Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/XvWG6QFKZfYAfb0AawYgMvXWbm8.cer
File:                     XvWG6QFKZfYAfb0AawYgMvXWbm8.cer (raw, json)
Hash identifier:          +T3qyYwrXrAfcPKm21xPa59Z13wPo+AnuYIDVn4KtDU=
Subject key identifier:   5E:F5:86:E9:01:4A:65:F6:00:7D:BD:00:6B:06:20:32:F5:D6:6E:6F
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0188958808887A49675E7AABF591D7235770
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/3d/f31d68-ab5f-4113-afd0-69da307ce49c/1/XvWG6QFKZfYAfb0AawYgMvXWbm8.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/3d/f31d68-ab5f-4113-afd0-69da307ce49c/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 07 Jun 2023 11:05:00 +0000
Certificate not after:    Mon 01 Jul 2024 00:00:00 +0000
Subordinate resources:    AS: 49565
                          IP: 2a02:d5c0::/29

Validation:               Failed, certificate revoked on Tue 13 Jun 2023 08:04:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:95:88:08:88:7a:49:67:5e:7a:ab:f5:91:d7:23:57:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jun  7 11:05:00 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=5ef586e9014a65f6007dbd006b062032f5d66e6f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:c3:ea:7b:49:f6:cf:9b:93:21:b1:31:5c:f6:
                    eb:91:a8:4d:e0:eb:9a:fd:a4:96:04:ec:f3:81:d4:
                    27:f7:7a:83:57:70:a5:0b:78:cd:23:54:a5:5c:93:
                    e7:fb:15:2d:10:59:84:bf:9b:3d:e1:0d:cd:8d:b4:
                    d7:f6:d0:aa:27:4e:0c:00:f7:f9:a6:3e:b8:aa:a4:
                    77:4f:60:67:05:c0:66:c4:dd:0a:8f:f9:2b:31:9c:
                    5e:a3:f8:4c:7a:1f:43:ed:53:51:22:b7:e7:84:c1:
                    59:70:fb:db:b9:0b:31:08:08:8f:7f:b0:d0:67:4a:
                    20:57:af:76:62:49:ce:1c:c9:f6:b6:7b:72:b9:88:
                    fe:71:02:43:5f:26:a6:9d:5a:46:69:75:c6:c7:82:
                    11:1b:fb:95:26:2e:a7:f3:82:57:8a:07:6a:60:f3:
                    e6:fb:38:84:c5:fc:38:52:65:8d:c6:87:df:31:5d:
                    01:83:bf:e0:c7:86:ba:ea:ba:c8:af:76:de:92:5d:
                    74:d1:cb:30:61:d5:05:a4:7b:00:54:f1:fa:b9:72:
                    7d:88:b4:e8:cc:ce:42:1f:e0:38:51:dd:1f:5b:72:
                    f5:72:01:fe:32:3c:4a:a5:fe:3b:29:93:57:e0:0c:
                    d2:9c:6c:c0:1e:bc:dd:aa:88:38:ef:3f:07:77:1c:
                    a8:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:F5:86:E9:01:4A:65:F6:00:7D:BD:00:6B:06:20:32:F5:D6:6E:6F
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/f31d68-ab5f-4113-afd0-69da307ce49c/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/f31d68-ab5f-4113-afd0-69da307ce49c/1/XvWG6QFKZfYAfb0AawYgMvXWbm8.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:d5c0::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  49565

    Signature Algorithm: sha256WithRSAEncryption
         26:d9:26:fe:df:ad:14:ca:16:8e:1e:2e:78:85:3b:56:9c:cb:
         dd:5c:34:e5:66:0b:20:26:f3:0a:2f:16:a2:46:aa:da:36:8c:
         49:d8:5f:72:42:38:15:98:ac:1a:69:a9:52:a8:55:48:32:b7:
         25:6c:5f:1f:cf:7a:08:d3:4a:ac:a0:c7:ea:d0:97:8e:ea:03:
         1f:7b:4f:49:3e:66:e2:c1:af:e9:92:91:8b:13:7f:f7:15:2e:
         41:4e:5d:03:c1:40:64:4c:6d:c1:7f:7c:da:83:69:25:c0:44:
         70:ba:87:73:41:f4:94:b8:53:eb:06:ea:43:0f:2a:a9:f2:20:
         29:32:ba:11:79:5b:37:bd:ca:3a:c5:2b:af:26:d6:8f:0f:d1:
         af:84:6a:0b:ab:08:f7:02:82:ea:97:e8:b8:f4:b3:51:9a:de:
         77:ea:a6:36:fe:ce:b1:f4:62:35:d3:84:d2:3a:03:d4:41:5d:
         31:f3:07:23:0d:df:9f:db:a3:ab:ca:ee:8a:16:f0:f0:3c:f1:
         40:b4:0d:2b:0c:84:66:37:f8:d9:25:63:a3:9d:ae:8e:d5:57:
         a2:ed:ac:e6:15:43:5a:97:9c:41:5b:59:f0:06:16:ce:61:ed:
         f1:a9:b3:73:5c:f3:d8:fd:5e:cd:2f:02:0e:15:7a:19:3f:27:
         dd:9a:2b:86
-----BEGIN CERTIFICATE-----
MIIFlTCCBH2gAwIBAgISAYiViAiIeklnXnqr9ZHXI1dwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjMwNjA3MTEwNTAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZWY1ODZlOTAxNGE2NWY2MDA3ZGJkMDA2YjA2MjAzMmY1ZDY2ZTZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1MPqe0n2z5uTIbExXPbrkahN4Oua
/aSWBOzzgdQn93qDV3ClC3jNI1SlXJPn+xUtEFmEv5s94Q3NjbTX9tCqJ04MAPf5
pj64qqR3T2BnBcBmxN0Kj/krMZxeo/hMeh9D7VNRIrfnhMFZcPvbuQsxCAiPf7DQ
Z0ogV692YknOHMn2tntyuYj+cQJDXyamnVpGaXXGx4IRG/uVJi6n84JXigdqYPPm
+ziExfw4UmWNxoffMV0Bg7/gx4a66rrIr3bekl100cswYdUFpHsAVPH6uXJ9iLTo
zM5CH+A4Ud0fW3L1cgH+MjxKpf47KZNX4AzSnGzAHrzdqog47z8HdxyouQIDAQAB
o4ICoTCCAp0wHQYDVR0OBBYEFF71hukBSmX2AH29AGsGIDL11m5vMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzNkL2YzMWQ2
OC1hYjVmLTQxMTMtYWZkMC02OWRhMzA3Y2U0OWMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvM2QvZjMxZDY4
LWFiNWYtNDExMy1hZmQwLTY5ZGEzMDdjZTQ5Yy8xL1h2V0c2UUZLWmZZQWZiMEFh
d1lnTXZYV2JtOC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCAGCCsGAQUF
BwEHAQH/BBEwDzANBAIAAjAHAwUDKgLVwDAaBggrBgEFBQcBCAEB/wQLMAmgBzAF
AgMAwZ0wDQYJKoZIhvcNAQELBQADggEBACbZJv7frRTKFo4eLniFO1acy91cNOVm
CyAm8wovFqJGqto2jEnYX3JCOBWYrBppqVKoVUgytyVsXx/PegjTSqygx+rQl47q
Ax97T0k+ZuLBr+mSkYsTf/cVLkFOXQPBQGRMbcF/fNqDaSXARHC6h3NB9JS4U+sG
6kMPKqnyICkyuhF5Wze9yjrFK68m1o8P0a+EagurCPcCguqX6Lj0s1Ga3nfqpjb+
zrH0YjXThNI6A9RBXTHzByMN35/bo6vK7ooW8PA88UC0DSsMhGY3+NklY6Odro7V
V6LtrOYVQ1qXnEFbWfAGFs5h7fGps3Nc89j9Xs0vAg4Vehk/J92aK4Y=
-----END CERTIFICATE-----