Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3hIyQS7a_zS12ArRi9iocZ5cjc4.cer
File:                     3hIyQS7a_zS12ArRi9iocZ5cjc4.cer (raw, json)
Hash identifier:          TnWwQ0/UxNQL8b/JsWDkgvcFQhcU8nGwaJLNOSihcU0=
Subject key identifier:   DE:12:32:41:2E:DA:FF:34:B5:D8:0A:D1:8B:D8:A8:71:9E:5C:8D:CE
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01887DC0BED08D53FF3916A87A418198E4EF
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rsync.paas.rpki.ripe.net/repository/01aa738f-59da-4a81-84fb-b7c7c38e3d44/0/DE1232412EDAFF34B5D80AD18BD8A8719E5C8DCE.mft
caRepository:             rsync://rsync.paas.rpki.ripe.net/repository/01aa738f-59da-4a81-84fb-b7c7c38e3d44/0/
Notify URL:               https://rrdp.paas.rpki.ripe.net/notification.xml
Certificate not before:   Fri 02 Jun 2023 20:16:03 +0000
Certificate not after:    Mon 01 Jul 2024 00:00:00 +0000
Subordinate resources:    IP: 193.163.127.0/24

Validation:               Failed, certificate revoked on Wed 21 Jun 2023 13:46:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:7d:c0:be:d0:8d:53:ff:39:16:a8:7a:41:81:98:e4:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jun  2 20:16:03 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=de1232412edaff34b5d80ad18bd8a8719e5c8dce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:68:b4:9f:6e:c4:29:94:fd:7f:b8:e1:bc:21:
                    f8:ee:77:e9:6d:72:0f:07:d8:ed:96:33:03:e6:6f:
                    b8:10:08:c6:d6:7a:a0:c0:50:12:d9:5f:48:b1:57:
                    64:43:f8:e4:92:f5:42:84:27:e4:a7:fa:00:c7:82:
                    61:1f:b0:f8:5b:bf:d1:6f:9c:2a:37:f2:c4:b2:44:
                    f2:17:11:44:ce:15:c9:e8:29:c6:50:b9:b2:98:b3:
                    1a:59:ad:c5:fd:e6:7c:be:2a:0a:39:72:d4:7f:83:
                    74:12:5e:79:15:e6:cd:a5:d5:f3:fe:e5:47:f4:43:
                    e4:29:62:1b:6f:52:86:29:46:9d:72:f8:94:4b:05:
                    62:4f:d3:20:ac:6b:d4:2f:cd:7c:f5:fa:93:ea:34:
                    cf:36:df:ba:d8:a2:92:51:c7:96:8f:a6:df:1c:33:
                    b9:fe:f1:99:a8:2e:60:17:61:f7:42:14:bc:9b:a0:
                    3a:83:c0:b8:36:f8:c7:47:3b:69:4b:cb:2f:83:88:
                    59:04:11:fe:d1:74:c3:0b:e1:db:e3:e7:2f:32:e7:
                    51:20:ca:90:20:90:f8:0c:41:8e:fc:bf:38:93:9b:
                    58:8a:4b:a9:0b:bf:4f:09:8f:f0:f3:66:d7:18:b4:
                    37:4c:90:18:bf:27:9e:60:8d:88:97:31:fb:74:4a:
                    ef:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:12:32:41:2E:DA:FF:34:B5:D8:0A:D1:8B:D8:A8:71:9E:5C:8D:CE
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rsync.paas.rpki.ripe.net/repository/01aa738f-59da-4a81-84fb-b7c7c38e3d44/0/
                RPKI Manifest - URI:rsync://rsync.paas.rpki.ripe.net/repository/01aa738f-59da-4a81-84fb-b7c7c38e3d44/0/DE1232412EDAFF34B5D80AD18BD8A8719E5C8DCE.mft
                RPKI Notify - URI:https://rrdp.paas.rpki.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.163.127.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:bb:b4:1a:4b:12:69:bd:ee:25:86:85:3c:db:fb:a6:3e:2c:
         cf:43:96:7d:e9:6f:72:7c:2a:07:17:c4:84:9a:a0:6c:8a:4a:
         1c:9e:a2:38:52:1b:78:af:cd:a8:b2:1b:85:73:98:df:51:83:
         7a:cb:ff:56:cb:01:d1:9c:84:8c:0f:dd:a2:61:4e:0a:09:bd:
         f5:54:25:7d:6f:51:c6:40:f2:19:63:b2:a4:4e:2c:61:39:5f:
         db:64:f6:f4:a9:a5:bd:d8:55:f9:99:de:cb:8a:34:82:f0:3b:
         9b:10:2d:80:25:cd:2b:c0:a4:0e:c0:ef:8a:19:b8:c0:c9:95:
         b5:9b:11:fd:86:db:31:72:a3:03:d7:b8:00:df:a8:12:d1:eb:
         b2:0a:74:33:fd:4e:73:b8:d5:14:1f:68:4e:76:48:52:e2:53:
         ff:ae:2b:26:de:ad:d9:9f:82:1c:c4:68:65:84:8b:90:c3:3b:
         de:ac:8a:96:89:7e:2c:da:b2:51:03:da:71:47:6d:d2:5a:07:
         01:b0:8d:b5:40:a4:31:58:20:d5:64:ea:71:4e:ec:43:51:9b:
         59:26:8b:46:ad:80:10:40:df:83:9d:72:31:31:51:72:68:7f:
         5e:9c:13:87:16:a9:b0:26:27:5e:4f:c6:42:41:1d:55:f3:56:
         51:4c:48:d3
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAYh9wL7QjVP/ORaoekGBmOTvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjMwNjAyMjAxNjAzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTEyMzI0MTJlZGFmZjM0YjVkODBhZDE4YmQ4YTg3MTllNWM4ZGNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Gi0n27EKZT9f7jhvCH47nfpbXIP
B9jtljMD5m+4EAjG1nqgwFAS2V9IsVdkQ/jkkvVChCfkp/oAx4JhH7D4W7/Rb5wq
N/LEskTyFxFEzhXJ6CnGULmymLMaWa3F/eZ8vioKOXLUf4N0El55FebNpdXz/uVH
9EPkKWIbb1KGKUadcviUSwViT9MgrGvUL8189fqT6jTPNt+62KKSUceWj6bfHDO5
/vGZqC5gF2H3QhS8m6A6g8C4NvjHRztpS8svg4hZBBH+0XTDC+Hb4+cvMudRIMqQ
IJD4DEGO/L84k5tYikupC79PCY/w82bXGLQ3TJAYvyeeYI2IlzH7dErvIwIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFN4SMkEu2v80tdgK0YvYqHGeXI3OMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggE/BggrBgEFBQcBCwSCATEwggEtMF8GCCsGAQUFBzAFhlNy
c3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzAxYWE3
MzhmLTU5ZGEtNGE4MS04NGZiLWI3YzdjMzhlM2Q0NC8wLzCBiwYIKwYBBQUHMAqG
f3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMDFh
YTczOGYtNTlkYS00YTgxLTg0ZmItYjdjN2MzOGUzZDQ0LzAvREUxMjMyNDEyRURB
RkYzNEI1RDgwQUQxOEJEOEE4NzE5RTVDOERDRS5tZnQwPAYIKwYBBQUHMA2GMGh0
dHBzOi8vcnJkcC5wYWFzLnJwa2kucmlwZS5uZXQvbm90aWZpY2F0aW9uLnhtbDBZ
BgNVHR8EUjBQME6gTKBKhkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS9ERUZBVUxUL0twU28zVlZLNXdFSElKbkhDMlFIVlYzZDVtay5jcmwwGAYDVR0g
AQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgME
AMGjfzANBgkqhkiG9w0BAQsFAAOCAQEAPbu0GksSab3uJYaFPNv7pj4sz0OWfelv
cnwqBxfEhJqgbIpKHJ6iOFIbeK/NqLIbhXOY31GDesv/VssB0ZyEjA/domFOCgm9
9VQlfW9RxkDyGWOypE4sYTlf22T29KmlvdhV+Zney4o0gvA7mxAtgCXNK8CkDsDv
ihm4wMmVtZsR/YbbMXKjA9e4AN+oEtHrsgp0M/1Oc7jVFB9oTnZIUuJT/64rJt6t
2Z+CHMRoZYSLkMM73qyKlol+LNqyUQPacUdt0loHAbCNtUCkMVgg1WTqcU7sQ1Gb
WSaLRq2AEEDfg51yMTFRcmh/XpwThxapsCYnXk/GQkEdVfNWUUxI0w==
-----END CERTIFICATE-----