Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/Iym9J0Fhg8UB5nO78ppxppi0HEc.cer
File:                     Iym9J0Fhg8UB5nO78ppxppi0HEc.cer (raw, json)
Hash identifier:          lurByVLKurCXBqitV3U1OkCaCSsVi5CdTIIeEX1/Hpw=
Subject key identifier:   23:29:BD:27:41:61:83:C5:01:E6:73:BB:F2:9A:71:A6:98:B4:1C:47
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01887C2671B24E9A3B3CB87C4EB1D35A142E
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rsync.paas.rpki.ripe.net/repository/b17479d1-95d8-4a14-8ee2-de100c66774c/0/2329BD27416183C501E673BBF29A71A698B41C47.mft
caRepository:             rsync://rsync.paas.rpki.ripe.net/repository/b17479d1-95d8-4a14-8ee2-de100c66774c/0/
Notify URL:               https://rrdp.paas.rpki.ripe.net/notification.xml
Certificate not before:   Fri 02 Jun 2023 12:47:54 +0000
Certificate not after:    Mon 01 Jul 2024 00:00:00 +0000
Subordinate resources:    AS: 39619
                          AS: 41186
                          AS: 48028
                          AS: 209675
                          IP: 5.181.180.0/22
                          IP: 185.176.92.0/22
                          IP: 185.216.104.0/22
                          IP: 185.229.220.0/22
                          IP: 2a04:a700::/29
                          IP: 2a05:5480::/29
                          IP: 2a06:88c0::/29
                          IP: 2a09:dc80::/29
                          IP: 2a0b:b5c0::/29
                          IP: 2a0d:d200::/29
                          IP: 2a0e:a000::/29

Validation:               Failed, certificate revoked on Wed 07 Jun 2023 06:45:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:7c:26:71:b2:4e:9a:3b:3c:b8:7c:4e:b1:d3:5a:14:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jun  2 12:47:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=2329bd27416183c501e673bbf29a71a698b41c47
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:e1:58:14:61:b6:3a:7c:a8:ad:4b:a8:06:12:
                    60:e2:be:3d:ea:0f:1a:c0:b3:f9:8b:a4:e9:79:49:
                    8f:5e:a1:fe:1b:94:2e:d4:d7:6f:26:f6:2b:2c:f7:
                    18:5b:dc:54:7d:4d:9f:54:c4:e9:c9:6e:17:10:8c:
                    e8:c7:8b:c3:cc:3a:07:a9:d9:39:e2:b6:21:d7:33:
                    9e:65:ac:08:be:db:01:d2:8c:68:19:87:ad:2c:41:
                    ea:90:2c:7f:e1:3d:a9:11:2b:e5:0e:54:bd:16:5c:
                    9c:f7:f9:b5:d5:5d:3e:8d:48:1f:db:16:54:11:13:
                    01:06:4c:0a:2f:08:23:9b:a6:05:2b:9d:a4:0a:47:
                    be:2b:52:cb:86:a0:c7:1c:6f:6f:3d:58:a3:4f:d2:
                    57:b4:52:85:30:31:0e:37:85:94:dd:d2:cb:54:a0:
                    76:67:0a:55:27:c0:cf:0f:9a:fe:3f:23:5d:b4:37:
                    50:44:c4:97:03:73:78:e2:ee:94:a1:64:b8:e9:8d:
                    68:bc:a4:6e:d5:5b:9d:dd:6e:4e:d8:38:93:02:57:
                    81:7d:98:bd:8a:6d:bb:85:f8:6d:d9:a4:5b:69:5c:
                    0d:7c:71:78:bf:fc:d9:0a:8b:96:91:85:fb:5a:4a:
                    90:aa:85:80:81:79:8c:d7:47:e5:8f:c1:ed:84:03:
                    fa:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:29:BD:27:41:61:83:C5:01:E6:73:BB:F2:9A:71:A6:98:B4:1C:47
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rsync.paas.rpki.ripe.net/repository/b17479d1-95d8-4a14-8ee2-de100c66774c/0/
                RPKI Manifest - URI:rsync://rsync.paas.rpki.ripe.net/repository/b17479d1-95d8-4a14-8ee2-de100c66774c/0/2329BD27416183C501E673BBF29A71A698B41C47.mft
                RPKI Notify - URI:https://rrdp.paas.rpki.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.181.180.0/22
                  185.176.92.0/22
                  185.216.104.0/22
                  185.229.220.0/22
                IPv6:
                  2a04:a700::/29
                  2a05:5480::/29
                  2a06:88c0::/29
                  2a09:dc80::/29
                  2a0b:b5c0::/29
                  2a0d:d200::/29
                  2a0e:a000::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  39619
                  41186
                  48028
                  209675

    Signature Algorithm: sha256WithRSAEncryption
         b0:15:7a:81:0f:9a:c2:79:b7:7d:a4:6d:50:91:b0:27:1d:9a:
         ac:d6:06:75:90:f2:33:3a:e6:0f:b3:37:20:ba:5b:2b:8c:1f:
         0b:51:02:0c:08:c0:27:31:9b:b8:0d:e7:66:ee:b0:8e:e1:fc:
         d8:9e:96:a6:f4:59:b2:42:5a:65:8e:69:15:d9:96:db:7c:29:
         ff:7f:f3:94:93:f7:15:d7:82:b4:90:c8:e2:6a:d8:73:fa:f8:
         e0:d2:a4:26:76:ca:08:29:81:a2:e6:28:88:1a:f7:93:10:11:
         32:fe:9c:10:30:7b:09:1b:43:a6:c3:12:be:47:43:e5:2a:8b:
         89:af:62:49:10:95:97:d0:9d:63:29:99:f8:76:27:eb:45:f6:
         c5:8a:00:89:3f:98:99:f1:9c:86:d5:9a:39:be:2a:15:17:6d:
         55:fd:3d:b0:f5:9e:a7:b7:9c:ec:6f:88:04:12:c9:82:54:b3:
         6c:40:e0:e2:36:54:5a:9f:cb:2d:9c:d5:68:16:84:f8:c6:61:
         00:61:4d:1b:7e:a7:6c:97:d5:9d:b4:c9:41:64:6e:67:46:97:
         35:09:b5:95:7b:9b:3f:84:6e:8f:a0:1a:8b:ec:43:2e:2e:13:
         13:d8:6e:75:0e:05:f5:e6:bc:76:f5:4e:be:dd:8c:e3:43:c8:
         31:77:93:69
-----BEGIN CERTIFICATE-----
MIIGCjCCBPKgAwIBAgISAYh8JnGyTpo7PLh8TrHTWhQuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjMwNjAyMTI0NzU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzI5YmQyNzQxNjE4M2M1MDFlNjczYmJmMjlhNzFhNjk4YjQxYzQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyeFYFGG2OnyorUuoBhJg4r496g8a
wLP5i6TpeUmPXqH+G5Qu1NdvJvYrLPcYW9xUfU2fVMTpyW4XEIzox4vDzDoHqdk5
4rYh1zOeZawIvtsB0oxoGYetLEHqkCx/4T2pESvlDlS9Flyc9/m11V0+jUgf2xZU
ERMBBkwKLwgjm6YFK52kCke+K1LLhqDHHG9vPVijT9JXtFKFMDEON4WU3dLLVKB2
ZwpVJ8DPD5r+PyNdtDdQRMSXA3N44u6UoWS46Y1ovKRu1Vud3W5O2DiTAleBfZi9
im27hfht2aRbaVwNfHF4v/zZCouWkYX7WkqQqoWAgXmM10flj8HthAP6HQIDAQAB
o4IDFjCCAxIwHQYDVR0OBBYEFCMpvSdBYYPFAeZzu/KacaaYtBxHMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggE/BggrBgEFBQcBCwSCATEwggEtMF8GCCsGAQUFBzAFhlNy
c3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2IxNzQ3
OWQxLTk1ZDgtNGExNC04ZWUyLWRlMTAwYzY2Nzc0Yy8wLzCBiwYIKwYBBQUHMAqG
f3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYjE3
NDc5ZDEtOTVkOC00YTE0LThlZTItZGUxMDBjNjY3NzRjLzAvMjMyOUJEMjc0MTYx
ODNDNTAxRTY3M0JCRjI5QTcxQTY5OEI0MUM0Ny5tZnQwPAYIKwYBBQUHMA2GMGh0
dHBzOi8vcnJkcC5wYWFzLnJwa2kucmlwZS5uZXQvbm90aWZpY2F0aW9uLnhtbDBZ
BgNVHR8EUjBQME6gTKBKhkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS9ERUZBVUxUL0twU28zVlZLNXdFSElKbkhDMlFIVlYzZDVtay5jcmwwGAYDVR0g
AQH/BA4wDDAKBggrBgEFBQcOAjBqBggrBgEFBQcBBwEB/wRbMFkwHgQCAAEwGAME
AgW1tAMEArmwXAMEArnYaAMEArnl3DA3BAIAAjAxAwUDKgSnAAMFAyoFVIADBQMq
BojAAwUDKgncgAMFAyoLtcADBQMqDdIAAwUDKg6gADApBggrBgEFBQcBCAEB/wQa
MBigFjAUAgMAmsMCAwCg4gIDALucAgMDMwswDQYJKoZIhvcNAQELBQADggEBALAV
eoEPmsJ5t32kbVCRsCcdmqzWBnWQ8jM65g+zNyC6WyuMHwtRAgwIwCcxm7gN52bu
sI7h/Nielqb0WbJCWmWOaRXZltt8Kf9/85ST9xXXgrSQyOJq2HP6+ODSpCZ2yggp
gaLmKIga95MQETL+nBAwewkbQ6bDEr5HQ+Uqi4mvYkkQlZfQnWMpmfh2J+tF9sWK
AIk/mJnxnIbVmjm+KhUXbVX9PbD1nqe3nOxviAQSyYJUs2xA4OI2VFqfyy2c1WgW
hPjGYQBhTRt+p2yX1Z20yUFkbmdGlzUJtZV7mz+Ebo+gGovsQy4uExPYbnUOBfXm
vHb1Tr7djONDyDF3k2k=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:29:49 2024 by rpki-client on console-ams.rpki-client.org