Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/Yvp2WjkzacltjYNvI_duZ0icfd4.cer
File:                     Yvp2WjkzacltjYNvI_duZ0icfd4.cer (raw, json)
Hash identifier:          Du8cq6YrWYEnAoSjqWQikUiwKiG01oMen5gPgtDqzZg=
Subject key identifier:   62:FA:76:5A:39:33:69:C9:6D:8D:83:6F:23:F7:6E:67:48:9C:7D:DE
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018570897F0DF5AA8C712106F61E35F08C7C
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/f2/adff80-b207-4fbd-bf5e-07dd1b4c55d9/1/Yvp2WjkzacltjYNvI_duZ0icfd4.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/f2/adff80-b207-4fbd-bf5e-07dd1b4c55d9/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 02 Jan 2023 03:32:17 +0000
Certificate not after:    Mon 01 Jul 2024 00:00:00 +0000
Subordinate resources:    IP: 2.58.84.0/22
                          IP: 45.8.172.0/22
                          IP: 45.13.148.0/22
                          IP: 45.66.148.0/22
                          IP: 62.192.172.0/22
                          IP: 77.83.252.0/22
                          IP: 85.209.16.0/22
                          IP: 212.102.114.0/24
                          IP: 2a06:fe00::/29
                          IP: 2a09:9f80::/29

Validation:               Failed, certificate revoked on Thu 23 Mar 2023 15:12:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:89:7f:0d:f5:aa:8c:71:21:06:f6:1e:35:f0:8c:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 03:32:17 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=62fa765a393369c96d8d836f23f76e67489c7dde
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f4:07:db:cb:72:a0:5e:fe:48:d3:ef:6f:67:04:
                    9a:ea:a9:bb:91:28:e8:cc:db:2e:f1:de:6f:b5:74:
                    66:4c:cd:a2:9c:f9:3b:a4:8c:4c:4f:ec:f8:2c:c5:
                    d3:b4:d5:d5:7c:2e:4b:64:79:ea:c4:f0:35:b8:42:
                    d8:7c:a3:29:92:ea:fc:51:bf:fb:87:3d:51:6b:02:
                    34:b6:b3:90:dd:7b:f4:08:7e:e3:9d:4e:2e:2f:e6:
                    c9:76:d8:fa:37:db:5b:ef:a1:ee:78:7e:5f:aa:4a:
                    c2:4c:75:ec:f8:ae:c2:5e:27:cd:57:29:de:bf:e4:
                    cf:65:8d:b6:f1:ac:96:fd:ab:33:24:c7:6d:ac:77:
                    5f:80:3d:d5:17:fb:6a:89:80:25:e7:00:0d:ac:08:
                    c6:9a:95:02:be:4a:7c:c9:c2:71:38:62:f1:0f:55:
                    75:fa:74:0c:fa:f0:07:d1:18:d6:8e:22:48:0a:cb:
                    a6:78:85:f2:79:95:d4:d1:65:d8:26:ff:d6:95:ad:
                    25:43:6a:e2:01:75:29:9f:16:04:e0:c5:36:06:0f:
                    0f:0e:f3:1f:85:49:32:3b:3d:bc:60:07:90:e5:18:
                    77:3a:1c:ea:f5:83:34:20:d6:96:d3:c2:ef:d5:b7:
                    e4:9d:7f:e0:d2:7d:1f:7d:ec:cf:72:da:e8:f2:1b:
                    7a:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:FA:76:5A:39:33:69:C9:6D:8D:83:6F:23:F7:6E:67:48:9C:7D:DE
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/adff80-b207-4fbd-bf5e-07dd1b4c55d9/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/adff80-b207-4fbd-bf5e-07dd1b4c55d9/1/Yvp2WjkzacltjYNvI_duZ0icfd4.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.84.0/22
                  45.8.172.0/22
                  45.13.148.0/22
                  45.66.148.0/22
                  62.192.172.0/22
                  77.83.252.0/22
                  85.209.16.0/22
                  212.102.114.0/24
                IPv6:
                  2a06:fe00::/29
                  2a09:9f80::/29

    Signature Algorithm: sha256WithRSAEncryption
         4e:fb:77:9a:f4:a3:29:a6:66:ce:5d:5a:b3:d0:3c:9b:be:05:
         7a:68:26:c9:54:9f:d0:84:75:c6:5b:f4:b7:ed:9e:a6:00:de:
         c1:6c:47:cd:e5:62:98:57:a9:80:8f:9a:ec:d7:4f:00:c7:39:
         74:77:eb:2e:dc:0d:15:7b:d3:eb:56:8c:e0:e7:76:f7:6a:39:
         a6:47:24:f6:6d:d5:f2:e6:7e:56:0b:f3:fd:9f:7a:65:c5:01:
         db:68:63:c9:36:5d:6d:39:3e:12:ad:d0:bb:2b:3d:db:ff:a8:
         25:b7:0b:18:8e:4d:3a:26:c6:85:fb:85:ec:cc:09:0e:81:e0:
         8b:51:7d:ad:f9:b3:c9:ad:cf:d0:c5:3a:18:1c:90:66:51:42:
         0f:f9:c1:74:12:24:91:d2:cc:43:0c:65:df:82:91:e3:6f:89:
         c9:f6:51:00:9f:af:26:e1:3e:f0:9d:a0:0a:1f:4d:23:ef:d1:
         bb:af:d1:45:56:27:21:37:47:18:de:5f:81:1d:8f:26:36:af:
         8f:29:6e:73:2d:0c:46:93:ff:4f:ca:06:6f:db:08:8a:26:8f:
         8b:0d:01:05:79:d0:c3:61:da:f1:86:7c:e8:31:54:99:a2:8b:
         a8:ad:b2:f0:6c:e3:95:0d:2c:65:10:50:cb:26:7c:ee:15:dd:
         01:66:33:f6
-----BEGIN CERTIFICATE-----
MIIFuDCCBKCgAwIBAgISAYVwiX8N9aqMcSEG9h418Ix8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjMwMTAyMDMzMjE3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MmZhNzY1YTM5MzM2OWM5NmQ4ZDgzNmYyM2Y3NmU2NzQ4OWM3ZGRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9Afby3KgXv5I0+9vZwSa6qm7kSjo
zNsu8d5vtXRmTM2inPk7pIxMT+z4LMXTtNXVfC5LZHnqxPA1uELYfKMpkur8Ub/7
hz1RawI0trOQ3Xv0CH7jnU4uL+bJdtj6N9tb76HueH5fqkrCTHXs+K7CXifNVyne
v+TPZY228ayW/aszJMdtrHdfgD3VF/tqiYAl5wANrAjGmpUCvkp8ycJxOGLxD1V1
+nQM+vAH0RjWjiJICsumeIXyeZXU0WXYJv/Wla0lQ2riAXUpnxYE4MU2Bg8PDvMf
hUkyOz28YAeQ5Rh3Ohzq9YM0INaW08Lv1bfknX/g0n0ffezPctro8ht6mQIDAQAB
o4ICxDCCAsAwHQYDVR0OBBYEFGL6dlo5M2nJbY2DbyP3bmdInH3eMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2YyL2FkZmY4
MC1iMjA3LTRmYmQtYmY1ZS0wN2RkMWI0YzU1ZDkvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZjIvYWRmZjgw
LWIyMDctNGZiZC1iZjVlLTA3ZGQxYjRjNTVkOS8xL1l2cDJXamt6YWNsdGpZTnZJ
X2R1WjBpY2ZkNC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMF8GCCsGAQUF
BwEHAQH/BFAwTjA2BAIAATAwAwQCAjpUAwQCLQisAwQCLQ2UAwQCLUKUAwQCPsCs
AwQCTVP8AwQCVdEQAwQA1GZyMBQEAgACMA4DBQMqBv4AAwUDKgmfgDANBgkqhkiG
9w0BAQsFAAOCAQEATvt3mvSjKaZmzl1as9A8m74FemgmyVSf0IR1xlv0t+2epgDe
wWxHzeVimFepgI+a7NdPAMc5dHfrLtwNFXvT61aM4Od292o5pkck9m3V8uZ+Vgvz
/Z96ZcUB22hjyTZdbTk+Eq3Quys92/+oJbcLGI5NOibGhfuF7MwJDoHgi1F9rfmz
ya3P0MU6GByQZlFCD/nBdBIkkdLMQwxl34KR42+JyfZRAJ+vJuE+8J2gCh9NI+/R
u6/RRVYnITdHGN5fgR2PJjavjylucy0MRpP/T8oGb9sIiiaPiw0BBXnQw2Ha8YZ8
6DFUmaKLqK2y8GzjlQ0sZRBQyyZ87hXdAWYz9g==
-----END CERTIFICATE-----