Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/kjWkdYkz2WirR_c-MA1GbSl_Pck.cer
File:                     kjWkdYkz2WirR_c-MA1GbSl_Pck.cer (raw, json)
Hash identifier:          Ao3IdCmRBapu3UZAi5hUhGF34heBmkw+mDIL+fCns0Q=
Subject key identifier:   92:35:A4:75:89:33:D9:68:AB:47:F7:3E:30:0D:46:6D:29:7F:3D:C9
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC26D5D0191953E910B499BCB20B6BD5A
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rsync.paas.rpki.ripe.net/repository/ae6edeec-08ba-4cde-8979-4faea4b1bc12/4/9235A4758933D968AB47F73E300D466D297F3DC9.mft
caRepository:             rsync://rsync.paas.rpki.ripe.net/repository/ae6edeec-08ba-4cde-8979-4faea4b1bc12/4/
Notify URL:               https://rrdp.paas.rpki.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 00:29:56 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 57870
                          AS: 199099
                          AS: 203458

Validation:               Failed, certificate revoked on Thu 22 Aug 2024 15:42:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:5d:01:91:95:3e:91:0b:49:9b:cb:20:b6:bd:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 00:29:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9235a4758933d968ab47f73e300d466d297f3dc9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:7b:71:16:6b:1e:db:dd:7e:64:94:e6:0c:c6:
                    ca:c4:91:45:e4:52:33:42:65:8a:df:4f:c9:85:60:
                    6f:30:ff:96:b2:b5:fc:f5:72:e8:36:cb:fa:71:a2:
                    3b:c6:77:0d:87:08:db:0f:98:96:ea:2e:ea:f1:9e:
                    eb:d4:f8:f2:0a:44:20:27:7e:87:d7:c1:d0:f6:6d:
                    1f:be:3c:a5:7c:6e:ce:56:c2:98:d8:fb:e3:2a:0c:
                    d8:01:97:c8:19:f8:76:a9:b2:48:7b:e1:37:5f:8e:
                    6d:32:b3:40:4a:2e:ce:ed:23:42:b8:f3:7a:04:5f:
                    2e:f9:50:de:92:0b:b6:4a:f1:3e:c2:a8:1e:be:cc:
                    a0:33:2e:2f:a3:07:5b:ee:cb:41:fe:91:f6:f6:7b:
                    6d:54:fb:98:ef:4c:3f:02:1a:8f:b3:e0:67:1c:26:
                    ae:b2:58:a7:83:70:8f:07:43:c9:52:6c:fe:98:58:
                    71:a5:26:24:2d:52:97:a7:ac:50:59:ec:8c:62:06:
                    3b:93:f7:37:06:5e:b4:25:71:6c:c4:a8:b3:d1:c9:
                    70:d5:98:d6:f6:0a:2d:f1:95:41:d0:f2:aa:b8:e8:
                    0e:57:6a:a5:37:f2:55:3a:4a:9b:f5:8a:a7:bc:e8:
                    d1:87:84:47:ae:1c:1d:ae:68:ff:ca:54:de:de:56:
                    df:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:35:A4:75:89:33:D9:68:AB:47:F7:3E:30:0D:46:6D:29:7F:3D:C9
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rsync.paas.rpki.ripe.net/repository/ae6edeec-08ba-4cde-8979-4faea4b1bc12/4
                RPKI Manifest - URI:rsync://rsync.paas.rpki.ripe.net/repository/ae6edeec-08ba-4cde-8979-4faea4b1bc12/4/9235A4758933D968AB47F73E300D466D297F3DC9.mft
                RPKI Notify - URI:https://rrdp.paas.rpki.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  57870
                  199099
                  203458

    Signature Algorithm: sha256WithRSAEncryption
         8a:0e:c3:9e:49:b9:9e:7a:db:68:f0:b1:84:8c:83:79:18:59:
         71:8f:c3:f8:de:b8:03:c2:8b:e0:d1:2c:6a:c2:c9:cb:56:ed:
         27:18:5b:d2:6e:d7:3b:2c:0f:e2:85:e3:31:cc:82:2e:d2:60:
         bd:5c:00:18:1e:f3:10:4d:9d:c6:7e:15:a1:7f:95:e9:bb:98:
         b3:eb:d1:49:b6:ab:66:ac:77:cf:9c:b4:3b:97:e4:3f:b1:5d:
         31:a6:6f:20:65:15:ff:a8:77:65:16:2a:2d:53:af:da:a9:a3:
         94:76:56:d4:e8:8f:d3:7b:74:29:7f:91:6d:9b:d5:d1:d9:27:
         cf:09:87:36:7f:23:db:69:4e:5e:52:80:af:ea:f6:cc:f0:9e:
         85:93:ef:17:64:af:9c:6b:9b:fc:ef:c7:9b:60:a8:66:e9:ed:
         34:14:b9:94:3c:fe:4d:69:f2:da:67:24:78:b2:da:62:e4:6e:
         52:35:f5:eb:64:6d:97:2d:90:d6:9b:ab:68:63:34:61:94:43:
         db:34:4d:a8:b1:79:f3:ee:a4:12:e0:2f:32:92:bc:b6:d4:c0:
         6f:eb:57:a1:cc:a2:49:41:6d:2b:ed:43:ff:ba:d9:07:f8:4a:
         53:62:d7:c5:64:65:1e:e6:1a:0d:b1:85:c0:75:43:6f:6c:1c:
         11:f1:d8:df
-----BEGIN CERTIFICATE-----
MIIFmDCCBICgAwIBAgISAYzCbV0BkZU+kQtJm8sgtr1aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDAyOTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MjM1YTQ3NTg5MzNkOTY4YWI0N2Y3M2UzMDBkNDY2ZDI5N2YzZGM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtntxFmse291+ZJTmDMbKxJFF5FIz
QmWK30/JhWBvMP+WsrX89XLoNsv6caI7xncNhwjbD5iW6i7q8Z7r1PjyCkQgJ36H
18HQ9m0fvjylfG7OVsKY2PvjKgzYAZfIGfh2qbJIe+E3X45tMrNASi7O7SNCuPN6
BF8u+VDekgu2SvE+wqgevsygMy4vowdb7stB/pH29nttVPuY70w/AhqPs+BnHCau
sling3CPB0PJUmz+mFhxpSYkLVKXp6xQWeyMYgY7k/c3Bl60JXFsxKiz0clw1ZjW
9got8ZVB0PKquOgOV2qlN/JVOkqb9YqnvOjRh4RHrhwdrmj/ylTe3lbftQIDAQAB
o4ICpDCCAqAwHQYDVR0OBBYEFJI1pHWJM9loq0f3PjANRm0pfz3JMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggE+BggrBgEFBQcBCwSCATAwggEsMF4GCCsGAQUFBzAFhlJy
c3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2FlNmVk
ZWVjLTA4YmEtNGNkZS04OTc5LTRmYWVhNGIxYmMxMi80MIGLBggrBgEFBQcwCoZ/
cnN5bmM6Ly9yc3luYy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9hZTZl
ZGVlYy0wOGJhLTRjZGUtODk3OS00ZmFlYTRiMWJjMTIvNC85MjM1QTQ3NTg5MzNE
OTY4QUI0N0Y3M0UzMDBENDY2RDI5N0YzREM5Lm1mdDA8BggrBgEFBQcwDYYwaHR0
cHM6Ly9ycmRwLnBhYXMucnBraS5yaXBlLm5ldC9ub3RpZmljYXRpb24ueG1sMFkG
A1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMyUUhWVjNkNW1rLmNybDAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMCQGCCsGAQUFBwEIAQH/BBUwE6ARMA8CAwDiDgID
Awm7AgMDGsIwDQYJKoZIhvcNAQELBQADggEBAIoOw55JuZ5622jwsYSMg3kYWXGP
w/jeuAPCi+DRLGrCyctW7ScYW9Ju1zssD+KF4zHMgi7SYL1cABge8xBNncZ+FaF/
lem7mLPr0Um2q2asd8+ctDuX5D+xXTGmbyBlFf+od2UWKi1Tr9qpo5R2VtToj9N7
dCl/kW2b1dHZJ88JhzZ/I9tpTl5SgK/q9szwnoWT7xdkr5xrm/zvx5tgqGbp7TQU
uZQ8/k1p8tpnJHiy2mLkblI19etkbZctkNabq2hjNGGUQ9s0TaixefPupBLgLzKS
vLbUwG/rV6HMoklBbSvtQ/+62Qf4SlNi18VkZR7mGg2xhcB1Q29sHBHx2N8=
-----END CERTIFICATE-----