Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/KzhAtdPDUlmByGFhZmed6SDjUPU.cer
File:                     KzhAtdPDUlmByGFhZmed6SDjUPU.cer (raw, json)
Hash identifier:          PA7EhPeJDBAWjkPx7UNqCZrJZL0mqRYFc2uuxIYAGGM=
Subject key identifier:   2B:38:40:B5:D3:C3:52:59:81:C8:61:61:66:67:9D:E9:20:E3:50:F5
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01856D899D89A5BD09E02B7EC31ECCC4E80D
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/ca/2b95ed-9882-42fa-a9f5-ad80e756d256/1/KzhAtdPDUlmByGFhZmed6SDjUPU.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/ca/2b95ed-9882-42fa-a9f5-ad80e756d256/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Sun 01 Jan 2023 13:33:33 +0000
Certificate not after:    Mon 01 Jul 2024 00:00:00 +0000
Subordinate resources:    AS: 197882
                          IP: 31.25.136.0/21
                          IP: 130.255.92.0/22
                          IP: 159.255.160.0/21
                          IP: 185.14.248.0/22
                          IP: 185.101.236.0/22
                          IP: 185.184.196.0/22
                          IP: 2a03:bcc0::/32

Validation:               Failed, certificate revoked on Thu 28 Dec 2023 00:36:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6d:89:9d:89:a5:bd:09:e0:2b:7e:c3:1e:cc:c4:e8:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 13:33:33 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=2b3840b5d3c3525981c8616166679de920e350f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:72:49:37:1b:8e:9f:3f:d4:75:b5:8a:0a:8f:
                    a2:96:ff:ff:16:54:6b:04:2d:5f:38:fb:68:9e:89:
                    36:bc:89:11:89:d7:7b:20:d4:55:dd:7f:13:ae:e9:
                    ae:d7:12:0b:b0:66:8c:3b:59:3f:3a:13:21:a3:47:
                    83:c3:fa:a6:24:80:f2:66:c9:38:fd:18:60:e4:1e:
                    c0:78:40:c0:9a:5e:3d:e3:0a:9f:71:b3:a6:bd:2a:
                    27:5f:4a:2c:8e:85:e1:e6:b9:22:6e:5a:df:45:7c:
                    74:ac:6f:82:24:4e:08:19:18:60:e3:ba:ab:d4:6e:
                    1e:ad:1d:e6:48:28:99:fc:a9:fa:2c:d3:39:eb:a3:
                    da:62:28:0a:66:fc:c1:57:30:7b:07:a7:50:91:ec:
                    b1:a1:f4:73:03:84:c6:92:3b:23:b5:e3:25:d6:9f:
                    35:e1:ee:31:be:de:49:d0:ad:a8:fa:85:d0:aa:12:
                    a7:a4:07:06:c7:dd:48:c5:ad:75:26:08:29:ab:dd:
                    60:71:b9:2d:6b:18:01:78:26:98:cc:fe:f3:42:f5:
                    9a:04:2e:49:8e:32:b3:60:0b:0d:0f:1f:ea:c0:b9:
                    0d:e7:66:45:67:8b:21:a8:53:a6:50:7e:bf:c4:b1:
                    2d:e8:45:eb:e6:0d:b2:b5:af:07:9d:90:c9:e1:63:
                    02:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:38:40:B5:D3:C3:52:59:81:C8:61:61:66:67:9D:E9:20:E3:50:F5
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/2b95ed-9882-42fa-a9f5-ad80e756d256/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/2b95ed-9882-42fa-a9f5-ad80e756d256/1/KzhAtdPDUlmByGFhZmed6SDjUPU.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.25.136.0/21
                  130.255.92.0/22
                  159.255.160.0/21
                  185.14.248.0/22
                  185.101.236.0/22
                  185.184.196.0/22
                IPv6:
                  2a03:bcc0::/32

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  197882

    Signature Algorithm: sha256WithRSAEncryption
         97:75:87:4b:f3:37:9a:cf:d3:cb:6b:fa:77:a9:bf:be:ad:5f:
         50:50:6b:83:63:0d:06:6b:31:ff:16:0b:23:92:f0:4c:fa:db:
         33:84:24:99:db:19:e5:7d:2d:ac:d1:75:e0:38:a6:ed:e9:0c:
         60:d8:85:a4:5a:7f:30:9e:3e:29:ab:f1:c1:da:e7:67:35:8e:
         45:3c:ea:32:99:26:d4:24:88:c5:86:b6:6a:af:0f:ff:b8:14:
         0b:a7:cd:5b:9a:28:83:1c:e0:5a:89:e7:c9:27:05:af:fc:98:
         29:2e:19:dc:dc:99:8e:87:d9:14:d3:8a:da:77:a7:e8:d1:08:
         8d:97:ab:3c:8f:d3:3b:86:14:dc:73:22:6f:9f:e1:da:9d:b6:
         6c:6e:30:31:99:e1:06:bf:44:53:19:d6:7b:ea:e5:1e:d0:48:
         bb:13:98:a0:bd:43:dd:02:43:1e:b3:e4:bd:d9:7d:a1:61:c1:
         19:0e:e8:8a:2f:1f:6b:81:f1:f6:cc:11:01:5b:d6:ba:54:36:
         1b:5f:d9:cc:eb:d0:ee:ef:1d:f6:fa:c5:57:ff:5c:e5:bb:e8:
         fa:03:6d:2f:d7:1b:69:1c:e1:e2:c1:29:00:a5:9d:04:6d:c1:
         a8:22:cb:fd:ca:8a:27:c1:86:30:3a:30:8d:f7:6a:49:83:dc:
         5e:52:c1:46
-----BEGIN CERTIFICATE-----
MIIFwTCCBKmgAwIBAgISAYVtiZ2Jpb0J4Ct+wx7MxOgNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjMwMTAxMTMzMzMzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjM4NDBiNWQzYzM1MjU5ODFjODYxNjE2NjY3OWRlOTIwZTM1MGY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz3JJNxuOnz/UdbWKCo+ilv//FlRr
BC1fOPtonok2vIkRidd7INRV3X8Trumu1xILsGaMO1k/OhMho0eDw/qmJIDyZsk4
/Rhg5B7AeEDAml494wqfcbOmvSonX0osjoXh5rkiblrfRXx0rG+CJE4IGRhg47qr
1G4erR3mSCiZ/Kn6LNM566PaYigKZvzBVzB7B6dQkeyxofRzA4TGkjsjteMl1p81
4e4xvt5J0K2o+oXQqhKnpAcGx91Ixa11Jggpq91gcbktaxgBeCaYzP7zQvWaBC5J
jjKzYAsNDx/qwLkN52ZFZ4shqFOmUH6/xLEt6EXr5g2yta8HnZDJ4WMC2QIDAQAB
o4ICzTCCAskwHQYDVR0OBBYEFCs4QLXTw1JZgchhYWZnnekg41D1MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NhLzJiOTVl
ZC05ODgyLTQyZmEtYTlmNS1hZDgwZTc1NmQyNTYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvY2EvMmI5NWVk
LTk4ODItNDJmYS1hOWY1LWFkODBlNzU2ZDI1Ni8xL0t6aEF0ZFBEVWxtQnlHRmha
bWVkNlNEalVQVS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMEwGCCsGAQUF
BwEHAQH/BD0wOzAqBAIAATAkAwQDHxmIAwQCgv9cAwQDn/+gAwQCuQ74AwQCuWXs
AwQCubjEMA0EAgACMAcDBQAqA7zAMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUCAwME
+jANBgkqhkiG9w0BAQsFAAOCAQEAl3WHS/M3ms/Ty2v6d6m/vq1fUFBrg2MNBmsx
/xYLI5LwTPrbM4QkmdsZ5X0trNF14Dim7ekMYNiFpFp/MJ4+KavxwdrnZzWORTzq
Mpkm1CSIxYa2aq8P/7gUC6fNW5oogxzgWonnyScFr/yYKS4Z3NyZjofZFNOK2nen
6NEIjZerPI/TO4YU3HMib5/h2p22bG4wMZnhBr9EUxnWe+rlHtBIuxOYoL1D3QJD
HrPkvdl9oWHBGQ7oii8fa4Hx9swRAVvWulQ2G1/ZzOvQ7u8d9vrFV/9c5bvo+gNt
L9cbaRzh4sEpAKWdBG3BqCLL/cqKJ8GGMDowjfdqSYPcXlLBRg==
-----END CERTIFICATE-----