Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7OuEaOmpe4eMupszh8Q3yMerYg.cer
File:                     a7OuEaOmpe4eMupszh8Q3yMerYg.cer (raw, json)
Hash identifier:          Aun+iUvASZ497JM0rTcqGuUEZRZ/5yjNklknXgdqd9I=
Subject key identifier:   6B:B3:AE:11:A3:A6:A5:EE:1E:32:EA:6C:CE:1F:10:DF:23:1E:AD:88
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01856C3F589628FDB2D2CA08C5C1A35774F4
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/6a/cc11e8-d51b-4679-9c6c-1ef197d6dc69/1/a7OuEaOmpe4eMupszh8Q3yMerYg.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/6a/cc11e8-d51b-4679-9c6c-1ef197d6dc69/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Sun 01 Jan 2023 07:32:48 +0000
Certificate not after:    Mon 01 Jul 2024 00:00:00 +0000
Subordinate resources:    AS: 62079
                          AS: 207841
                          IP: 185.1.232.0/24
                          IP: 193.57.144.0/24
                          IP: 193.57.159.0/24
                          IP: 193.57.167.0 -- 193.57.168.255
                          IP: 2001:7f8:123::/48
                          IP: 2a0f:85c0::/29

Validation:               Failed, certificate revoked on Tue 10 Oct 2023 15:11:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6c:3f:58:96:28:fd:b2:d2:ca:08:c5:c1:a3:57:74:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 07:32:48 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=6bb3ae11a3a6a5ee1e32ea6cce1f10df231ead88
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:19:db:c4:be:8a:78:fa:8d:b6:b7:f1:e7:1f:
                    19:d5:c3:ed:0e:ea:d3:e0:40:1e:2d:7c:75:39:8a:
                    a8:03:48:78:b5:ed:dc:d2:5f:b3:2e:dd:bc:7c:82:
                    e7:41:75:cf:36:1c:54:9f:5a:74:83:d7:7f:0b:d1:
                    fb:27:9c:7a:34:b2:f1:dd:36:cb:a6:a6:ea:70:73:
                    94:c0:cf:2e:cf:cd:16:3e:79:b8:08:da:8a:e1:ec:
                    ff:60:4f:0a:f6:04:fa:6c:a1:76:40:19:31:1e:07:
                    8c:10:e5:c1:66:ad:e0:57:b1:fc:62:aa:34:c3:68:
                    5c:65:07:1d:21:b3:a0:a5:a6:1d:d8:b3:9d:ad:3a:
                    d7:99:b0:ed:17:e7:be:08:84:c8:fa:a3:7d:2e:ee:
                    4b:50:a5:e9:49:10:76:b3:b5:16:c8:53:ce:61:4f:
                    db:b1:c1:d6:d6:ef:5d:43:15:9b:d6:8d:56:f5:8e:
                    2c:cd:ba:f4:11:b3:c2:45:44:cb:36:2a:c4:cc:e7:
                    85:0f:5d:03:b2:6f:01:7d:5e:c5:cf:b6:3c:85:5b:
                    03:b0:d7:cc:00:ba:ed:a2:31:ce:85:e8:cf:57:3f:
                    7b:67:ab:64:1b:99:5b:e4:67:7c:85:ad:1c:37:87:
                    7b:20:65:b6:c1:73:27:2b:8e:3e:ad:07:4f:3a:d7:
                    1a:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:B3:AE:11:A3:A6:A5:EE:1E:32:EA:6C:CE:1F:10:DF:23:1E:AD:88
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/cc11e8-d51b-4679-9c6c-1ef197d6dc69/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/cc11e8-d51b-4679-9c6c-1ef197d6dc69/1/a7OuEaOmpe4eMupszh8Q3yMerYg.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.1.232.0/24
                  193.57.144.0/24
                  193.57.159.0/24
                  193.57.167.0-193.57.168.255
                IPv6:
                  2001:7f8:123::/48
                  2a0f:85c0::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  62079
                  207841

    Signature Algorithm: sha256WithRSAEncryption
         9d:38:c5:c2:78:99:b3:56:6a:70:33:4a:b0:f6:5b:0c:47:a9:
         bc:dc:7c:27:6a:ef:20:32:b5:f6:67:91:1b:da:c1:75:7f:4d:
         19:1f:d6:ce:fc:7e:c0:08:28:2e:88:d5:ec:5a:c9:62:42:08:
         5c:06:03:c7:36:ae:83:d6:44:e6:e9:fc:c8:db:da:d8:6e:23:
         93:ac:37:71:8c:19:8b:dc:f4:82:8e:86:4f:58:ab:59:f1:40:
         a5:67:32:bf:03:66:6a:6f:49:29:3e:9d:24:90:55:82:65:f2:
         dc:10:1d:96:24:38:13:cb:5a:f2:7c:c1:e2:a2:c9:af:50:3c:
         48:56:79:b2:55:4b:06:9f:4d:32:d3:ef:e8:89:d4:b2:6e:12:
         b6:5f:c3:36:70:dd:5c:16:0d:32:4a:46:23:49:50:f3:67:b0:
         81:76:6d:81:02:43:55:95:cc:28:d3:df:2e:e3:15:ae:6f:30:
         4c:3e:93:5c:fa:7e:5d:06:c1:dd:f9:f2:48:7b:1f:c0:6f:73:
         6b:43:97:a5:9c:c6:b1:6a:00:37:95:3b:33:78:26:d8:ac:6a:
         92:50:e7:e5:96:e6:14:64:75:76:83:f4:58:98:9d:a3:93:dd:
         d7:20:ff:68:07:95:98:aa:c0:2d:54:1f:44:e4:17:11:1f:a0:
         3c:da:19:a4
-----BEGIN CERTIFICATE-----
MIIFyzCCBLOgAwIBAgISAYVsP1iWKP2y0soIxcGjV3T0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjMwMTAxMDczMjQ4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YmIzYWUxMWEzYTZhNWVlMWUzMmVhNmNjZTFmMTBkZjIzMWVhZDg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqxnbxL6KePqNtrfx5x8Z1cPtDurT
4EAeLXx1OYqoA0h4te3c0l+zLt28fILnQXXPNhxUn1p0g9d/C9H7J5x6NLLx3TbL
pqbqcHOUwM8uz80WPnm4CNqK4ez/YE8K9gT6bKF2QBkxHgeMEOXBZq3gV7H8Yqo0
w2hcZQcdIbOgpaYd2LOdrTrXmbDtF+e+CITI+qN9Lu5LUKXpSRB2s7UWyFPOYU/b
scHW1u9dQxWb1o1W9Y4szbr0EbPCRUTLNirEzOeFD10Dsm8BfV7Fz7Y8hVsDsNfM
ALrtojHOhejPVz97Z6tkG5lb5Gd8ha0cN4d7IGW2wXMnK44+rQdPOtca1QIDAQAB
o4IC1zCCAtMwHQYDVR0OBBYEFGuzrhGjpqXuHjLqbM4fEN8jHq2IMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzZhL2NjMTFl
OC1kNTFiLTQ2NzktOWM2Yy0xZWYxOTdkNmRjNjkvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNmEvY2MxMWU4
LWQ1MWItNDY3OS05YzZjLTFlZjE5N2Q2ZGM2OS8xL2E3T3VFYU9tcGU0ZU11cHN6
aDhRM3lNZXJZZy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMFEGCCsGAQUF
BwEHAQH/BEIwQDAmBAIAATAgAwQAuQHoAwQAwTmQAwQAwTmfMAwDBADBOacDBADB
OagwFgQCAAIwEAMHACABB/gBIwMFAyoPhcAwHwYIKwYBBQUHAQgBAf8EEDAOoAww
CgIDAPJ/AgMDK+EwDQYJKoZIhvcNAQELBQADggEBAJ04xcJ4mbNWanAzSrD2WwxH
qbzcfCdq7yAytfZnkRvawXV/TRkf1s78fsAIKC6I1exayWJCCFwGA8c2roPWRObp
/Mjb2thuI5OsN3GMGYvc9IKOhk9Yq1nxQKVnMr8DZmpvSSk+nSSQVYJl8twQHZYk
OBPLWvJ8weKiya9QPEhWebJVSwafTTLT7+iJ1LJuErZfwzZw3VwWDTJKRiNJUPNn
sIF2bYECQ1WVzCjT3y7jFa5vMEw+k1z6fl0Gwd358kh7H8Bvc2tDl6WcxrFqADeV
OzN4JtisapJQ5+WW5hRkdXaD9FiYnaOT3dcg/2gHlZiqwC1UH0TkFxEfoDzaGaQ=
-----END CERTIFICATE-----