Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dIW9k7uq6dfJc6s4aHLxFIuyWNE.cer
File:                     dIW9k7uq6dfJc6s4aHLxFIuyWNE.cer (raw, json)
Hash identifier:          bh4AWIquNZl6+WsfKX3ZpuU75zK14Nqabkgq6AG+OY4=
Subject key identifier:   74:85:BD:93:BB:AA:E9:D7:C9:73:AB:38:68:72:F1:14:8B:B2:58:D1
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC26D697CFBC10D1B3D1CACBA4F9722D9
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/b0/90c2ef-e0ee-4dcf-9dd5-9c7fdbdad0db/1/dIW9k7uq6dfJc6s4aHLxFIuyWNE.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/b0/90c2ef-e0ee-4dcf-9dd5-9c7fdbdad0db/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 00:29:59 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 208632
                          IP: 45.92.44.0/22
                          IP: 2a0e:1d40::/29

Validation:               Failed, certificate revoked on Fri 19 Apr 2024 11:49:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:69:7c:fb:c1:0d:1b:3d:1c:ac:ba:4f:97:22:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 00:29:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7485bd93bbaae9d7c973ab386872f1148bb258d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:16:7d:15:a7:6a:5f:7e:b2:75:20:5d:b2:91:
                    70:c3:a1:a7:aa:88:b9:d1:fe:5c:a1:be:f5:97:de:
                    14:ae:77:72:68:77:f9:f2:66:5d:39:30:ae:b4:90:
                    97:20:4f:e7:d3:b9:05:a7:af:a9:31:2c:5e:c4:52:
                    19:ae:2a:5d:4b:95:65:45:4b:ff:44:16:94:bf:b5:
                    53:fd:32:b0:c8:a2:b7:9d:17:c6:be:5b:06:f8:b4:
                    34:ba:83:47:70:5c:38:2d:5f:69:b7:50:09:85:41:
                    93:a3:b2:22:97:ed:4a:7b:bb:5d:04:b8:54:0c:9d:
                    4c:72:4d:12:d4:98:d8:57:00:78:df:d4:25:d0:8d:
                    72:29:fd:3a:28:c0:b9:91:47:4a:72:fd:c0:62:b2:
                    7e:78:64:f7:b8:7c:53:57:b8:e6:2d:d1:c0:04:e5:
                    c3:01:9a:db:54:82:b5:db:3c:20:ec:fc:d7:ca:07:
                    31:d6:7b:2f:77:cc:35:fc:af:a6:2f:e9:5d:95:13:
                    42:55:de:7b:eb:75:ab:69:3b:4a:12:19:37:b2:18:
                    ba:5b:0f:0c:44:85:b4:b2:53:39:65:e2:73:c6:7d:
                    5b:db:45:6b:e7:30:ae:84:01:18:87:be:db:8b:fe:
                    e3:70:02:70:a5:38:a9:ae:3c:e1:46:bb:a7:18:29:
                    00:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:85:BD:93:BB:AA:E9:D7:C9:73:AB:38:68:72:F1:14:8B:B2:58:D1
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/90c2ef-e0ee-4dcf-9dd5-9c7fdbdad0db/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/90c2ef-e0ee-4dcf-9dd5-9c7fdbdad0db/1/dIW9k7uq6dfJc6s4aHLxFIuyWNE.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.92.44.0/22
                IPv6:
                  2a0e:1d40::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  208632

    Signature Algorithm: sha256WithRSAEncryption
         1f:f3:50:23:b8:2e:fd:e8:54:30:69:4a:e5:77:98:83:e2:06:
         ad:19:ea:29:bc:d6:d5:c1:1f:2f:f9:1d:55:f9:df:60:72:2f:
         7a:39:7e:d2:de:3a:e9:b9:fe:7a:d6:3e:01:02:e5:6e:5d:d3:
         0b:26:bc:72:dd:49:a1:21:2b:05:f0:65:31:09:1f:fd:28:ec:
         c2:49:16:32:cb:2a:53:50:78:c2:c2:0a:b5:75:b7:cd:9d:30:
         8e:b3:10:80:a6:0b:75:9e:f5:b0:e5:57:19:25:6a:01:eb:d1:
         76:fc:19:41:8a:6d:9d:53:1b:4c:1d:4b:4b:fa:03:bf:10:91:
         6d:e3:10:e4:ce:33:b9:09:2f:84:36:f3:e5:d1:25:26:64:fe:
         ff:6b:cd:db:29:d9:8d:09:cc:63:1c:f2:54:c2:e3:ed:ff:6e:
         e3:aa:35:10:88:ab:8a:fe:c0:65:bb:95:67:e1:0a:2e:81:2f:
         03:b2:3a:ae:6f:f8:74:af:9d:4e:b7:2f:06:b4:a1:c1:4d:d5:
         ec:2d:1f:77:89:10:50:24:41:f6:61:89:c1:c1:d4:7d:1b:7a:
         2b:12:fc:7c:57:cb:57:33:a1:07:e6:ae:7d:96:15:3e:a9:88:
         3f:97:b8:37:eb:02:d3:1a:3e:2f:9f:06:00:5d:8f:5b:66:14:
         3d:38:d5:24
-----BEGIN CERTIFICATE-----
MIIFozCCBIugAwIBAgISAYzCbWl8+8ENGz0crLpPlyLZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDAyOTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDg1YmQ5M2JiYWFlOWQ3Yzk3M2FiMzg2ODcyZjExNDhiYjI1OGQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApBZ9FadqX36ydSBdspFww6Gnqoi5
0f5cob71l94UrndyaHf58mZdOTCutJCXIE/n07kFp6+pMSxexFIZripdS5VlRUv/
RBaUv7VT/TKwyKK3nRfGvlsG+LQ0uoNHcFw4LV9pt1AJhUGTo7Iil+1Ke7tdBLhU
DJ1Mck0S1JjYVwB439Ql0I1yKf06KMC5kUdKcv3AYrJ+eGT3uHxTV7jmLdHABOXD
AZrbVIK12zwg7PzXygcx1nsvd8w1/K+mL+ldlRNCVd5763WraTtKEhk3shi6Ww8M
RIW0slM5ZeJzxn1b20Vr5zCuhAEYh77bi/7jcAJwpTiprjzhRrunGCkAXQIDAQAB
o4ICrzCCAqswHQYDVR0OBBYEFHSFvZO7qunXyXOrOGhy8RSLsljRMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2IwLzkwYzJl
Zi1lMGVlLTRkY2YtOWRkNS05YzdmZGJkYWQwZGIvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjAvOTBjMmVm
LWUwZWUtNGRjZi05ZGQ1LTljN2ZkYmRhZDBkYi8xL2RJVzlrN3VxNmRmSmM2czRh
SEx4Rkl1eVdORS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQCLVwsMA0EAgACMAcDBQMqDh1AMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwMu+DANBgkqhkiG9w0BAQsFAAOCAQEAH/NQI7gu/ehU
MGlK5XeYg+IGrRnqKbzW1cEfL/kdVfnfYHIvejl+0t466bn+etY+AQLlbl3TCya8
ct1JoSErBfBlMQkf/SjswkkWMssqU1B4wsIKtXW3zZ0wjrMQgKYLdZ71sOVXGSVq
AevRdvwZQYptnVMbTB1LS/oDvxCRbeMQ5M4zuQkvhDbz5dElJmT+/2vN2ynZjQnM
YxzyVMLj7f9u46o1EIiriv7AZbuVZ+EKLoEvA7I6rm/4dK+dTrcvBrShwU3V7C0f
d4kQUCRB9mGJwcHUfRt6KxL8fFfLVzOhB+aufZYVPqmIP5e4N+sC0xo+L58GAF2P
W2YUPTjVJA==
-----END CERTIFICATE-----