023 11:52:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:22:2c:0d:ba:32:d1:9b:13:ee:a2:1a:fc:a9:7a:92:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Mar 27 08:25:25 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=957fd0fb562156b5819afce5032c10483b016cd8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:5e:9f:e8:64:c6:48:9f:60:d4:09:e5:5a:be:
                    8c:79:dd:b3:fe:3d:e6:15:7e:7c:68:0f:98:10:e5:
                    bb:36:8a:50:e7:ce:98:f9:f8:03:79:61:7f:ef:d4:
                    e9:33:e1:4f:37:b9:a1:d9:1a:01:cb:02:68:69:df:
                    32:19:4b:ef:18:7e:5f:98:c1:f7:48:01:71:b8:30:
                    f5:43:3f:90:10:a1:3c:14:24:eb:69:ce:dc:4c:a3:
                    ae:0a:9d:8f:da:9e:16:28:e8:a0:8f:0a:81:26:90:
                    c6:c4:5e:a5:4e:cd:4d:06:2e:4c:aa:49:7d:e9:30:
                    3b:05:71:f4:fc:77:3d:c0:b7:b6:d7:f3:2e:74:1c:
                    73:91:d8:42:1e:a8:80:91:ed:e1:a5:72:52:ea:36:
                    cf:cd:d0:86:5b:38:d9:f9:9b:03:7d:6c:a9:5a:ed:
                    b5:66:41:df:db:10:63:86:de:59:ff:9c:82:9f:66:
                    9d:94:11:c0:22:4d:e5:00:73:c2:1e:d1:c1:e8:0c:
                    0f:18:a4:21:b8:bd:4a:cc:f9:cd:61:c0:f2:a7:10:
                    e6:5d:21:d0:0a:db:64:f6:91:e6:b5:69:c1:59:a0:
                    c0:44:48:79:b2:4f:59:86:91:53:f8:aa:41:5f:e6:
                    c4:eb:f8:3e:ac:97:7b:fb:81:58:5b:50:28:3a:b4:
                    9d:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:7F:D0:FB:56:21:56:B5:81:9A:FC:E5:03:2C:10:48:3B:01:6C:D8
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/201
                RPKI Manifest - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/201/957FD0FB562156B5819AFCE5032C10483B016CD8.mft
                RPKI Notify - URI:https://rrdp.paas.rpki.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.46.221.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:a7:b2:15:e0:a3:4d:17:2d:93:d0:6b:50:f6:9f:91:6f:0a:
         4e:e3:83:7a:1d:71:aa:47:73:9c:55:ea:0f:f2:3b:ca:17:ef:
         84:ed:2d:43:75:03:0f:8a:69:88:a7:bb:8f:de:ff:41:1e:55:
         e8:e1:8d:df:8d:9a:44:5c:8d:58:bb:09:ab:79:7c:5e:06:10:
         35:ca:f0:54:c6:78:25:35:0c:2f:a9:38:14:61:95:81:55:b8:
         13:f2:7d:c8:19:93:96:c1:dd:1f:3a:2f:8d:47:8b:bf:ac:8b:
         be:02:6c:70:44:cc:14:7b:9f:ca:2f:75:4b:3f:47:da:ea:74:
         2b:a7:47:15:86:f3:1d:ac:05:15:d9:4a:9e:ec:5a:5f:c2:e9:
         fc:65:f6:7d:da:ef:8f:d8:99:25:4d:d9:6f:f8:3f:88:8e:d8:
         38:f0:0a:75:a0:3b:ca:29:3b:90:49:b5:f5:4f:61:29:24:81:
         3f:6c:b3:24:7f:cb:95:be:ed:b5:ac:2b:a9:96:8c:ac:f4:24:
         4e:e7:82:c2:eb:eb:98:44:cc:00:22:ba:ad:ab:d9:31:74:87:
         41:24:1f:1b:46:df:ea:90:8c:93:39:95:44:cd:e9:07:bf:a3:
         0e:9a:ac:20:74:08:89:69:79:b2:ed:ee:59:b5:c9:ab:4c:14:
         fd:ba:ee:a4
-----BEGIN CERTIFICATE-----
MIIFmDCCBICgAwIBAgISAYciLA26MtGbE+6iGvypepItMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjMwMzI3MDgyNTI1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTdmZDBmYjU2MjE1NmI1ODE5YWZjZTUwMzJjMTA0ODNiMDE2Y2Q4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwV6f6GTGSJ9g1AnlWr6Med2z/j3m
FX58aA+YEOW7NopQ586Y+fgDeWF/79TpM+FPN7mh2RoBywJoad8yGUvvGH5fmMH3
SAFxuDD1Qz+QEKE8FCTrac7cTKOuCp2P2p4WKOigjwqBJpDGxF6lTs1NBi5Mqkl9
6TA7BXH0/Hc9wLe21/MudBxzkdhCHqiAke3hpXJS6jbPzdCGWzjZ+ZsDfWypWu21
ZkHf2xBjht5Z/5yCn2adlBHAIk3lAHPCHtHB6AwPGKQhuL1KzPnNYcDypxDmXSHQ
Cttk9pHmtWnBWaDAREh5sk9ZhpFT+KpBX+bE6/g+rJd7+4FYW1AoOrSdUQIDAQAB
o4ICpDCCAqAwHQYDVR0OBBYEFJV/0PtWIVa1gZr85QMsEEg7AWzYMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggFDBggrBgEFBQcBCwSCATUwggExMGAGCCsGAQUFBzAFhlRy
c3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2ZlMzcw
OGEwLTY3ZDUtNGFjMi1hYmM0LWEzMzI1OTBiOTlhZi8yMDEwgY4GCCsGAQUFBzAK
hoGBcnN5bmM6Ly9yc3luYy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9m
ZTM3MDhhMC02N2Q1LTRhYzItYWJjNC1hMzMyNTkwYjk5YWYvMjAxLzk1N0ZEMEZC
NTYyMTU2QjU4MTlBRkNFNTAzMkMxMDQ4M0IwMTZDRDgubWZ0MDwGCCsGAQUFBzAN
hjBodHRwczovL3JyZHAucGFhcy5ycGtpLnJpcGUubmV0L25vdGlmaWNhdGlvbi54
bWwwWQYDVR0fBFIwUDBOoEygSoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9z
aXRvcnkvREVGQVVMVC9LcFNvM1ZWSzV3RUhJSm5IQzJRSFZWM2Q1bWsuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADBLt0wDQYJKoZIhvcNAQELBQADggEBACWnshXgo00XLZPQa1D2n5FvCk7j
g3odcapHc5xV6g/yO8oX74TtLUN1Aw+KaYinu4/e/0EeVejhjd+NmkRcjVi7Cat5
fF4GEDXK8FTGeCU1DC+pOBRhlYFVuBPyfcgZk5bB3R86L41Hi7+si74CbHBEzBR7
n8ovdUs/R9rqdCunRxWG8x2sBRXZSp7sWl/C6fxl9n3a74/YmSVN2W/4P4iO2Djw
CnWgO8opO5BJtfVPYSkkgT9ssyR/y5W+7bWsK6mWjKz0JE7ngsLr65hEzAAiuq2r
2TF0h0EkHxtG3+qQjJM5lUTN6Qe/ow6arCB0CIlpebLt7lm1yatMFP267qQ=
-----END CERTIFICATE-----