Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/hfzKq2iYqiIkL6hHzgKluhpn3SI.cer
File:                     hfzKq2iYqiIkL6hHzgKluhpn3SI.cer (raw, json)
Hash identifier:          MWxRP/Y0HZe69EsERF7Dd2J9E/a+ZKgwEE+l1gSr8Sg=
Subject key identifier:   85:FC:CA:AB:68:98:AA:22:24:2F:A8:47:CE:02:A5:BA:1A:67:DD:22
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01856BD07D0904A0909F6CCA5AACE955C115
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/e0/18cb86-f8f3-4042-a26a-9b53a517a157/1/hfzKq2iYqiIkL6hHzgKluhpn3SI.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/e0/18cb86-f8f3-4042-a26a-9b53a517a157/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Sun 01 Jan 2023 05:31:43 +0000
Certificate not after:    Mon 01 Jul 2024 00:00:00 +0000
Subordinate resources:    IP: 91.247.172.0/24
                          IP: 2a11:c740::/29

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6b:d0:7d:09:04:a0:90:9f:6c:ca:5a:ac:e9:55:c1:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 05:31:43 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=85fccaab6898aa22242fa847ce02a5ba1a67dd22
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:67:d0:33:80:b2:c4:8e:13:91:1c:26:44:18:
                    c9:d2:07:b5:25:cc:5b:8f:c0:db:5e:b5:d2:99:69:
                    06:44:99:c1:60:9d:73:ce:95:14:21:be:66:e7:d5:
                    d5:d9:38:7e:34:e5:5b:37:8e:47:ac:e0:31:2a:ed:
                    a8:89:bb:88:a9:7e:c6:17:c8:0f:6d:e8:d5:d3:9e:
                    f4:91:18:be:ef:35:30:ef:42:62:74:9c:6c:b5:67:
                    ad:f7:70:bc:97:a3:93:9c:57:24:21:d2:80:da:63:
                    43:1a:2f:b2:6e:07:74:42:d8:73:df:a0:38:40:fb:
                    6f:78:3f:30:f6:42:f6:9c:8b:b9:15:51:84:d0:4b:
                    f0:1d:64:6e:84:24:85:f2:cc:15:69:63:24:6e:45:
                    84:4b:58:87:c6:89:21:9e:11:22:f9:01:a1:c0:27:
                    0c:05:86:f5:e5:65:96:0f:e0:94:68:0d:d4:48:0f:
                    d5:90:4a:03:c3:7c:10:4a:19:2a:90:a6:2f:82:27:
                    66:8b:72:30:c4:fe:4d:e0:bb:e8:79:7f:b4:6a:28:
                    20:84:b7:e3:77:ec:0a:e4:b3:ce:ba:88:92:74:32:
                    e2:76:a3:ee:b3:a0:f4:09:20:0c:eb:57:75:35:0b:
                    ba:e0:56:e7:92:8f:9d:ef:e7:6f:c7:fd:79:12:94:
                    b2:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:FC:CA:AB:68:98:AA:22:24:2F:A8:47:CE:02:A5:BA:1A:67:DD:22
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/18cb86-f8f3-4042-a26a-9b53a517a157/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/18cb86-f8f3-4042-a26a-9b53a517a157/1/hfzKq2iYqiIkL6hHzgKluhpn3SI.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.247.172.0/24
                IPv6:
                  2a11:c740::/29

    Signature Algorithm: sha256WithRSAEncryption
         62:e9:d3:e8:5d:ec:98:06:da:2e:d3:9b:5a:e5:4c:9e:f5:e5:
         9f:85:2d:34:d9:92:63:64:0d:f8:8c:bd:bc:90:94:7d:79:16:
         74:84:0e:27:f0:57:77:f5:49:ad:03:d9:b3:35:70:19:4c:de:
         45:a1:6c:8c:2d:ec:54:66:ff:5f:ee:ac:ec:2f:74:b9:2b:1d:
         55:d1:b4:b9:dd:f3:be:31:9f:d7:58:b9:60:72:4f:4e:ac:07:
         5e:33:08:39:c9:69:9f:43:ac:63:ba:05:ec:e5:1b:34:a5:b5:
         4f:a0:7b:ca:5a:62:d5:35:78:32:8f:fc:e7:5e:7f:77:6a:09:
         06:da:2e:f2:9a:0a:56:9a:0e:1a:df:13:73:93:25:23:b3:52:
         8f:e3:eb:4a:85:22:a7:13:a8:b8:04:62:76:28:b1:5d:1d:df:
         1e:71:e3:d4:04:a0:e8:62:e7:a7:e3:ac:b4:b4:e7:7d:2b:1b:
         16:ea:f8:ed:34:3b:12:e6:71:11:ff:1a:78:2b:a8:89:40:ea:
         22:47:7c:4e:b9:fe:a4:f1:3c:13:a3:1f:1f:64:ad:05:01:11:
         22:fe:88:c3:af:dd:2d:3d:32:03:20:84:f5:89:a3:2c:7a:b9:
         e4:36:eb:86:04:87:2e:22:3b:0f:9b:fb:43:ec:d5:2a:10:b2:
         0e:01:22:e9
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAYVr0H0JBKCQn2zKWqzpVcEVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjMwMTAxMDUzMTQzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NWZjY2FhYjY4OThhYTIyMjQyZmE4NDdjZTAyYTViYTFhNjdkZDIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmmfQM4CyxI4TkRwmRBjJ0ge1Jcxb
j8DbXrXSmWkGRJnBYJ1zzpUUIb5m59XV2Th+NOVbN45HrOAxKu2oibuIqX7GF8gP
bejV0570kRi+7zUw70JidJxstWet93C8l6OTnFckIdKA2mNDGi+ybgd0Qthz36A4
QPtveD8w9kL2nIu5FVGE0EvwHWRuhCSF8swVaWMkbkWES1iHxokhnhEi+QGhwCcM
BYb15WWWD+CUaA3USA/VkEoDw3wQShkqkKYvgidmi3IwxP5N4LvoeX+0aigghLfj
d+wK5LPOuoiSdDLidqPus6D0CSAM61d1NQu64Fbnko+d7+dvx/15EpSyEQIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFIX8yqtomKoiJC+oR84CpboaZ90iMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2UwLzE4Y2I4
Ni1mOGYzLTQwNDItYTI2YS05YjUzYTUxN2ExNTcvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZTAvMThjYjg2
LWY4ZjMtNDA0Mi1hMjZhLTliNTNhNTE3YTE1Ny8xL2hmektxMmlZcWlJa0w2aEh6
Z0tsdWhwbjNTSS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQAW/esMA0EAgACMAcDBQMqEcdAMA0GCSqGSIb3
DQEBCwUAA4IBAQBi6dPoXeyYBtou05ta5Uye9eWfhS002ZJjZA34jL28kJR9eRZ0
hA4n8Fd39UmtA9mzNXAZTN5FoWyMLexUZv9f7qzsL3S5Kx1V0bS53fO+MZ/XWLlg
ck9OrAdeMwg5yWmfQ6xjugXs5Rs0pbVPoHvKWmLVNXgyj/znXn93agkG2i7ymgpW
mg4a3xNzkyUjs1KP4+tKhSKnE6i4BGJ2KLFdHd8ecePUBKDoYuen46y0tOd9KxsW
6vjtNDsS5nER/xp4K6iJQOoiR3xOuf6k8TwTox8fZK0FAREi/ojDr90tPTIDIIT1
iaMsernkNuuGBIcuIjsPm/tD7NUqELIOASLp
-----END CERTIFICATE-----
Generated at Wed Nov 1 13:51:51 2023 by rpki-client on console-fra.rpki-client.org