Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/rYKytC7WPltQOzzDPiTCH0R_HXQ.cer
File:                     rYKytC7WPltQOzzDPiTCH0R_HXQ.cer (raw, json)
Hash identifier:          CjKBBFwOpf4SVTyBSARS5ohztpeyjUSMlD7b8iksSvs=
Subject key identifier:   AD:82:B2:B4:2E:D6:3E:5B:50:3B:3C:C3:3E:24:C2:1F:44:7F:1D:74
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01857089FFA1A08B1FCECCE489658837B4C5
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/7f/e88347-5ea9-4669-8386-91244c543caa/1/rYKytC7WPltQOzzDPiTCH0R_HXQ.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/7f/e88347-5ea9-4669-8386-91244c543caa/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 02 Jan 2023 03:32:50 +0000
Certificate not after:    Mon 01 Jul 2024 00:00:00 +0000
Subordinate resources:    AS: 201401
                          IP: 31.14.11.0/24
                          IP: 31.14.32.0/24
                          IP: 31.14.44.0/24
                          IP: 31.14.48.0/24
                          IP: 89.31.56.0/21
                          IP: 185.76.88.0/22
                          IP: 185.76.168.0/22
                          IP: 2a05:52a0::/30

Validation:               Failed, certificate revoked on Wed 01 Nov 2023 12:52:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:89:ff:a1:a0:8b:1f:ce:cc:e4:89:65:88:37:b4:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 03:32:50 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ad82b2b42ed63e5b503b3cc33e24c21f447f1d74
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:86:b4:e7:5b:32:6e:a0:c8:c4:86:78:03:fc:
                    06:19:20:ec:dd:15:5d:71:27:05:43:3f:62:4c:bc:
                    0f:d4:dd:28:16:74:95:74:11:73:e0:8b:1a:69:b7:
                    28:f2:29:65:9b:7c:c4:35:0e:e6:fa:60:0b:bb:df:
                    c9:df:8e:37:2e:e8:c3:69:a2:7c:86:18:eb:b5:b9:
                    67:15:3f:3d:b7:a9:b0:4e:25:3b:8f:4e:38:f9:8f:
                    d4:6d:d9:f6:44:00:50:04:76:f3:96:2c:eb:b5:4a:
                    a0:1a:a9:86:a3:66:cd:0d:6b:b2:1e:41:32:54:22:
                    44:b9:fd:8e:52:cb:8f:92:9a:76:de:59:36:1f:34:
                    6c:8f:c9:86:26:0a:69:87:97:13:44:e7:ec:91:c9:
                    8a:bb:94:f7:b1:11:a7:09:3a:10:aa:0f:5a:34:46:
                    33:c4:ac:3f:9f:f0:8e:d4:d5:6c:15:15:1b:f9:d7:
                    09:c1:82:d3:37:b9:71:e6:cc:c7:3c:1e:db:5c:56:
                    e8:f1:87:9c:03:ed:de:e5:27:ad:65:ea:e6:9e:49:
                    9c:ac:3f:45:d5:74:e3:d8:a1:be:5d:75:7f:af:d5:
                    4b:f2:73:28:41:d2:1d:4b:cb:8a:7d:27:b2:58:bb:
                    03:92:bd:e7:a9:0a:a6:a6:dd:19:49:2b:5e:37:79:
                    a9:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:82:B2:B4:2E:D6:3E:5B:50:3B:3C:C3:3E:24:C2:1F:44:7F:1D:74
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/e88347-5ea9-4669-8386-91244c543caa/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/e88347-5ea9-4669-8386-91244c543caa/1/rYKytC7WPltQOzzDPiTCH0R_HXQ.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.14.11.0/24
                  31.14.32.0/24
                  31.14.44.0/24
                  31.14.48.0/24
                  89.31.56.0/21
                  185.76.88.0/22
                  185.76.168.0/22
                IPv6:
                  2a05:52a0::/30

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  201401

    Signature Algorithm: sha256WithRSAEncryption
         52:9f:0d:9c:a3:34:eb:24:ca:f4:d9:0c:04:55:c8:a3:55:a1:
         30:97:60:8f:a1:c0:b4:84:50:b0:b6:8d:bc:e6:90:d8:80:03:
         7a:c5:96:73:4a:13:2e:a8:26:d2:16:ef:44:e5:9b:d2:1b:b6:
         c6:a4:02:76:74:fa:be:50:eb:b3:7d:3d:3c:01:11:5f:80:bb:
         2c:4a:10:95:dc:f5:3c:21:0a:8c:bc:e7:ea:0b:c3:c5:c2:6b:
         9b:2b:1b:9d:b1:bd:72:d2:f5:0d:b0:2b:3b:c0:84:56:28:ed:
         b2:9b:ba:97:d2:a3:e9:e6:e7:5b:65:8f:3c:fe:36:1d:aa:c9:
         0b:cc:9c:68:1b:40:c6:3e:d4:42:a0:a4:1f:16:84:90:0c:21:
         4b:62:28:d3:24:0f:2b:0a:1e:b4:70:24:c6:36:3a:04:46:4c:
         86:2d:a9:54:9a:c1:88:78:db:ee:a2:ea:f1:06:e2:e9:9b:b5:
         0e:dc:29:3f:79:b5:ea:50:7d:cc:bd:d0:df:22:3b:e2:2e:49:
         e3:38:66:bb:2c:8b:c7:f5:84:fc:09:43:5d:e8:6f:ea:f5:42:
         06:ec:66:64:a5:fd:77:b1:65:3f:39:af:e9:83:cf:f4:48:b2:
         63:58:ff:ac:ac:ce:e9:ac:e1:74:b9:ec:a0:b7:ab:30:ab:99:
         4b:12:7c:21
-----BEGIN CERTIFICATE-----
MIIFxzCCBK+gAwIBAgISAYVwif+hoIsfzszkiWWIN7TFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjMwMTAyMDMzMjUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDgyYjJiNDJlZDYzZTViNTAzYjNjYzMzZTI0YzIxZjQ0N2YxZDc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkIa051sybqDIxIZ4A/wGGSDs3RVd
cScFQz9iTLwP1N0oFnSVdBFz4Isaabco8illm3zENQ7m+mALu9/J3443LujDaaJ8
hhjrtblnFT89t6mwTiU7j044+Y/Ubdn2RABQBHbzlizrtUqgGqmGo2bNDWuyHkEy
VCJEuf2OUsuPkpp23lk2HzRsj8mGJgpph5cTROfskcmKu5T3sRGnCToQqg9aNEYz
xKw/n/CO1NVsFRUb+dcJwYLTN7lx5szHPB7bXFbo8YecA+3e5SetZermnkmcrD9F
1XTj2KG+XXV/r9VL8nMoQdIdS8uKfSeyWLsDkr3nqQqmpt0ZSSteN3mplQIDAQAB
o4IC0zCCAs8wHQYDVR0OBBYEFK2CsrQu1j5bUDs8wz4kwh9Efx10MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzdmL2U4ODM0
Ny01ZWE5LTQ2NjktODM4Ni05MTI0NGM1NDNjYWEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvN2YvZTg4MzQ3
LTVlYTktNDY2OS04Mzg2LTkxMjQ0YzU0M2NhYS8xL3JZS3l0QzdXUGx0UU96ekRQ
aVRDSDBSX0hYUS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMFIGCCsGAQUF
BwEHAQH/BEMwQTAwBAIAATAqAwQAHw4LAwQAHw4gAwQAHw4sAwQAHw4wAwQDWR84
AwQCuUxYAwQCuUyoMA0EAgACMAcDBQIqBVKgMBoGCCsGAQUFBwEIAQH/BAswCaAH
MAUCAwMSuTANBgkqhkiG9w0BAQsFAAOCAQEAUp8NnKM06yTK9NkMBFXIo1WhMJdg
j6HAtIRQsLaNvOaQ2IADesWWc0oTLqgm0hbvROWb0hu2xqQCdnT6vlDrs309PAER
X4C7LEoQldz1PCEKjLzn6gvDxcJrmysbnbG9ctL1DbArO8CEVijtspu6l9Kj6ebn
W2WPPP42HarJC8ycaBtAxj7UQqCkHxaEkAwhS2Io0yQPKwoetHAkxjY6BEZMhi2p
VJrBiHjb7qLq8Qbi6Zu1DtwpP3m16lB9zL3Q3yI74i5J4zhmuyyLx/WE/AlDXehv
6vVCBuxmZKX9d7FlPzmv6YPP9EiyY1j/rKzO6azhdLnsoLerMKuZSxJ8IQ==
-----END CERTIFICATE-----