Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0t9IuNxsKS7qjIBRd_2mdL8hlz4.cer
File:                     0t9IuNxsKS7qjIBRd_2mdL8hlz4.cer (raw, json)
Hash identifier:          NN/uXXopPthug5lk+su4xELZgXPGOvJ5+Qxufddw46k=
Subject key identifier:   D2:DF:48:B8:DC:6C:29:2E:EA:8C:80:51:77:FD:A6:74:BF:21:97:3E
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01956090AF23B0D6669B567049AFEA1C6779
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/69/c0e112-dfb2-44e8-8707-ffc6f0da4a9f/1/0t9IuNxsKS7qjIBRd_2mdL8hlz4.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/69/c0e112-dfb2-44e8-8707-ffc6f0da4a9f/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 04 Mar 2025 09:50:49 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 51381
                          AS: 56873
                          IP: 185.215.113.0/24
                          IP: 2a10:9700::/29
Validation:               Failed, certificate revoked on Tue 04 Mar 2025 16:17:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:60:90:af:23:b0:d6:66:9b:56:70:49:af:ea:1c:67:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Mar  4 09:50:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d2df48b8dc6c292eea8c805177fda674bf21973e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:39:b0:2b:57:ea:47:44:a6:4b:aa:99:7c:11:
                    e2:09:51:0d:45:3e:1d:41:63:37:8b:21:e2:29:a6:
                    98:91:3a:cd:8e:14:5f:9e:d6:d5:d4:c1:f4:ff:f0:
                    eb:9d:22:a8:72:1e:53:51:1a:b2:1a:3a:c1:1d:d7:
                    9c:0f:5f:25:67:ba:fe:3d:b6:13:b2:fb:d9:57:0f:
                    4a:fe:97:8a:26:66:5c:2b:1b:47:2a:73:31:61:4e:
                    41:de:8b:71:7e:ee:21:d8:34:72:e8:b6:a9:95:cc:
                    b4:ba:b8:77:d1:f7:ce:f7:d5:ae:9a:fe:41:02:b3:
                    ca:72:fe:a4:f7:b7:18:b9:96:37:32:c5:de:4b:59:
                    29:70:68:37:29:5e:6f:42:2b:b7:3e:18:0e:a7:71:
                    59:23:11:6e:60:7c:61:7c:14:0e:db:16:9b:0d:c9:
                    18:03:79:12:9b:32:0c:be:4f:5e:5d:78:77:00:cc:
                    05:c1:36:6a:70:8e:15:5f:07:ca:5b:4d:a7:49:9a:
                    99:c9:3b:d0:b5:c7:d5:1a:08:33:80:80:bf:90:9f:
                    84:25:25:5b:2e:3d:ea:a5:41:3e:52:0e:83:d5:c4:
                    54:4b:c9:8c:fe:6b:a9:19:b4:12:ad:02:e4:0c:85:
                    4d:31:61:03:9c:b3:c8:0e:a2:18:a0:37:64:6a:b2:
                    c0:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:DF:48:B8:DC:6C:29:2E:EA:8C:80:51:77:FD:A6:74:BF:21:97:3E
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/c0e112-dfb2-44e8-8707-ffc6f0da4a9f/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/c0e112-dfb2-44e8-8707-ffc6f0da4a9f/1/0t9IuNxsKS7qjIBRd_2mdL8hlz4.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.215.113.0/24
                IPv6:
                  2a10:9700::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  51381
                  56873

    Signature Algorithm: sha256WithRSAEncryption
         94:16:85:cf:f2:b9:ae:1c:4b:fa:b2:78:08:be:cd:2f:c9:e4:
         43:20:c3:ca:69:8c:7e:9d:b9:71:5b:09:c9:d6:b0:8e:2c:f2:
         38:de:5d:99:aa:6d:0e:c8:eb:b6:1a:b7:61:be:1b:11:21:62:
         08:4d:47:b2:76:31:ce:b8:63:76:27:11:fd:89:11:bf:c6:8c:
         95:f1:96:6d:ec:13:95:8f:c4:ef:42:13:29:3a:f3:fe:ad:b0:
         f3:43:20:ce:11:c1:1c:99:39:55:81:22:2f:f7:89:25:f3:be:
         d0:35:75:8f:36:b7:ec:27:3b:65:d6:ec:f0:bb:dd:53:d7:35:
         24:8d:de:fe:78:94:30:e0:81:17:af:1f:aa:e3:b9:4d:f3:56:
         f6:af:bd:23:20:07:17:53:c8:cc:af:64:06:74:a7:04:a1:38:
         8a:c7:7d:2d:3f:60:87:17:2e:e8:22:4b:7f:8e:67:2a:ce:82:
         19:c8:80:be:51:98:4e:3a:0f:6e:1f:65:fe:8e:f5:e7:9f:7a:
         36:9d:bd:f3:67:9d:34:21:59:cf:bd:18:b0:eb:23:5e:87:5e:
         59:6e:e1:7c:ff:dc:4e:86:41:0a:ac:c6:ba:0a:c4:5e:cc:41:
         d2:46:b5:e0:04:48:cf:d5:4f:c1:16:17:b1:65:71:80:ae:49:
         37:37:42:67
-----BEGIN CERTIFICATE-----
MIIFqDCCBJCgAwIBAgISAZVgkK8jsNZmm1ZwSa/qHGd5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMzA0MDk1MDQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMmRmNDhiOGRjNmMyOTJlZWE4YzgwNTE3N2ZkYTY3NGJmMjE5NzNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxjmwK1fqR0SmS6qZfBHiCVENRT4d
QWM3iyHiKaaYkTrNjhRfntbV1MH0//DrnSKoch5TURqyGjrBHdecD18lZ7r+PbYT
svvZVw9K/peKJmZcKxtHKnMxYU5B3otxfu4h2DRy6Laplcy0urh30ffO99Wumv5B
ArPKcv6k97cYuZY3MsXeS1kpcGg3KV5vQiu3PhgOp3FZIxFuYHxhfBQO2xabDckY
A3kSmzIMvk9eXXh3AMwFwTZqcI4VXwfKW02nSZqZyTvQtcfVGggzgIC/kJ+EJSVb
Lj3qpUE+Ug6D1cRUS8mM/mupGbQSrQLkDIVNMWEDnLPIDqIYoDdkarLA5wIDAQAB
o4ICtDCCArAwHQYDVR0OBBYEFNLfSLjcbCku6oyAUXf9pnS/IZc+MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzY5L2MwZTEx
Mi1kZmIyLTQ0ZTgtODcwNy1mZmM2ZjBkYTRhOWYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNjkvYzBlMTEy
LWRmYjItNDRlOC04NzA3LWZmYzZmMGRhNGE5Zi8xLzB0OUl1TnhzS1M3cWpJQlJk
XzJtZEw4aGx6NC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQAuddxMA0EAgACMAcDBQMqEJcAMB8GCCsGAQUF
BwEIAQH/BBAwDqAMMAoCAwDItQIDAN4pMA0GCSqGSIb3DQEBCwUAA4IBAQCUFoXP
8rmuHEv6sngIvs0vyeRDIMPKaYx+nblxWwnJ1rCOLPI43l2Zqm0OyOu2GrdhvhsR
IWIITUeydjHOuGN2JxH9iRG/xoyV8ZZt7BOVj8TvQhMpOvP+rbDzQyDOEcEcmTlV
gSIv94kl877QNXWPNrfsJztl1uzwu91T1zUkjd7+eJQw4IEXrx+q47lN81b2r70j
IAcXU8jMr2QGdKcEoTiKx30tP2CHFy7oIkt/jmcqzoIZyIC+UZhOOg9uH2X+jvXn
n3o2nb3zZ500IVnPvRiw6yNeh15ZbuF8/9xOhkEKrMa6CsRezEHSRrXgBEjP1U/B
FhexZXGArkk3N0Jn
-----END CERTIFICATE-----