Certificate 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ghajZRBQ0Rx5PgokckAAXOJ9fl4.cer
File:                     ghajZRBQ0Rx5PgokckAAXOJ9fl4.cer (raw, json)
Hash identifier:          PZGtfmR9/1tZO9xPbQ6d7uxlJjvUeOoagYnD6f12YL4=
Subject key identifier:   82:16:A3:65:10:50:D1:1C:79:3E:0A:24:72:40:00:5C:E2:7D:7E:5E
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018570893DB6D1DE34D276516B7D834FF11D
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/e3/3feb8c-2c4a-4151-b086-45a19c320bb5/1/ghajZRBQ0Rx5PgokckAAXOJ9fl4.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/e3/3feb8c-2c4a-4151-b086-45a19c320bb5/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 02 Jan 2023 03:32:00 +0000
Certificate not after:    Mon 01 Jul 2024 00:00:00 +0000
Subordinate resources:    AS: 209329
                          IP: 171.22.224.0/22
                          IP: 2a09:3f40::/29

Validation:               Failed, certificate revoked on Wed 08 Nov 2023 09:35:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:89:3d:b6:d1:de:34:d2:76:51:6b:7d:83:4f:f1:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 03:32:00 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=8216a3651050d11c793e0a247240005ce27d7e5e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:60:4f:29:6e:c1:74:5d:72:01:e9:b6:b6:df:
                    c0:cb:24:db:91:2f:45:b8:28:00:e8:54:17:01:ab:
                    3d:99:a3:7b:bf:eb:86:19:5b:50:e7:9a:58:81:b7:
                    a6:5d:90:35:88:1d:9f:b9:f5:41:2a:87:c5:92:5c:
                    a0:6b:54:03:d2:56:dd:b9:e3:6c:53:8e:0b:4a:bc:
                    18:82:d8:c8:29:50:89:f2:6e:c2:93:fb:81:4e:0d:
                    31:ba:02:a1:7f:d0:b5:2f:34:e7:a0:35:e3:62:06:
                    6f:d1:50:ce:39:c8:fc:10:e0:2d:d9:d2:d0:9b:51:
                    f3:21:70:b2:7e:2d:ea:0a:10:dc:e3:95:02:2e:13:
                    87:85:c7:f4:49:10:21:20:1e:9a:4a:ec:29:e3:f9:
                    d7:41:f5:76:3a:b9:34:53:9a:88:26:ec:eb:eb:53:
                    48:04:3c:a9:ec:2f:65:7c:e4:10:75:56:57:e7:04:
                    19:ac:37:fc:20:7b:16:c0:b5:32:d5:83:a5:4a:61:
                    3e:dc:1b:2d:0b:90:b9:3b:e7:67:24:55:91:4e:b9:
                    b6:78:2d:20:be:7a:ea:6b:7f:7d:76:74:a2:53:09:
                    58:09:1e:81:c2:9e:ba:5b:6c:1b:97:90:ed:42:53:
                    10:21:bc:d8:16:12:4e:dc:fd:70:b2:e1:07:3f:a8:
                    0e:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:16:A3:65:10:50:D1:1C:79:3E:0A:24:72:40:00:5C:E2:7D:7E:5E
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/3feb8c-2c4a-4151-b086-45a19c320bb5/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/3feb8c-2c4a-4151-b086-45a19c320bb5/1/ghajZRBQ0Rx5PgokckAAXOJ9fl4.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  171.22.224.0/22
                IPv6:
                  2a09:3f40::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  209329

    Signature Algorithm: sha256WithRSAEncryption
         61:65:5c:f0:bd:fa:47:48:f2:33:40:c1:6d:07:cf:5e:8a:e9:
         22:90:27:45:3d:6a:f1:37:0a:af:cf:2f:22:76:99:71:85:19:
         59:80:67:1b:da:1f:b8:0f:eb:79:20:6e:d7:b8:a9:5d:ea:e4:
         41:16:b7:c3:bf:6f:bb:99:d1:f6:f9:13:17:6e:78:2e:37:0f:
         97:5a:99:4c:ef:55:59:cb:cf:ca:d9:52:61:b5:5e:ea:6c:7a:
         8f:21:f1:c2:91:1a:57:6a:2a:61:81:90:35:63:b6:f7:a1:44:
         d6:3b:d1:00:91:7e:e8:1c:bd:de:b3:be:2b:d9:a4:ee:e3:64:
         5a:41:01:9c:43:d4:e2:46:2f:ba:c8:25:e7:81:c1:2e:0f:64:
         ca:b2:0f:3a:a3:d4:8a:ac:25:2f:d0:1c:71:a5:66:7f:c2:29:
         d7:13:39:db:3d:ce:bb:9a:f6:31:65:67:8c:05:d3:20:8c:91:
         74:dc:94:a0:29:df:a4:29:00:d6:1f:4c:15:8a:cb:d8:d0:1f:
         83:72:fe:99:d3:81:74:b8:0b:7b:52:30:56:6c:b4:c8:1f:b7:
         64:32:4d:42:cb:8e:2e:91:f6:21:8e:58:61:4f:1d:37:cb:0f:
         04:c6:13:f9:e8:16:12:a2:ff:ea:a1:a6:01:e5:f1:3b:c4:6f:
         87:e4:44:ee
-----BEGIN CERTIFICATE-----
MIIFozCCBIugAwIBAgISAYVwiT220d400nZRa32DT/EdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjMwMTAyMDMzMjAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjE2YTM2NTEwNTBkMTFjNzkzZTBhMjQ3MjQwMDA1Y2UyN2Q3ZTVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApmBPKW7BdF1yAem2tt/AyyTbkS9F
uCgA6FQXAas9maN7v+uGGVtQ55pYgbemXZA1iB2fufVBKofFklyga1QD0lbdueNs
U44LSrwYgtjIKVCJ8m7Ck/uBTg0xugKhf9C1LzTnoDXjYgZv0VDOOcj8EOAt2dLQ
m1HzIXCyfi3qChDc45UCLhOHhcf0SRAhIB6aSuwp4/nXQfV2Ork0U5qIJuzr61NI
BDyp7C9lfOQQdVZX5wQZrDf8IHsWwLUy1YOlSmE+3BstC5C5O+dnJFWRTrm2eC0g
vnrqa399dnSiUwlYCR6Bwp66W2wbl5DtQlMQIbzYFhJO3P1wsuEHP6gO6QIDAQAB
o4ICrzCCAqswHQYDVR0OBBYEFIIWo2UQUNEceT4KJHJAAFzifX5eMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2UzLzNmZWI4
Yy0yYzRhLTQxNTEtYjA4Ni00NWExOWMzMjBiYjUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZTMvM2ZlYjhj
LTJjNGEtNDE1MS1iMDg2LTQ1YTE5YzMyMGJiNS8xL2doYWpaUkJRMFJ4NVBnb2tj
a0FBWE9KOWZsNC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQCqxbgMA0EAgACMAcDBQMqCT9AMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwMxsTANBgkqhkiG9w0BAQsFAAOCAQEAYWVc8L36R0jy
M0DBbQfPXorpIpAnRT1q8TcKr88vInaZcYUZWYBnG9ofuA/reSBu17ipXerkQRa3
w79vu5nR9vkTF254LjcPl1qZTO9VWcvPytlSYbVe6mx6jyHxwpEaV2oqYYGQNWO2
96FE1jvRAJF+6By93rO+K9mk7uNkWkEBnEPU4kYvusgl54HBLg9kyrIPOqPUiqwl
L9AccaVmf8Ip1xM52z3Ou5r2MWVnjAXTIIyRdNyUoCnfpCkA1h9MFYrL2NAfg3L+
mdOBdLgLe1IwVmy0yB+3ZDJNQsuOLpH2IY5YYU8dN8sPBMYT+egWEqL/6qGmAeXx
O8Rvh+RE7g==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:01:27 2024 by rpki-client on console-fra.rpki-client.org