Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0sm8LPkFvUO0KfUZSoGTbPHsYZs.cer
File:                     0sm8LPkFvUO0KfUZSoGTbPHsYZs.cer (raw, json)
Hash identifier:          F8locwX0ryzeTW/nYYiTiVMcJfbErvBPQ/gDb8aXIyw=
Subject key identifier:   D2:C9:BC:2C:F9:05:BD:43:B4:29:F5:19:4A:81:93:6C:F1:EC:61:9B
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC5012FFA364B22EAC1B63B56832123A4
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/5d/e2662e-d81d-4baa-91cc-f845cfbb5e7a/1/0sm8LPkFvUO0KfUZSoGTbPHsYZs.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/5d/e2662e-d81d-4baa-91cc-f845cfbb5e7a/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 12:30:38 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 41458
                          IP: 91.201.170.0/24
                          IP: 94.229.0.0/20
                          IP: 185.50.132.0/22
                          IP: 195.3.164.0/22
                          IP: 2a02:de8::/32
                          IP: 2a10:4fc0::/29

Validation:               Failed, certificate revoked on Wed 06 Mar 2024 08:47:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:2f:fa:36:4b:22:ea:c1:b6:3b:56:83:21:23:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 12:30:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d2c9bc2cf905bd43b429f5194a81936cf1ec619b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:f7:0d:95:10:fd:5d:5a:05:e6:11:0e:1a:46:
                    69:81:e9:d8:09:2f:79:c7:ba:91:1a:41:bd:53:56:
                    d0:c7:a1:e5:b0:df:69:65:fa:7f:18:aa:f0:e4:5c:
                    3e:1d:6a:58:5f:84:c2:ca:17:5e:de:c1:9c:14:02:
                    67:11:fd:10:74:a9:47:86:18:08:53:18:f7:1d:69:
                    20:80:71:0d:48:86:a7:37:38:c0:ed:a0:eb:a4:af:
                    3d:f4:59:2a:6d:c3:0c:78:4d:cc:4b:d0:4a:f1:26:
                    81:63:a5:f9:0f:dd:27:2b:6d:d4:64:db:7b:91:63:
                    eb:30:95:4c:93:7a:77:e2:93:a0:2d:64:dc:14:f9:
                    50:26:c7:2c:42:27:7f:b6:81:87:80:42:87:af:c9:
                    a0:86:35:6b:c1:33:7b:36:d3:96:7c:4a:4a:e3:b0:
                    db:55:0b:1d:d6:1e:10:1a:2d:a1:39:a7:d9:57:61:
                    bb:f4:a5:89:8e:e4:64:fc:0f:14:49:a1:cc:56:d2:
                    10:96:28:27:26:d9:f1:f1:87:8a:ab:c7:df:f5:6f:
                    60:30:f7:0f:ca:c0:7e:c6:f5:27:87:30:d6:a1:0a:
                    27:2a:5c:49:ea:81:b3:f5:ff:7e:33:8a:89:f7:87:
                    20:71:c4:0c:ab:0b:86:25:2a:92:22:b5:4b:b4:88:
                    4b:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:C9:BC:2C:F9:05:BD:43:B4:29:F5:19:4A:81:93:6C:F1:EC:61:9B
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/e2662e-d81d-4baa-91cc-f845cfbb5e7a/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/e2662e-d81d-4baa-91cc-f845cfbb5e7a/1/0sm8LPkFvUO0KfUZSoGTbPHsYZs.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.201.170.0/24
                  94.229.0.0/20
                  185.50.132.0/22
                  195.3.164.0/22
                IPv6:
                  2a02:de8::/32
                  2a10:4fc0::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  41458

    Signature Algorithm: sha256WithRSAEncryption
         58:a0:d4:65:18:77:bb:36:49:e3:21:2c:7d:5e:2e:fa:54:7b:
         94:c0:eb:b3:67:61:94:15:c4:63:22:e3:4b:3e:51:f2:7f:1a:
         63:b5:65:01:b7:6a:7a:59:9a:74:c4:43:61:7a:00:d2:69:67:
         d5:85:c0:b8:9f:19:95:09:ce:f1:dd:e6:3b:0b:89:c4:c4:d6:
         f8:9f:45:f3:28:af:cf:1e:08:f6:d4:56:57:ed:98:59:77:16:
         5e:18:48:37:f2:d7:b0:44:ab:f3:22:16:5b:bd:9a:05:1c:96:
         3f:86:cb:32:ea:00:a2:d3:71:26:b9:b0:ff:0f:a1:2c:d2:95:
         01:95:3b:d7:12:3b:33:1c:33:c9:84:df:1e:5d:8d:db:de:00:
         04:b2:42:28:fd:60:04:6a:fd:65:2c:19:8e:2f:64:a7:e4:22:
         24:d6:f3:31:e6:f8:67:fa:91:45:24:b5:e8:03:23:8d:64:2b:
         4a:c7:73:7b:33:2c:cb:14:7e:62:ac:7e:72:97:d6:00:dd:d2:
         57:99:c7:07:ed:3a:d9:1f:e1:1c:1a:3d:fd:40:88:a7:29:e3:
         73:bc:41:26:eb:5c:16:3a:98:a6:9b:63:11:82:0b:91:50:1a:
         f1:0f:fc:7c:51:ca:01:1e:5a:50:c8:f3:e9:35:d8:71:54:be:
         09:30:cc:16
-----BEGIN CERTIFICATE-----
MIIFvDCCBKSgAwIBAgISAYzFAS/6Nksi6sG2O1aDISOkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTIzMDM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMmM5YmMyY2Y5MDViZDQzYjQyOWY1MTk0YTgxOTM2Y2YxZWM2MTliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3PcNlRD9XVoF5hEOGkZpgenYCS95
x7qRGkG9U1bQx6HlsN9pZfp/GKrw5Fw+HWpYX4TCyhde3sGcFAJnEf0QdKlHhhgI
Uxj3HWkggHENSIanNzjA7aDrpK899FkqbcMMeE3MS9BK8SaBY6X5D90nK23UZNt7
kWPrMJVMk3p34pOgLWTcFPlQJscsQid/toGHgEKHr8mghjVrwTN7NtOWfEpK47Db
VQsd1h4QGi2hOafZV2G79KWJjuRk/A8USaHMVtIQlignJtnx8YeKq8ff9W9gMPcP
ysB+xvUnhzDWoQonKlxJ6oGz9f9+M4qJ94cgccQMqwuGJSqSIrVLtIhLkwIDAQAB
o4ICyDCCAsQwHQYDVR0OBBYEFNLJvCz5Bb1DtCn1GUqBk2zx7GGbMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzVkL2UyNjYy
ZS1kODFkLTRiYWEtOTFjYy1mODQ1Y2ZiYjVlN2EvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNWQvZTI2NjJl
LWQ4MWQtNGJhYS05MWNjLWY4NDVjZmJiNWU3YS8xLzBzbThMUGtGdlVPMEtmVVpT
b0dUYlBIc1lacy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMEcGCCsGAQUF
BwEHAQH/BDgwNjAeBAIAATAYAwQAW8mqAwQEXuUAAwQCuTKEAwQCwwOkMBQEAgAC
MA4DBQAqAg3oAwUDKhBPwDAaBggrBgEFBQcBCAEB/wQLMAmgBzAFAgMAofIwDQYJ
KoZIhvcNAQELBQADggEBAFig1GUYd7s2SeMhLH1eLvpUe5TA67NnYZQVxGMi40s+
UfJ/GmO1ZQG3anpZmnTEQ2F6ANJpZ9WFwLifGZUJzvHd5jsLicTE1vifRfMor88e
CPbUVlftmFl3Fl4YSDfy17BEq/MiFlu9mgUclj+GyzLqAKLTcSa5sP8PoSzSlQGV
O9cSOzMcM8mE3x5djdveAASyQij9YARq/WUsGY4vZKfkIiTW8zHm+Gf6kUUktegD
I41kK0rHc3szLMsUfmKsfnKX1gDd0leZxwftOtkf4RwaPf1AiKcp43O8QSbrXBY6
mKabYxGCC5FQGvEP/HxRygEeWlDI8+k12HFUvgkwzBY=
-----END CERTIFICATE-----