Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/IKmjTL0VwgOP9vH3EQgZiJIX-k0.cer
File:                     IKmjTL0VwgOP9vH3EQgZiJIX-k0.cer (raw, json)
Hash identifier:          DvfxHHLxtVaxTJ88ipqvgnYrIl8JCNnE+A7efVf6x28=
Subject key identifier:   20:A9:A3:4C:BD:15:C2:03:8F:F6:F1:F7:11:08:19:88:92:17:FA:4D
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01856B635B59EDF43044BA5399529EE20A25
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/48/ee8b47-e98c-4c6d-a73e-43ca3646a5a9/1/IKmjTL0VwgOP9vH3EQgZiJIX-k0.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/48/ee8b47-e98c-4c6d-a73e-43ca3646a5a9/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Sun 01 Jan 2023 03:32:31 +0000
Certificate not after:    Mon 01 Jul 2024 00:00:00 +0000
Subordinate resources:    AS: 210461
                          AS: 210925
                          AS: 211509
                          IP: 185.1.225.0/24
                          IP: 2001:678:3f4::/48
                          IP: 2001:7f8:11f::/48

Validation:               Failed, certificate revoked on Wed 19 Apr 2023 12:32:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6b:63:5b:59:ed:f4:30:44:ba:53:99:52:9e:e2:0a:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 03:32:31 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=20a9a34cbd15c2038ff6f1f7110819889217fa4d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:07:20:57:9d:92:6c:c8:33:67:85:56:e8:97:
                    a2:33:c3:5a:01:79:89:cf:ae:18:fb:35:67:59:4d:
                    eb:19:8f:ee:dd:6b:1d:bd:aa:60:b7:98:1d:eb:50:
                    cf:40:e9:f6:45:f7:54:aa:ea:e5:3b:39:3a:73:84:
                    6b:84:1a:b5:54:5e:2f:c9:0b:39:71:67:64:0d:43:
                    3c:b4:ec:7e:2a:f5:c6:1b:a5:c1:f9:38:ea:20:75:
                    4e:01:4a:92:71:a6:db:9c:3a:2f:3e:6b:94:c3:03:
                    43:83:50:e4:35:be:74:f9:6f:1a:88:49:e2:d5:9d:
                    3a:a6:e3:01:ab:d8:b5:f0:4b:46:af:29:6a:f2:67:
                    14:41:6e:82:be:d0:f5:82:3a:12:1f:2a:bc:d3:08:
                    fb:a5:45:81:b6:c5:76:ba:bd:8f:f1:89:95:f4:74:
                    6b:fd:b8:36:19:33:7d:21:05:e4:45:c8:62:bf:eb:
                    3e:c4:44:f3:b2:d1:a4:3d:4c:d6:9d:3b:ec:96:09:
                    54:3a:9c:75:0d:cc:42:c3:cd:8c:d0:2c:50:35:b9:
                    26:1c:68:ed:14:07:26:bb:c4:24:0e:a9:ba:e7:af:
                    ea:26:37:03:ba:d3:87:da:18:1c:d4:49:fa:88:0f:
                    dd:c5:f8:5f:07:a4:b8:04:64:a0:9c:2e:f2:ca:14:
                    f0:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:A9:A3:4C:BD:15:C2:03:8F:F6:F1:F7:11:08:19:88:92:17:FA:4D
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/ee8b47-e98c-4c6d-a73e-43ca3646a5a9/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/ee8b47-e98c-4c6d-a73e-43ca3646a5a9/1/IKmjTL0VwgOP9vH3EQgZiJIX-k0.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.1.225.0/24
                IPv6:
                  2001:678:3f4::/48
                  2001:7f8:11f::/48

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  210461
                  210925
                  211509

    Signature Algorithm: sha256WithRSAEncryption
         63:b8:df:10:8c:7f:27:71:c3:ac:d8:9b:be:74:c8:cd:e6:bf:
         92:cb:f9:fa:d4:ee:ac:c4:e7:d7:a5:4b:38:9a:3d:ac:69:5e:
         42:5c:de:50:e7:f7:54:a6:43:8c:1d:2d:f2:7d:2d:bb:6e:18:
         af:19:0a:c7:8b:f5:12:92:4a:5e:a4:6a:25:67:a1:92:86:50:
         1f:d1:e0:fd:31:ca:5e:c7:53:55:2b:23:38:eb:74:37:0f:fb:
         98:11:5f:52:18:44:14:6d:94:18:95:5b:9c:68:e1:e5:41:e2:
         6e:f7:8e:1d:c8:54:6f:59:ee:28:43:64:6f:e0:c0:db:29:4a:
         73:1d:aa:43:ab:ae:39:96:20:33:8f:bd:b1:51:59:8b:eb:97:
         4a:43:af:80:bd:6b:74:64:eb:37:33:6d:bd:66:08:d8:8b:d3:
         3c:4d:b8:e0:ce:52:49:5b:08:00:b1:8f:72:0f:41:00:51:70:
         f7:df:d1:82:d8:e8:da:bb:c1:b5:17:4a:20:2b:15:56:1f:21:
         b7:95:c0:7f:0b:43:cb:27:a5:12:02:de:ce:b2:77:16:85:02:
         05:ab:a3:59:2c:3e:ce:aa:28:31:cc:a5:40:91:cf:c8:fc:7a:
         e2:97:7f:cb:24:57:59:3d:97:31:3d:f7:48:0e:be:ac:28:58:
         e0:69:57:2c
-----BEGIN CERTIFICATE-----
MIIFuDCCBKCgAwIBAgISAYVrY1tZ7fQwRLpTmVKe4golMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjMwMTAxMDMzMjMxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMGE5YTM0Y2JkMTVjMjAzOGZmNmYxZjcxMTA4MTk4ODkyMTdmYTRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0gcgV52SbMgzZ4VW6JeiM8NaAXmJ
z64Y+zVnWU3rGY/u3Wsdvapgt5gd61DPQOn2RfdUqurlOzk6c4RrhBq1VF4vyQs5
cWdkDUM8tOx+KvXGG6XB+TjqIHVOAUqScabbnDovPmuUwwNDg1DkNb50+W8aiEni
1Z06puMBq9i18EtGrylq8mcUQW6CvtD1gjoSHyq80wj7pUWBtsV2ur2P8YmV9HRr
/bg2GTN9IQXkRchiv+s+xETzstGkPUzWnTvslglUOpx1DcxCw82M0CxQNbkmHGjt
FAcmu8QkDqm656/qJjcDutOH2hgc1En6iA/dxfhfB6S4BGSgnC7yyhTwVwIDAQAB
o4ICxDCCAsAwHQYDVR0OBBYEFCCpo0y9FcIDj/bx9xEIGYiSF/pNMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzQ4L2VlOGI0
Ny1lOThjLTRjNmQtYTczZS00M2NhMzY0NmE1YTkvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDgvZWU4YjQ3
LWU5OGMtNGM2ZC1hNzNlLTQzY2EzNjQ2YTVhOS8xL0lLbWpUTDBWd2dPUDl2SDNF
UWdaaUpJWC1rMC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDkGCCsGAQUF
BwEHAQH/BCowKDAMBAIAATAGAwQAuQHhMBgEAgACMBIDBwAgAQZ4A/QDBwAgAQf4
AR8wJAYIKwYBBQUHAQgBAf8EFTAToBEwDwIDAzYdAgMDN+0CAwM6NTANBgkqhkiG
9w0BAQsFAAOCAQEAY7jfEIx/J3HDrNibvnTIzea/ksv5+tTurMTn16VLOJo9rGle
QlzeUOf3VKZDjB0t8n0tu24YrxkKx4v1EpJKXqRqJWehkoZQH9Hg/THKXsdTVSsj
OOt0Nw/7mBFfUhhEFG2UGJVbnGjh5UHibveOHchUb1nuKENkb+DA2ylKcx2qQ6uu
OZYgM4+9sVFZi+uXSkOvgL1rdGTrNzNtvWYI2IvTPE244M5SSVsIALGPcg9BAFFw
99/Rgtjo2rvBtRdKICsVVh8ht5XAfwtDyyelEgLezrJ3FoUCBaujWSw+zqooMcyl
QJHPyPx64pd/yyRXWT2XMT33SA6+rChY4GlXLA==
-----END CERTIFICATE-----