Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/X4ZMYBkFLTDvPaV2Rrhg-uSjx20.cer
File:                     X4ZMYBkFLTDvPaV2Rrhg-uSjx20.cer (raw, json)
Hash identifier:          GWd8oHTHU5jFPeP1hckgKoHLqSFR9RryWseDABKCj1M=
Subject key identifier:   5F:86:4C:60:19:05:2D:30:EF:3D:A5:76:46:B8:60:FA:E4:A3:C7:6D
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018F0528876C871746479BED7F621FB6159B
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/16/526ecd-d54c-4686-afc4-617c79105cb2/1/X4ZMYBkFLTDvPaV2Rrhg-uSjx20.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/16/526ecd-d54c-4686-afc4-617c79105cb2/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 22 Apr 2024 09:34:53 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 77.236.98.0/23
                          IP: 88.218.32.0/23
                          IP: 89.40.220.0/23
                          IP: 91.234.104.0/22
                          IP: 95.178.108.0/22
                          IP: 185.121.164.0/22
                          IP: 194.106.208.0/23
                          IP: 195.35.96.0/24
                          IP: 195.133.148.0/22
                          IP: 2a10:780::/29

Validation:               Failed, certificate revoked on Wed 01 May 2024 08:09:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:05:28:87:6c:87:17:46:47:9b:ed:7f:62:1f:b6:15:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Apr 22 09:34:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5f864c6019052d30ef3da57646b860fae4a3c76d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:7a:25:cb:9c:ce:6c:38:43:28:c2:57:0c:2c:
                    3e:ca:a7:ff:22:f9:47:06:10:12:42:40:1f:40:f7:
                    7a:17:59:5f:d6:43:45:86:21:07:b3:e3:91:92:52:
                    5a:8c:55:fd:a7:2c:8c:b7:74:52:93:79:7a:82:be:
                    25:fc:82:07:e4:16:f1:a7:54:87:74:53:1a:d3:27:
                    5a:9c:e3:a5:e2:78:43:7c:8b:8e:c3:0d:24:a5:a6:
                    66:95:7c:bf:ce:ae:7a:26:be:bc:1b:5e:46:34:25:
                    27:13:f1:42:d7:f5:20:30:1e:f8:83:1f:27:9f:67:
                    3c:e2:ab:37:77:d7:58:46:35:46:95:ca:41:65:2e:
                    59:90:52:1d:00:99:77:41:4e:23:85:65:66:04:0b:
                    80:1e:61:f1:a2:4d:5c:19:f7:a7:4c:97:c3:c7:71:
                    99:3e:75:d9:fc:4b:a3:de:57:d1:3e:6a:d6:2f:9c:
                    42:16:35:cf:c6:91:8e:ff:1c:c8:bb:37:ec:e5:bd:
                    5e:48:b9:db:2c:f9:db:15:d9:b9:b7:48:0a:f3:24:
                    07:38:76:fb:37:ac:09:1e:ea:67:ac:70:db:e6:5b:
                    34:5a:d6:1d:cd:29:ee:53:6e:d0:16:b0:42:8b:c4:
                    01:76:23:c7:08:79:15:fb:f4:84:07:c9:5a:09:5a:
                    62:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:86:4C:60:19:05:2D:30:EF:3D:A5:76:46:B8:60:FA:E4:A3:C7:6D
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/526ecd-d54c-4686-afc4-617c79105cb2/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/526ecd-d54c-4686-afc4-617c79105cb2/1/X4ZMYBkFLTDvPaV2Rrhg-uSjx20.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.236.98.0/23
                  88.218.32.0/23
                  89.40.220.0/23
                  91.234.104.0/22
                  95.178.108.0/22
                  185.121.164.0/22
                  194.106.208.0/23
                  195.35.96.0/24
                  195.133.148.0/22
                IPv6:
                  2a10:780::/29

    Signature Algorithm: sha256WithRSAEncryption
         37:f7:9f:3a:36:86:80:c6:1b:2c:0b:7e:de:1d:fe:49:46:37:
         6d:77:b7:5d:86:ab:de:6c:7c:5b:50:99:a8:f3:91:dd:e4:b2:
         4c:4b:05:1b:96:8e:74:be:a7:f6:83:fd:6d:0b:ff:28:2f:69:
         16:77:b2:b0:ee:6c:f9:eb:16:0e:20:86:29:75:4e:1e:a4:57:
         a7:ac:cb:ba:c9:3d:77:79:95:96:36:84:fe:09:29:46:8d:88:
         25:04:8a:d1:50:71:3e:db:fe:57:2a:79:a6:36:22:c0:ce:26:
         5b:bb:3f:36:84:c9:85:24:93:b5:05:8d:b7:98:c8:55:0d:80:
         d4:75:f5:4e:65:32:48:6b:3f:0e:1e:ee:69:11:3c:18:9a:6f:
         ff:9d:c8:f6:2a:08:ad:fa:78:fa:68:27:3f:00:72:bc:7d:88:
         fa:87:65:31:70:5b:26:4e:e3:1f:cc:11:a6:ac:48:59:14:92:
         83:57:7e:ee:f5:73:a7:fe:ca:e3:93:26:fa:63:e1:01:07:f1:
         43:1b:d2:c5:e8:f6:bc:c8:f4:ae:49:e2:ab:17:8b:5c:b6:ad:
         0c:7c:aa:d3:48:68:c3:68:32:88:0a:25:2d:ca:15:2f:78:6c:
         ea:1a:37:69:25:f4:94:fc:fe:fb:63:d0:ef:87:4b:5f:28:8e:
         94:2d:b1:14
-----BEGIN CERTIFICATE-----
MIIFtzCCBJ+gAwIBAgISAY8FKIdshxdGR5vtf2IfthWbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwNDIyMDkzNDUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Zjg2NGM2MDE5MDUyZDMwZWYzZGE1NzY0NmI4NjBmYWU0YTNjNzZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqnoly5zObDhDKMJXDCw+yqf/IvlH
BhASQkAfQPd6F1lf1kNFhiEHs+ORklJajFX9pyyMt3RSk3l6gr4l/IIH5Bbxp1SH
dFMa0ydanOOl4nhDfIuOww0kpaZmlXy/zq56Jr68G15GNCUnE/FC1/UgMB74gx8n
n2c84qs3d9dYRjVGlcpBZS5ZkFIdAJl3QU4jhWVmBAuAHmHxok1cGfenTJfDx3GZ
PnXZ/Euj3lfRPmrWL5xCFjXPxpGO/xzIuzfs5b1eSLnbLPnbFdm5t0gK8yQHOHb7
N6wJHupnrHDb5ls0WtYdzSnuU27QFrBCi8QBdiPHCHkV+/SEB8laCVpiAwIDAQAB
o4ICwzCCAr8wHQYDVR0OBBYEFF+GTGAZBS0w7z2ldka4YPrko8dtMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzE2LzUyNmVj
ZC1kNTRjLTQ2ODYtYWZjNC02MTdjNzkxMDVjYjIvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTYvNTI2ZWNk
LWQ1NGMtNDY4Ni1hZmM0LTYxN2M3OTEwNWNiMi8xL1g0Wk1ZQmtGTFREdlBhVjJS
cmhnLXVTangyMC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMF4GCCsGAQUF
BwEHAQH/BE8wTTA8BAIAATA2AwQBTexiAwQBWNogAwQBWSjcAwQCW+poAwQCX7Js
AwQCuXmkAwQBwmrQAwQAwyNgAwQCw4WUMA0EAgACMAcDBQMqEAeAMA0GCSqGSIb3
DQEBCwUAA4IBAQA39586NoaAxhssC37eHf5JRjdtd7ddhqvebHxbUJmo85Hd5LJM
SwUblo50vqf2g/1tC/8oL2kWd7Kw7mz56xYOIIYpdU4epFenrMu6yT13eZWWNoT+
CSlGjYglBIrRUHE+2/5XKnmmNiLAziZbuz82hMmFJJO1BY23mMhVDYDUdfVOZTJI
az8OHu5pETwYmm//ncj2Kgit+nj6aCc/AHK8fYj6h2UxcFsmTuMfzBGmrEhZFJKD
V37u9XOn/srjkyb6Y+EBB/FDG9LF6Pa8yPSuSeKrF4tctq0MfKrTSGjDaDKICiUt
yhUveGzqGjdpJfSU/P77Y9Dvh0tfKI6ULbEU
-----END CERTIFICATE-----