Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/oRT_2FMbI55vD3Pm9t5jhFFF-s0.cer
File:                     oRT_2FMbI55vD3Pm9t5jhFFF-s0.cer (raw, json)
Hash identifier:          SbTTRFir2nfWCN0JDIQUNIekcBMvne93iSllb5peW8M=
Subject key identifier:   A1:14:FF:D8:53:1B:23:9E:6F:0F:73:E6:F6:DE:63:84:51:45:FA:CD
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC348D09F1CC7CD28CA8B00517690664F
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/6d/cf2d83-6f29-432f-82e4-00d4c3b3fbf9/1/oRT_2FMbI55vD3Pm9t5jhFFF-s0.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/6d/cf2d83-6f29-432f-82e4-00d4c3b3fbf9/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 04:29:38 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 50941
                          IP: 178.18.192.0/20
                          IP: 185.21.4.0/24
                          IP: 185.21.6.0/23
                          IP: 185.88.132.0/24
                          IP: 2a00:54a0::/32
                          IP: 2a05:c9c0::/29

Validation:               Failed, certificate revoked on Thu 22 Feb 2024 12:21:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:d0:9f:1c:c7:cd:28:ca:8b:00:51:76:90:66:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 04:29:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a114ffd8531b239e6f0f73e6f6de63845145facd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:8f:d4:ff:33:09:d6:f8:ab:f7:c7:30:01:33:
                    4e:89:4c:be:ab:c1:e3:0e:58:9b:ba:dc:46:3b:cb:
                    8f:1a:14:5c:70:4f:ed:79:02:27:f1:f5:40:fb:49:
                    a3:02:19:0f:bc:a4:a7:0e:df:60:33:4b:66:55:e8:
                    f8:a3:1c:e8:57:82:ac:80:0d:d6:a2:82:f2:c8:f3:
                    25:80:d3:05:ef:18:ae:6f:73:5a:f7:92:53:03:ac:
                    89:5e:73:00:f9:3f:05:21:8e:d7:4a:cd:81:d7:2b:
                    5e:fe:7a:68:16:b3:b4:de:d5:68:13:fc:fe:02:4c:
                    1d:62:2d:4f:28:46:3d:dd:80:a5:20:cf:42:a5:dc:
                    28:18:96:b7:c9:6e:db:cf:31:d5:4b:05:16:9a:09:
                    17:d3:ec:b7:2f:13:2e:78:b1:46:87:36:84:a7:3c:
                    b9:f4:bb:8c:46:09:6b:48:6a:53:86:df:f3:61:d9:
                    3c:a8:f4:94:d6:51:35:b0:e4:6a:51:5e:d0:0b:a6:
                    b6:ed:4c:74:9b:1e:d8:0b:5d:d5:40:3b:12:c9:55:
                    1e:9a:83:2c:c9:52:ed:41:ba:0c:6e:05:15:9e:16:
                    eb:38:56:da:fa:bf:04:8e:52:ba:b1:6f:81:78:c0:
                    7a:9b:74:16:cc:c3:64:22:1f:1a:86:30:d3:5e:d4:
                    15:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:14:FF:D8:53:1B:23:9E:6F:0F:73:E6:F6:DE:63:84:51:45:FA:CD
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/cf2d83-6f29-432f-82e4-00d4c3b3fbf9/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/cf2d83-6f29-432f-82e4-00d4c3b3fbf9/1/oRT_2FMbI55vD3Pm9t5jhFFF-s0.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.18.192.0/20
                  185.21.4.0/24
                  185.21.6.0/23
                  185.88.132.0/24
                IPv6:
                  2a00:54a0::/32
                  2a05:c9c0::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  50941

    Signature Algorithm: sha256WithRSAEncryption
         1b:d2:55:a5:dc:b2:d4:34:8c:17:a5:59:35:ce:f0:1a:50:28:
         21:a9:d6:f7:ba:ae:f7:41:45:92:08:90:ee:82:a6:06:54:4c:
         6b:ea:20:6a:81:90:c1:f5:6b:0c:5f:10:5c:fa:5c:14:33:66:
         4e:fc:d1:32:83:60:76:45:6f:dd:6c:e9:2a:0a:d5:cb:ba:36:
         93:a8:c5:62:53:57:5f:88:cd:e7:66:b4:f7:2c:de:23:42:97:
         40:3d:dc:d6:40:9d:99:fc:f5:e1:8c:bc:8d:5e:34:b6:12:37:
         62:af:26:5d:96:57:5e:a5:08:10:a8:53:0c:6d:38:06:d9:8f:
         80:14:de:13:87:db:e2:46:d2:76:ea:50:87:5f:cd:5a:46:eb:
         3f:3a:3e:06:78:06:74:4b:14:8a:91:ae:96:89:3c:0a:1c:ae:
         29:b9:d2:ba:12:b6:6c:86:dd:0a:17:73:0e:9a:bb:9d:d0:a8:
         2d:38:85:84:0b:d8:0a:01:b3:58:be:2c:77:99:a9:7a:25:ad:
         bb:6b:44:b1:56:1f:f4:a0:61:c0:6a:b5:97:ce:f4:24:29:0a:
         5f:3f:9c:35:40:88:fe:2f:59:fb:d1:c1:dc:84:f8:f2:6e:ba:
         f4:47:76:86:a0:cc:09:ea:73:9a:f9:2e:1d:59:fe:2f:7f:0d:
         fe:da:e6:24
-----BEGIN CERTIFICATE-----
MIIFvDCCBKSgAwIBAgISAYzDSNCfHMfNKMqLAFF2kGZPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDQyOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTE0ZmZkODUzMWIyMzllNmYwZjczZTZmNmRlNjM4NDUxNDVmYWNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjo/U/zMJ1vir98cwATNOiUy+q8Hj
DlibutxGO8uPGhRccE/teQIn8fVA+0mjAhkPvKSnDt9gM0tmVej4oxzoV4KsgA3W
ooLyyPMlgNMF7xiub3Na95JTA6yJXnMA+T8FIY7XSs2B1yte/npoFrO03tVoE/z+
AkwdYi1PKEY93YClIM9CpdwoGJa3yW7bzzHVSwUWmgkX0+y3LxMueLFGhzaEpzy5
9LuMRglrSGpTht/zYdk8qPSU1lE1sORqUV7QC6a27Ux0mx7YC13VQDsSyVUemoMs
yVLtQboMbgUVnhbrOFba+r8EjlK6sW+BeMB6m3QWzMNkIh8ahjDTXtQVHwIDAQAB
o4ICyDCCAsQwHQYDVR0OBBYEFKEU/9hTGyOebw9z5vbeY4RRRfrNMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzZkL2NmMmQ4
My02ZjI5LTQzMmYtODJlNC0wMGQ0YzNiM2ZiZjkvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNmQvY2YyZDgz
LTZmMjktNDMyZi04MmU0LTAwZDRjM2IzZmJmOS8xL29SVF8yRk1iSTU1dkQzUG05
dDVqaEZGRi1zMC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMEcGCCsGAQUF
BwEHAQH/BDgwNjAeBAIAATAYAwQEshLAAwQAuRUEAwQBuRUGAwQAuViEMBQEAgAC
MA4DBQAqAFSgAwUDKgXJwDAaBggrBgEFBQcBCAEB/wQLMAmgBzAFAgMAxv0wDQYJ
KoZIhvcNAQELBQADggEBABvSVaXcstQ0jBelWTXO8BpQKCGp1ve6rvdBRZIIkO6C
pgZUTGvqIGqBkMH1awxfEFz6XBQzZk780TKDYHZFb91s6SoK1cu6NpOoxWJTV1+I
zedmtPcs3iNCl0A93NZAnZn89eGMvI1eNLYSN2KvJl2WV16lCBCoUwxtOAbZj4AU
3hOH2+JG0nbqUIdfzVpG6z86PgZ4BnRLFIqRrpaJPAocrim50roStmyG3QoXcw6a
u53QqC04hYQL2AoBs1i+LHeZqXolrbtrRLFWH/SgYcBqtZfO9CQpCl8/nDVAiP4v
WfvRwdyE+PJuuvRHdoagzAnqc5r5Lh1Z/i9/Df7a5iQ=
-----END CERTIFICATE-----