Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/D2Fhj81KxkJAsVwd-jbmcQMXWa0.cer
File:                     D2Fhj81KxkJAsVwd-jbmcQMXWa0.cer (raw, json)
Hash identifier:          or8/pTpTp6cZCmsiYb/pElv1Ez0+iO7fwxVuCsEAMmw=
Subject key identifier:   0F:61:61:8F:CD:4A:C6:42:40:B1:5C:1D:FA:36:E6:71:03:17:59:AD
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01856C3E9632B9A6008235CDBAB54A26B82E
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/3c/c758a2-e70c-4e3e-a6b2-dcef869046ca/1/D2Fhj81KxkJAsVwd-jbmcQMXWa0.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/3c/c758a2-e70c-4e3e-a6b2-dcef869046ca/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Sun 01 Jan 2023 07:31:59 +0000
Certificate not after:    Mon 01 Jul 2024 00:00:00 +0000
Subordinate resources:    AS: 204938
                          IP: 185.224.0.0/22
                          IP: 2a0c:2200::/29

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6c:3e:96:32:b9:a6:00:82:35:cd:ba:b5:4a:26:b8:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 07:31:59 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=0f61618fcd4ac64240b15c1dfa36e671031759ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:2b:9b:3d:37:81:23:73:23:54:dd:f6:89:08:
                    96:b6:4b:c0:02:99:df:5a:a6:a6:88:b5:13:f1:58:
                    1d:f2:5b:e9:42:77:e4:2f:c7:ea:75:99:6f:0a:38:
                    60:08:02:c8:cd:0c:aa:f7:49:9d:8a:ea:29:17:2f:
                    99:66:00:af:ad:4a:63:85:55:23:ca:02:7d:61:f5:
                    73:fc:dd:ff:33:7d:f0:88:0f:84:49:d9:b6:e9:a4:
                    89:04:dc:ba:33:a7:22:5e:e4:15:07:6e:14:8f:b4:
                    39:ac:a5:6f:c9:75:1b:ba:6f:0c:9f:54:b3:1f:c9:
                    6b:c8:35:f3:a8:5e:93:20:bc:25:56:81:a2:6f:5a:
                    f5:f7:97:ef:83:b1:5d:84:4f:82:6a:0b:7a:01:19:
                    52:34:c2:c4:5d:ee:2a:14:40:82:64:4e:12:eb:77:
                    df:e3:fe:68:c6:6f:54:8b:4c:6b:89:eb:05:37:7c:
                    d0:08:bd:33:23:6f:5e:2d:a4:f0:2f:f5:0c:17:db:
                    9b:f3:9e:2f:e8:cb:f7:fa:e0:d5:e7:54:f0:7b:53:
                    cd:d3:1b:e8:d1:c5:c4:bc:b9:a9:38:93:1c:e8:6c:
                    90:c5:65:a7:72:1c:69:d5:40:5c:5b:e0:d6:19:f4:
                    70:b0:e7:0b:c5:e3:11:a5:61:fb:83:91:b3:83:1e:
                    59:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:61:61:8F:CD:4A:C6:42:40:B1:5C:1D:FA:36:E6:71:03:17:59:AD
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/c758a2-e70c-4e3e-a6b2-dcef869046ca/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/c758a2-e70c-4e3e-a6b2-dcef869046ca/1/D2Fhj81KxkJAsVwd-jbmcQMXWa0.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.224.0.0/22
                IPv6:
                  2a0c:2200::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  204938

    Signature Algorithm: sha256WithRSAEncryption
         71:f0:fc:c4:5b:0f:05:6b:a9:98:74:65:0f:92:fe:2c:24:4c:
         3f:cd:40:cc:83:83:f2:40:6c:a2:c9:4a:bf:6c:e2:63:5b:be:
         e6:2e:7a:0c:fa:54:20:1f:96:fc:4f:e3:af:ff:64:0d:2b:a4:
         35:04:83:8e:ab:c2:72:20:26:40:de:99:56:53:5b:74:de:c8:
         1a:5f:df:75:26:0e:05:dc:d1:a9:b3:0e:b9:03:a3:41:8e:b9:
         1e:19:a4:30:0d:e3:31:2f:49:f9:0e:95:cc:14:3e:36:57:4c:
         25:87:82:91:8b:eb:e7:6f:e8:d4:35:8c:de:7d:ee:50:61:ee:
         a8:fe:08:66:8d:67:aa:13:a1:00:82:99:81:6f:6e:9d:a0:7a:
         42:5d:5a:f7:15:df:ff:c5:d3:d0:2c:a5:3b:31:a7:59:20:0e:
         64:95:9d:34:ed:a5:33:9a:d0:5b:da:78:29:55:d1:d7:8b:a7:
         9b:1c:e4:8a:9d:87:d7:11:02:b0:f5:b2:85:3e:ed:67:7c:56:
         0a:31:90:28:bb:6b:37:85:a3:77:ac:a3:4e:08:2e:30:ef:c2:
         8e:46:cd:19:69:07:ab:9c:1f:ab:fd:eb:0f:7e:65:bc:f1:bd:
         8c:4d:63:83:9f:c0:16:f4:41:81:d4:03:91:d2:ab:98:71:83:
         44:bf:77:51
-----BEGIN CERTIFICATE-----
MIIFozCCBIugAwIBAgISAYVsPpYyuaYAgjXNurVKJrguMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjMwMTAxMDczMTU5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjYxNjE4ZmNkNGFjNjQyNDBiMTVjMWRmYTM2ZTY3MTAzMTc1OWFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4CubPTeBI3MjVN32iQiWtkvAApnf
WqamiLUT8Vgd8lvpQnfkL8fqdZlvCjhgCALIzQyq90mdiuopFy+ZZgCvrUpjhVUj
ygJ9YfVz/N3/M33wiA+ESdm26aSJBNy6M6ciXuQVB24Uj7Q5rKVvyXUbum8Mn1Sz
H8lryDXzqF6TILwlVoGib1r195fvg7FdhE+Cagt6ARlSNMLEXe4qFECCZE4S63ff
4/5oxm9Ui0xriesFN3zQCL0zI29eLaTwL/UMF9ub854v6Mv3+uDV51Twe1PN0xvo
0cXEvLmpOJMc6GyQxWWnchxp1UBcW+DWGfRwsOcLxeMRpWH7g5Gzgx5ZZQIDAQAB
o4ICrzCCAqswHQYDVR0OBBYEFA9hYY/NSsZCQLFcHfo25nEDF1mtMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzNjL2M3NThh
Mi1lNzBjLTRlM2UtYTZiMi1kY2VmODY5MDQ2Y2EvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvM2MvYzc1OGEy
LWU3MGMtNGUzZS1hNmIyLWRjZWY4NjkwNDZjYS8xL0QyRmhqODFLeGtKQXNWd2Qt
amJtY1FNWFdhMC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQCueAAMA0EAgACMAcDBQMqDCIAMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwMgijANBgkqhkiG9w0BAQsFAAOCAQEAcfD8xFsPBWup
mHRlD5L+LCRMP81AzIOD8kBsoslKv2ziY1u+5i56DPpUIB+W/E/jr/9kDSukNQSD
jqvCciAmQN6ZVlNbdN7IGl/fdSYOBdzRqbMOuQOjQY65HhmkMA3jMS9J+Q6VzBQ+
NldMJYeCkYvr52/o1DWM3n3uUGHuqP4IZo1nqhOhAIKZgW9unaB6Ql1a9xXf/8XT
0CylOzGnWSAOZJWdNO2lM5rQW9p4KVXR14unmxzkip2H1xECsPWyhT7tZ3xWCjGQ
KLtrN4Wjd6yjTgguMO/CjkbNGWkHq5wfq/3rD35lvPG9jE1jg5/AFvRBgdQDkdKr
mHGDRL93UQ==
-----END CERTIFICATE-----