Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/IYFM8so-F5k0nM1Mfmp21j-DSj0.cer
File:                     IYFM8so-F5k0nM1Mfmp21j-DSj0.cer (raw, json)
Hash identifier:          PPStlOdbiZQXFO1l4KGTwF88fF3ej8UuzjAXnQQHy0M=
Subject key identifier:   21:81:4C:F2:CA:3E:17:99:34:9C:CD:4C:7E:6A:76:D6:3F:83:4A:3D
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01856D897F9D9199759065C70DC32D876771
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/18/01f853-d445-4ace-a8d8-22701b4bb407/1/IYFM8so-F5k0nM1Mfmp21j-DSj0.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/18/01f853-d445-4ace-a8d8-22701b4bb407/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Sun 01 Jan 2023 13:33:25 +0000
Certificate not after:    Mon 01 Jul 2024 00:00:00 +0000
Subordinate resources:    AS: 57238
                          IP: 45.80.4.0/22
                          IP: 45.132.96.0/22
                          IP: 45.146.104.0/22
                          IP: 82.118.24.0/21
                          IP: 92.114.4.0/23
                          IP: 141.98.72.0/22
                          IP: 212.2.236.0/22
                          IP: 213.225.236.0/22
                          IP: 2a03:2780::/32

Validation:               Failed, certificate revoked on Fri 28 Apr 2023 14:17:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6d:89:7f:9d:91:99:75:90:65:c7:0d:c3:2d:87:67:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 13:33:25 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=21814cf2ca3e1799349ccd4c7e6a76d63f834a3d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:ec:af:9b:97:b6:16:b1:ef:af:d4:47:21:f2:
                    86:f4:85:69:96:58:bc:da:18:c4:78:6f:0d:df:b0:
                    9a:d9:ae:3d:2b:38:cd:95:81:2f:01:1b:3d:c0:1d:
                    d7:90:18:65:e2:de:db:24:4b:02:df:80:f2:f0:82:
                    7c:a8:2a:04:f4:bd:6c:3d:55:8e:5b:99:11:ce:1b:
                    fc:f2:bf:77:41:00:e6:8b:40:96:d3:66:d6:de:0b:
                    21:6f:3c:d2:80:da:a5:3b:f0:44:a7:b8:9b:c2:1d:
                    7a:b5:d6:37:0a:cf:10:29:9d:46:05:29:8c:bc:4f:
                    d0:2b:6c:5a:35:06:a1:bb:6d:99:ef:0d:eb:a5:fe:
                    7f:5f:49:0c:fe:bf:41:10:4c:2d:2e:8d:82:7e:94:
                    fc:de:28:1e:6a:2c:f8:5f:56:7a:02:0f:e2:1d:b0:
                    77:19:53:dd:17:7b:10:d0:44:7b:79:ff:49:70:36:
                    94:37:c7:e0:98:83:5e:c4:23:b0:25:21:ca:40:6c:
                    0b:f4:7e:89:f1:50:39:e5:05:25:11:ed:38:a3:04:
                    c3:3c:79:e3:40:2d:43:f2:5a:a1:e9:80:e1:ab:6f:
                    dd:53:b6:dc:46:3b:30:75:d2:8e:9a:d3:be:9c:76:
                    e7:d4:d9:ef:16:40:7f:0a:a3:17:a2:ef:84:67:9b:
                    be:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:81:4C:F2:CA:3E:17:99:34:9C:CD:4C:7E:6A:76:D6:3F:83:4A:3D
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/01f853-d445-4ace-a8d8-22701b4bb407/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/01f853-d445-4ace-a8d8-22701b4bb407/1/IYFM8so-F5k0nM1Mfmp21j-DSj0.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.80.4.0/22
                  45.132.96.0/22
                  45.146.104.0/22
                  82.118.24.0/21
                  92.114.4.0/23
                  141.98.72.0/22
                  212.2.236.0/22
                  213.225.236.0/22
                IPv6:
                  2a03:2780::/32

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  57238

    Signature Algorithm: sha256WithRSAEncryption
         25:1d:39:9e:43:83:ad:28:a4:78:c7:07:e6:9e:5f:b4:e1:49:
         40:12:88:3b:12:55:4f:81:27:3b:4d:07:36:32:22:4c:e0:6b:
         eb:a7:8c:d3:2e:94:43:46:2f:c2:81:19:57:7d:6f:d7:45:cd:
         04:d7:90:85:97:5a:95:bb:a0:2b:05:b0:35:26:d1:8a:78:c2:
         08:f6:06:bb:e7:cd:1a:2d:52:e1:b3:9a:4c:a4:e1:f0:b5:47:
         b6:80:04:4f:44:35:e1:b2:03:41:55:ea:8b:7f:76:82:e9:11:
         f7:66:af:5d:6e:b8:48:2d:ab:bb:2a:41:7b:5c:5a:f7:f2:b9:
         3e:fe:28:50:cf:3c:22:97:4c:a2:86:0d:54:70:08:58:ed:56:
         d4:28:38:4d:14:5e:55:f4:89:63:a5:b1:02:b8:68:24:20:78:
         fc:76:76:03:b7:fb:8a:42:00:df:b3:16:c5:7f:55:cb:c9:6c:
         2e:cc:9c:1a:e9:90:3d:12:f2:36:86:f9:e5:62:96:82:8c:dc:
         ff:ad:2e:51:0b:27:63:52:c7:cf:00:64:4f:1c:c9:34:46:fd:
         75:b4:14:00:71:01:66:e4:34:db:50:ce:30:e2:1a:8f:14:59:
         6b:2d:40:bd:84:56:52:62:7a:62:24:10:b7:b4:ae:5a:ba:de:
         b3:34:2a:bc
-----BEGIN CERTIFICATE-----
MIIFzTCCBLWgAwIBAgISAYVtiX+dkZl1kGXHDcMth2dxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjMwMTAxMTMzMzI1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTgxNGNmMmNhM2UxNzk5MzQ5Y2NkNGM3ZTZhNzZkNjNmODM0YTNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy+yvm5e2FrHvr9RHIfKG9IVplli8
2hjEeG8N37Ca2a49KzjNlYEvARs9wB3XkBhl4t7bJEsC34Dy8IJ8qCoE9L1sPVWO
W5kRzhv88r93QQDmi0CW02bW3gshbzzSgNqlO/BEp7ibwh16tdY3Cs8QKZ1GBSmM
vE/QK2xaNQahu22Z7w3rpf5/X0kM/r9BEEwtLo2CfpT83igeaiz4X1Z6Ag/iHbB3
GVPdF3sQ0ER7ef9JcDaUN8fgmINexCOwJSHKQGwL9H6J8VA55QUlEe04owTDPHnj
QC1D8lqh6YDhq2/dU7bcRjswddKOmtO+nHbn1NnvFkB/CqMXou+EZ5u+qwIDAQAB
o4IC2TCCAtUwHQYDVR0OBBYEFCGBTPLKPheZNJzNTH5qdtY/g0o9MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzE4LzAxZjg1
My1kNDQ1LTRhY2UtYThkOC0yMjcwMWI0YmI0MDcvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTgvMDFmODUz
LWQ0NDUtNGFjZS1hOGQ4LTIyNzAxYjRiYjQwNy8xL0lZRk04c28tRjVrMG5NMU1m
bXAyMWotRFNqMC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMFgGCCsGAQUF
BwEHAQH/BEkwRzA2BAIAATAwAwQCLVAEAwQCLYRgAwQCLZJoAwQDUnYYAwQBXHIE
AwQCjWJIAwQC1ALsAwQC1eHsMA0EAgACMAcDBQAqAyeAMBoGCCsGAQUFBwEIAQH/
BAswCaAHMAUCAwDfljANBgkqhkiG9w0BAQsFAAOCAQEAJR05nkODrSikeMcH5p5f
tOFJQBKIOxJVT4EnO00HNjIiTOBr66eM0y6UQ0YvwoEZV31v10XNBNeQhZdalbug
KwWwNSbRinjCCPYGu+fNGi1S4bOaTKTh8LVHtoAET0Q14bIDQVXqi392gukR92av
XW64SC2ruypBe1xa9/K5Pv4oUM88IpdMooYNVHAIWO1W1Cg4TRReVfSJY6WxArho
JCB4/HZ2A7f7ikIA37MWxX9Vy8lsLsycGumQPRLyNob55WKWgozc/60uUQsnY1LH
zwBkTxzJNEb9dbQUAHEBZuQ021DOMOIajxRZay1AvYRWUmJ6YiQQt7SuWrreszQq
vA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:43:22 2024 by rpki-client on console-fra.rpki-client.org