Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/XkMemyXoicA208PlA4SPd_HOyZs.cer
File:                     XkMemyXoicA208PlA4SPd_HOyZs.cer (raw, json)
Hash identifier:          dwh4H0oiHkVzbjdwpib9W6IJNIyD9Cfx/yaAki0KlGg=
Subject key identifier:   5E:43:1E:9B:25:E8:89:C0:36:D3:C3:E5:03:84:8F:77:F1:CE:C9:9B
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01856C3E982B9D446E73494F00C99FF5A831
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/79/cf5fe4-be5d-40c6-83f4-0cd8186e729e/1/XkMemyXoicA208PlA4SPd_HOyZs.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/79/cf5fe4-be5d-40c6-83f4-0cd8186e729e/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Sun 01 Jan 2023 07:31:59 +0000
Certificate not after:    Mon 01 Jul 2024 00:00:00 +0000
Subordinate resources:    AS: 52084
                          IP: 46.255.8.0/21
                          IP: 185.207.168.0/22
                          IP: 2a0a:ddc0::/29

Validation:               Failed, certificate revoked on Wed 15 Nov 2023 16:20:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6c:3e:98:2b:9d:44:6e:73:49:4f:00:c9:9f:f5:a8:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 07:31:59 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=5e431e9b25e889c036d3c3e503848f77f1cec99b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:71:c7:2e:f6:40:95:57:76:45:bc:9f:d4:c0:
                    7c:1d:42:b5:e4:72:9a:4c:74:11:2e:e6:4c:5e:77:
                    a6:7a:74:dc:92:a5:79:da:ea:71:b9:33:6f:25:8e:
                    63:2e:83:dd:dc:7c:01:21:01:40:1b:73:c0:49:2b:
                    3c:b4:84:2d:15:e7:ff:b1:3f:9f:d5:64:5b:b6:d8:
                    7c:a5:e0:72:de:9d:b5:e4:e3:36:4f:63:97:ce:3b:
                    89:32:be:30:ad:6f:b4:96:6b:e0:5b:82:8a:ab:40:
                    91:95:c4:47:fe:72:8d:58:e1:d4:92:65:8d:3f:18:
                    92:51:70:b8:a5:99:97:09:54:ab:82:12:7f:60:d1:
                    37:6a:86:f8:09:f6:5d:a4:f6:41:35:d0:f7:23:47:
                    dd:f3:ef:10:d2:a7:d8:8d:ec:aa:98:41:e0:fb:6e:
                    90:57:65:7b:28:f2:33:f9:86:dd:7e:e1:b9:ba:b0:
                    b6:0c:95:35:54:0e:13:f8:0f:26:19:f3:21:80:0b:
                    8b:43:a8:58:c9:e6:91:54:82:1f:7d:7c:8d:c9:3f:
                    55:cd:e2:e3:fe:61:a9:78:14:ab:73:ce:83:56:92:
                    68:78:41:d4:d3:df:35:7f:0d:02:ce:40:53:d1:15:
                    2e:2b:1b:96:24:cd:db:90:f1:48:30:cd:31:40:a9:
                    d9:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:43:1E:9B:25:E8:89:C0:36:D3:C3:E5:03:84:8F:77:F1:CE:C9:9B
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/cf5fe4-be5d-40c6-83f4-0cd8186e729e/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/cf5fe4-be5d-40c6-83f4-0cd8186e729e/1/XkMemyXoicA208PlA4SPd_HOyZs.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.255.8.0/21
                  185.207.168.0/22
                IPv6:
                  2a0a:ddc0::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  52084

    Signature Algorithm: sha256WithRSAEncryption
         9d:59:73:56:01:32:60:45:c3:5b:ee:3d:60:bb:bc:95:f8:7b:
         83:c9:6e:54:c1:27:28:dc:c4:ee:e0:f5:7d:ca:5d:8b:a7:bf:
         01:92:49:ae:fd:e0:a6:f4:62:2d:0b:29:1b:79:d5:97:c5:a8:
         6a:21:be:ca:d4:ef:cc:5b:d9:0a:d2:f3:63:6f:10:5a:69:8c:
         93:cf:ef:b6:33:2a:a5:4b:51:06:28:7a:ce:f2:71:f1:30:9f:
         4e:79:59:27:92:b6:66:66:a9:08:90:2a:06:c0:89:a5:45:de:
         c8:35:2d:b9:02:a4:bd:9d:b4:a0:1c:21:e8:cb:f2:3c:cf:d1:
         5a:d9:0e:e7:82:41:51:87:6d:d2:9b:99:ff:b8:0b:3a:7e:a5:
         ad:8b:ce:f0:a4:02:c2:ef:72:30:c5:62:6c:23:dc:88:4e:ba:
         37:9d:59:9c:29:2c:2d:f7:3d:b9:31:a4:c9:ec:17:dc:96:ee:
         dd:79:b6:82:66:c9:74:27:99:ea:00:ed:da:11:91:98:ad:b6:
         e7:ad:a5:7c:75:7e:94:f3:6c:db:e5:17:21:8b:2e:23:30:74:
         e8:75:66:bc:62:5c:10:59:fa:9d:a7:57:14:ec:14:34:ab:6c:
         26:1d:04:34:84:b0:06:d3:9b:5f:f2:c0:48:1c:50:15:08:7c:
         be:2a:9f:c1
-----BEGIN CERTIFICATE-----
MIIFqTCCBJGgAwIBAgISAYVsPpgrnURuc0lPAMmf9agxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjMwMTAxMDczMTU5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTQzMWU5YjI1ZTg4OWMwMzZkM2MzZTUwMzg0OGY3N2YxY2VjOTliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtXHHLvZAlVd2Rbyf1MB8HUK15HKa
THQRLuZMXnemenTckqV52upxuTNvJY5jLoPd3HwBIQFAG3PASSs8tIQtFef/sT+f
1WRbtth8peBy3p215OM2T2OXzjuJMr4wrW+0lmvgW4KKq0CRlcRH/nKNWOHUkmWN
PxiSUXC4pZmXCVSrghJ/YNE3aob4CfZdpPZBNdD3I0fd8+8Q0qfYjeyqmEHg+26Q
V2V7KPIz+YbdfuG5urC2DJU1VA4T+A8mGfMhgAuLQ6hYyeaRVIIffXyNyT9VzeLj
/mGpeBSrc86DVpJoeEHU0981fw0CzkBT0RUuKxuWJM3bkPFIMM0xQKnZswIDAQAB
o4ICtTCCArEwHQYDVR0OBBYEFF5DHpsl6InANtPD5QOEj3fxzsmbMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzc5L2NmNWZl
NC1iZTVkLTQwYzYtODNmNC0wY2Q4MTg2ZTcyOWUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzkvY2Y1ZmU0
LWJlNWQtNDBjNi04M2Y0LTBjZDgxODZlNzI5ZS8xL1hrTWVteVhvaWNBMjA4UGxB
NFNQZF9IT3lacy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDQGCCsGAQUF
BwEHAQH/BCUwIzASBAIAATAMAwQDLv8IAwQCuc+oMA0EAgACMAcDBQMqCt3AMBoG
CCsGAQUFBwEIAQH/BAswCaAHMAUCAwDLdDANBgkqhkiG9w0BAQsFAAOCAQEAnVlz
VgEyYEXDW+49YLu8lfh7g8luVMEnKNzE7uD1fcpdi6e/AZJJrv3gpvRiLQspG3nV
l8WoaiG+ytTvzFvZCtLzY28QWmmMk8/vtjMqpUtRBih6zvJx8TCfTnlZJ5K2Zmap
CJAqBsCJpUXeyDUtuQKkvZ20oBwh6MvyPM/RWtkO54JBUYdt0puZ/7gLOn6lrYvO
8KQCwu9yMMVibCPciE66N51ZnCksLfc9uTGkyewX3Jbu3Xm2gmbJdCeZ6gDt2hGR
mK22562lfHV+lPNs2+UXIYsuIzB06HVmvGJcEFn6nadXFOwUNKtsJh0ENISwBtOb
X/LASBxQFQh8viqfwQ==
-----END CERTIFICATE-----