Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3SqaR157l-G-_Pzkc8cqCOtHHBo.cer
File:                     3SqaR157l-G-_Pzkc8cqCOtHHBo.cer (raw, json)
Hash identifier:          Cc6GymbPFN/nxTisGuZaLCpPT/qcdvuwbwc61IYvFgc=
Subject key identifier:   DD:2A:9A:47:5E:7B:97:E1:BE:FC:FC:E4:73:C7:2A:08:EB:47:1C:1A
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0187222C7C840F34CA721D568F6B5FC097C1
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/108/DD2A9A475E7B97E1BEFCFCE473C72A08EB471C1A.mft
caRepository:             rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/108
Notify URL:               https://rrdp.paas.rpki.ripe.net/notification.xml
Certificate not before:   Mon 27 Mar 2023 08:25:53 +0000
Certificate not after:    Mon 01 Jul 2024 00:00:00 +0000
Subordinate resources:    IP: 2.56.236.0/22
                          IP: 2.59.156.0/22
                          IP: 5.181.204.0/22
                          IP: 45.8.164.0/22
                          IP: 45.11.80.0/22
                          IP: 45.14.192.0/22
                          IP: 45.85.248.0/22
                          IP: 45.88.220.0/22
                          IP: 45.93.52.0/22
                          IP: 45.134.188.0/22
                          IP: 45.138.204.0/22
                          IP: 91.229.244.0/23
                          IP: 91.230.110.0/23
                          IP: 92.118.48.0/22
                          IP: 193.5.151.0/24
                          IP: 2a09:a6c0::/29

Validation:               Failed, certificate revoked on Wed 27 Sep 2023 12:02:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:22:2c:7c:84:0f:34:ca:72:1d:56:8f:6b:5f:c0:97:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Mar 27 08:25:53 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=dd2a9a475e7b97e1befcfce473c72a08eb471c1a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:ef:ed:9a:1e:ef:0c:1c:e2:b1:ba:14:73:95:
                    a8:9d:fc:f1:c9:50:10:de:bb:66:05:9a:39:7f:5b:
                    9d:a5:a4:5a:dc:06:bc:6a:b8:58:1d:b0:00:b6:a4:
                    86:a8:22:81:d0:dd:d7:ae:54:af:32:d3:30:3a:6d:
                    b1:d2:1f:af:e1:5b:34:54:7b:a5:c0:1d:d8:a3:36:
                    1b:2b:11:b4:09:39:64:40:1d:2a:a8:15:94:e3:65:
                    d8:a2:00:c5:73:9d:14:18:0f:15:4d:71:6c:24:4d:
                    5c:02:36:b6:e2:dd:94:d8:c1:ba:10:df:75:23:ed:
                    35:d1:18:a0:a9:16:0a:08:ab:1e:ca:8d:59:12:8c:
                    51:42:4c:f9:7a:de:38:34:74:ba:65:f5:ce:06:20:
                    e7:e4:82:55:fa:1e:49:e6:69:1d:28:95:f1:0f:81:
                    68:1a:a0:af:ed:44:3c:8a:2f:bd:9d:20:cc:6d:3c:
                    89:83:b9:65:41:7d:81:26:34:07:33:d6:70:c1:8e:
                    bb:d9:d1:95:fa:89:1b:bb:c1:7e:10:06:24:2f:07:
                    67:36:fc:26:70:b5:c8:78:8f:2d:d7:24:3d:2c:99:
                    2f:cf:1f:2b:aa:78:30:ca:69:38:dc:40:4d:90:75:
                    11:c9:c6:2f:4c:e3:56:e0:cb:a5:6a:96:31:49:f8:
                    c8:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:2A:9A:47:5E:7B:97:E1:BE:FC:FC:E4:73:C7:2A:08:EB:47:1C:1A
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/108
                RPKI Manifest - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/108/DD2A9A475E7B97E1BEFCFCE473C72A08EB471C1A.mft
                RPKI Notify - URI:https://rrdp.paas.rpki.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.56.236.0/22
                  2.59.156.0/22
                  5.181.204.0/22
                  45.8.164.0/22
                  45.11.80.0/22
                  45.14.192.0/22
                  45.85.248.0/22
                  45.88.220.0/22
                  45.93.52.0/22
                  45.134.188.0/22
                  45.138.204.0/22
                  91.229.244.0/23
                  91.230.110.0/23
                  92.118.48.0/22
                  193.5.151.0/24
                IPv6:
                  2a09:a6c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         58:0e:33:59:e2:3f:28:32:c1:27:30:9d:42:e8:d0:13:8e:3f:
         31:67:e2:dc:97:ad:85:fc:63:90:f5:72:f0:0f:35:0c:68:b4:
         fc:d7:1d:db:d2:5f:22:51:6c:ec:55:21:2e:4e:94:24:b7:fd:
         20:c7:85:86:05:b2:00:5a:9d:af:4d:2c:fe:e3:47:84:8d:ee:
         7f:47:ab:ef:68:bf:f5:4a:22:f2:aa:2d:10:f7:29:fc:32:a3:
         5c:42:44:60:0b:83:82:74:27:1d:01:0a:47:1f:44:bf:9b:a8:
         c5:86:5b:ca:6a:d5:d5:b7:65:e1:65:af:16:78:2c:e6:87:11:
         57:ea:e6:cd:85:b0:8f:a2:4b:f4:f2:58:72:9d:10:a3:b0:00:
         0f:dc:35:06:20:85:a4:a5:63:24:49:cc:82:3b:6f:b8:48:47:
         a5:e2:ed:ce:fc:33:f2:79:70:62:62:b7:03:1e:83:f0:bd:34:
         53:f7:37:e3:05:63:18:4e:a8:20:fe:ac:9c:f8:00:94:c2:85:
         be:16:4d:7e:1f:e6:a5:c4:c1:12:ba:42:ed:ac:37:23:b0:6c:
         a6:83:dd:3f:0e:a5:49:01:fa:19:5e:5b:d3:29:2c:e6:31:8b:
         e8:2d:de:bc:8b:77:54:34:34:4c:bf:c5:c9:6f:1b:3c:8d:aa:
         6d:cb:96:0d
-----BEGIN CERTIFICATE-----
MIIF/DCCBOSgAwIBAgISAYciLHyEDzTKch1Wj2tfwJfBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjMwMzI3MDgyNTUzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDJhOWE0NzVlN2I5N2UxYmVmY2ZjZTQ3M2M3MmEwOGViNDcxYzFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5+/tmh7vDBzisboUc5WonfzxyVAQ
3rtmBZo5f1udpaRa3Aa8arhYHbAAtqSGqCKB0N3XrlSvMtMwOm2x0h+v4Vs0VHul
wB3YozYbKxG0CTlkQB0qqBWU42XYogDFc50UGA8VTXFsJE1cAja24t2U2MG6EN91
I+010RigqRYKCKseyo1ZEoxRQkz5et44NHS6ZfXOBiDn5IJV+h5J5mkdKJXxD4Fo
GqCv7UQ8ii+9nSDMbTyJg7llQX2BJjQHM9ZwwY672dGV+okbu8F+EAYkLwdnNvwm
cLXIeI8t1yQ9LJkvzx8rqngwymk43EBNkHURycYvTONW4MulapYxSfjIjwIDAQAB
o4IDCDCCAwQwHQYDVR0OBBYEFN0qmkdee5fhvvz85HPHKgjrRxwaMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggFDBggrBgEFBQcBCwSCATUwggExMGAGCCsGAQUFBzAFhlRy
c3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2ZlMzcw
OGEwLTY3ZDUtNGFjMi1hYmM0LWEzMzI1OTBiOTlhZi8xMDgwgY4GCCsGAQUFBzAK
hoGBcnN5bmM6Ly9yc3luYy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9m
ZTM3MDhhMC02N2Q1LTRhYzItYWJjNC1hMzMyNTkwYjk5YWYvMTA4L0REMkE5QTQ3
NUU3Qjk3RTFCRUZDRkNFNDczQzcyQTA4RUI0NzFDMUEubWZ0MDwGCCsGAQUFBzAN
hjBodHRwczovL3JyZHAucGFhcy5ycGtpLnJpcGUubmV0L25vdGlmaWNhdGlvbi54
bWwwWQYDVR0fBFIwUDBOoEygSoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9z
aXRvcnkvREVGQVVMVC9LcFNvM1ZWSzV3RUhJSm5IQzJRSFZWM2Q1bWsuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwgYIGCCsGAQUFBwEHAQH/BHMwcTBgBAIA
ATBaAwQCAjjsAwQCAjucAwQCBbXMAwQCLQikAwQCLQtQAwQCLQ7AAwQCLVX4AwQC
LVjcAwQCLV00AwQCLYa8AwQCLYrMAwQBW+X0AwQBW+ZuAwQCXHYwAwQAwQWXMA0E
AgACMAcDBQMqCabAMA0GCSqGSIb3DQEBCwUAA4IBAQBYDjNZ4j8oMsEnMJ1C6NAT
jj8xZ+Lcl62F/GOQ9XLwDzUMaLT81x3b0l8iUWzsVSEuTpQkt/0gx4WGBbIAWp2v
TSz+40eEje5/R6vvaL/1SiLyqi0Q9yn8MqNcQkRgC4OCdCcdAQpHH0S/m6jFhlvK
atXVt2XhZa8WeCzmhxFX6ubNhbCPokv08lhynRCjsAAP3DUGIIWkpWMkScyCO2+4
SEel4u3O/DPyeXBiYrcDHoPwvTRT9zfjBWMYTqgg/qyc+ACUwoW+Fk1+H+alxMES
ukLtrDcjsGymg90/DqVJAfoZXlvTKSzmMYvoLd68i3dUNDRMv8XJbxs8japty5YN
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:03:46 2024 by rpki-client on console-ams.rpki-client.org