Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/NZXHvH5fzXae1uUxEfPF5IkfnaE.cer
File:                     NZXHvH5fzXae1uUxEfPF5IkfnaE.cer (raw, json)
Hash identifier:          fOxGv447vgI3ZW5imJAD3mTY7tXfoPHnhU7tKex4f3k=
Subject key identifier:   35:95:C7:BC:7E:5F:CD:76:9E:D6:E5:31:11:F3:C5:E4:89:1F:9D:A1
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019425FD649DD28CD7D19279B53581CD0F5A
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/4b/01dc3c-d926-4cdf-9787-be044a4df3a0/1/NZXHvH5fzXae1uUxEfPF5IkfnaE.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/4b/01dc3c-d926-4cdf-9787-be044a4df3a0/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 07:49:10 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 201500
                          IP: 185.72.212.0/22
                          IP: 185.236.12.0/22
                          IP: 2a05:39c0::/29
Validation:               Failed, certificate revoked on Wed 12 Feb 2025 11:59:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:64:9d:d2:8c:d7:d1:92:79:b5:35:81:cd:0f:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 07:49:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3595c7bc7e5fcd769ed6e53111f3c5e4891f9da1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:50:4c:b4:89:9d:19:98:fd:f6:a8:a8:2e:a9:
                    26:02:61:d8:e6:6d:87:b8:af:6e:13:c7:ac:1b:63:
                    46:9c:7e:1f:4c:6c:9a:0c:78:2d:75:ce:12:bf:75:
                    0f:28:b6:8d:41:5f:9a:c7:72:c1:71:1a:1a:f3:21:
                    f3:22:a5:5d:de:95:aa:87:0d:02:31:1b:47:d1:93:
                    ac:9e:0c:cc:fc:99:dd:8d:86:c9:77:ad:23:09:ee:
                    4a:f8:9f:50:df:72:4d:58:94:d9:40:ee:0e:83:b3:
                    31:48:13:f0:25:3a:e0:5b:d8:60:c4:34:76:ba:a4:
                    c5:21:ca:65:f5:fd:3f:6b:be:54:5b:ff:7f:22:69:
                    24:80:23:1b:02:5b:cc:20:52:ef:87:93:73:37:34:
                    31:a0:1b:6c:84:ac:7f:31:b8:c4:94:9d:c9:74:24:
                    39:12:78:9d:84:73:fe:4d:39:17:eb:97:06:9e:16:
                    a2:c8:fe:f2:3d:b4:85:90:ba:6c:c5:95:6e:33:aa:
                    24:87:f6:fa:1e:55:1c:74:c9:37:02:b6:4a:3f:40:
                    e9:dc:47:ab:44:4e:1c:a1:42:1f:ec:da:60:c0:04:
                    d0:39:8e:5f:13:d0:6e:3d:ac:41:d0:ab:f1:54:fd:
                    fe:d1:dc:8d:e2:f3:b2:25:70:61:ce:1c:35:8a:35:
                    5c:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:95:C7:BC:7E:5F:CD:76:9E:D6:E5:31:11:F3:C5:E4:89:1F:9D:A1
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/01dc3c-d926-4cdf-9787-be044a4df3a0/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/01dc3c-d926-4cdf-9787-be044a4df3a0/1/NZXHvH5fzXae1uUxEfPF5IkfnaE.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.72.212.0/22
                  185.236.12.0/22
                IPv6:
                  2a05:39c0::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  201500

    Signature Algorithm: sha256WithRSAEncryption
         93:94:2e:4f:cf:38:e1:37:b0:64:96:ec:50:20:4d:9f:0f:1a:
         44:b7:09:e4:d9:9d:ed:79:20:8a:a8:7d:64:cb:e6:e4:4f:13:
         b1:01:7e:29:c5:44:81:79:d6:b5:06:dc:d8:3a:5f:d6:ff:ce:
         05:59:d8:fb:22:d2:f7:50:9f:99:ce:7f:37:25:14:fb:c4:d1:
         95:12:6f:86:6a:31:ba:aa:65:27:e1:77:bb:40:9e:7f:17:6e:
         b3:f2:ca:d5:20:fb:69:24:3b:cf:2f:90:10:fb:8d:8a:63:ec:
         ce:a2:ef:2b:fa:d4:3b:86:12:a1:dc:f6:9d:56:b8:41:7c:38:
         70:07:2e:11:68:54:36:a1:0c:db:78:d1:73:b5:6c:94:ee:48:
         20:d8:6e:01:b0:6c:a6:10:ee:f0:75:55:6f:86:df:b8:ee:b8:
         ef:f6:22:89:57:0a:af:68:f6:60:60:b2:86:d3:35:63:dc:91:
         b6:26:fa:68:36:cb:f8:e4:1c:34:24:a3:98:98:5b:d2:51:77:
         0a:18:ea:91:71:6f:ea:18:53:25:ab:d1:7f:c2:b5:df:a3:99:
         4d:09:b8:80:32:71:1b:23:84:cc:31:65:35:bc:f7:60:23:e5:
         0d:8c:17:8e:3e:be:e1:59:87:9b:81:51:f2:a3:46:74:3f:eb:
         6b:ee:e1:20
-----BEGIN CERTIFICATE-----
MIIFqTCCBJGgAwIBAgISAZQl/WSd0ozX0ZJ5tTWBzQ9aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMDc0OTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTk1YzdiYzdlNWZjZDc2OWVkNmU1MzExMWYzYzVlNDg5MWY5ZGExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq1BMtImdGZj99qioLqkmAmHY5m2H
uK9uE8esG2NGnH4fTGyaDHgtdc4Sv3UPKLaNQV+ax3LBcRoa8yHzIqVd3pWqhw0C
MRtH0ZOsngzM/JndjYbJd60jCe5K+J9Q33JNWJTZQO4Og7MxSBPwJTrgW9hgxDR2
uqTFIcpl9f0/a75UW/9/ImkkgCMbAlvMIFLvh5NzNzQxoBtshKx/MbjElJ3JdCQ5
EnidhHP+TTkX65cGnhaiyP7yPbSFkLpsxZVuM6okh/b6HlUcdMk3ArZKP0Dp3Eer
RE4coUIf7NpgwATQOY5fE9BuPaxB0KvxVP3+0dyN4vOyJXBhzhw1ijVcmQIDAQAB
o4ICtTCCArEwHQYDVR0OBBYEFDWVx7x+X812ntblMRHzxeSJH52hMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzRiLzAxZGMz
Yy1kOTI2LTRjZGYtOTc4Ny1iZTA0NGE0ZGYzYTAvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNGIvMDFkYzNj
LWQ5MjYtNGNkZi05Nzg3LWJlMDQ0YTRkZjNhMC8xL05aWEh2SDVmelhhZTF1VXhF
ZlBGNUlrZm5hRS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDQGCCsGAQUF
BwEHAQH/BCUwIzASBAIAATAMAwQCuUjUAwQCuewMMA0EAgACMAcDBQMqBTnAMBoG
CCsGAQUFBwEIAQH/BAswCaAHMAUCAwMTHDANBgkqhkiG9w0BAQsFAAOCAQEAk5Qu
T8844TewZJbsUCBNnw8aRLcJ5Nmd7Xkgiqh9ZMvm5E8TsQF+KcVEgXnWtQbc2Dpf
1v/OBVnY+yLS91Cfmc5/NyUU+8TRlRJvhmoxuqplJ+F3u0Cefxdus/LK1SD7aSQ7
zy+QEPuNimPszqLvK/rUO4YSodz2nVa4QXw4cAcuEWhUNqEM23jRc7VslO5IINhu
AbBsphDu8HVVb4bfuO647/YiiVcKr2j2YGCyhtM1Y9yRtib6aDbL+OQcNCSjmJhb
0lF3ChjqkXFv6hhTJavRf8K136OZTQm4gDJxGyOEzDFlNbz3YCPlDYwXjj6+4VmH
m4FR8qNGdD/ra+7hIA==
-----END CERTIFICATE-----