Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/w9fLMzxQ_yEm4m8i7LeRz2_ZXCE.cer
File:                     w9fLMzxQ_yEm4m8i7LeRz2_ZXCE.cer (raw, json)
Hash identifier:          R3pZ4PPASI45phQBmlAGNFTxC6UT654SKZ26EZ7ztEw=
Subject key identifier:   C3:D7:CB:33:3C:50:FF:21:26:E2:6F:22:EC:B7:91:CF:6F:D9:5C:21
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019427471BD396E400977DDC12929FC053AD
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/e5/77f569-6a5d-4258-8de9-1f09c8b6a08d/1/w9fLMzxQ_yEm4m8i7LeRz2_ZXCE.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/e5/77f569-6a5d-4258-8de9-1f09c8b6a08d/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 13:49:19 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 211640
                          IP: 2001:678:f3c::/48
Validation:               Failed, certificate revoked on Thu 09 Jan 2025 09:05:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:1b:d3:96:e4:00:97:7d:dc:12:92:9f:c0:53:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 13:49:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c3d7cb333c50ff2126e26f22ecb791cf6fd95c21
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:0a:ca:e1:68:3e:61:2f:d1:0a:d1:1b:f7:ef:
                    0e:a7:a0:29:fa:5d:f7:31:7a:7e:68:94:2a:df:f5:
                    11:e4:76:f6:5e:f8:a7:88:db:88:61:ad:1a:13:e5:
                    ac:d9:54:a2:f2:28:11:75:93:29:e5:dc:f4:fb:93:
                    aa:fa:e8:27:01:28:5e:72:02:6b:2f:1f:99:fc:2c:
                    64:00:08:7b:c3:ec:49:09:1c:c0:5f:c0:a3:e7:44:
                    ec:d8:97:ad:54:aa:7d:28:53:84:78:84:fe:35:f3:
                    7a:53:eb:97:7f:57:6c:54:6e:8a:ce:bb:7a:e7:f3:
                    9b:24:16:b3:7c:23:fb:ee:18:36:bd:e1:69:e7:ee:
                    99:1c:82:58:c0:48:8a:3d:5e:fc:25:d7:a6:70:99:
                    ec:82:4c:98:04:4d:fb:4e:e8:70:e9:9d:fb:18:1f:
                    f7:b2:74:59:51:bf:06:de:93:bc:3e:42:bc:99:cf:
                    50:10:93:89:a1:df:f5:a4:fc:b7:bb:bf:f6:09:3b:
                    5b:7a:2f:9f:61:3c:85:80:1d:ee:bc:45:a9:50:45:
                    cf:6a:0e:f7:86:0e:21:38:d1:a1:96:b9:3c:99:97:
                    50:b5:0f:eb:aa:db:49:06:ff:51:3f:fb:c3:cd:e7:
                    32:4d:aa:a6:50:ed:00:27:bb:85:92:dd:b5:c2:0b:
                    8c:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:D7:CB:33:3C:50:FF:21:26:E2:6F:22:EC:B7:91:CF:6F:D9:5C:21
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/77f569-6a5d-4258-8de9-1f09c8b6a08d/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/77f569-6a5d-4258-8de9-1f09c8b6a08d/1/w9fLMzxQ_yEm4m8i7LeRz2_ZXCE.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:f3c::/48

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  211640

    Signature Algorithm: sha256WithRSAEncryption
         79:10:26:e9:9b:1d:f5:bf:e7:4e:be:34:ce:72:5e:20:63:f0:
         7a:af:68:c8:dd:3d:fe:10:75:a9:57:1f:fd:07:e6:43:43:03:
         bb:60:de:fa:f0:8f:82:a8:2b:21:da:e5:04:3e:11:3f:bd:71:
         f4:50:3d:15:8b:bd:8f:c4:b4:90:6f:d7:f3:c2:e7:36:22:e9:
         cc:21:76:fd:6e:86:8e:99:66:0c:0a:5c:17:89:8f:c3:75:7b:
         ff:f2:51:2a:08:17:7a:74:c7:5e:14:79:30:1e:dc:1b:4b:57:
         a7:4d:15:63:3c:ae:5a:08:0e:c2:d2:7f:05:50:b8:a3:ba:9e:
         43:76:4d:ae:39:21:89:5e:ce:8b:c4:fb:3a:a4:30:9a:12:38:
         14:ee:24:9e:86:01:1d:8c:36:50:41:39:0e:c3:9f:0c:4a:b0:
         2d:6d:00:b5:74:a1:7e:46:77:44:d3:e8:d5:a2:3a:83:92:31:
         5d:d1:f5:56:a5:24:2b:24:f5:be:f9:d4:31:72:19:73:69:8d:
         e3:81:a0:d8:a1:4b:51:5e:8a:78:16:16:4d:d1:bf:40:bc:1c:
         95:70:2e:18:6d:40:b2:b2:59:53:bf:0c:89:87:a8:ce:32:3e:
         b5:45:48:2e:16:25:04:57:58:22:f6:b0:9c:3a:07:19:36:32:
         cc:f5:77:f3
-----BEGIN CERTIFICATE-----
MIIFlzCCBH+gAwIBAgISAZQnRxvTluQAl33cEpKfwFOtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMTM0OTE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjM2Q3Y2IzMzNjNTBmZjIxMjZlMjZmMjJlY2I3OTFjZjZmZDk1YzIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApArK4Wg+YS/RCtEb9+8Op6Ap+l33
MXp+aJQq3/UR5Hb2XviniNuIYa0aE+Ws2VSi8igRdZMp5dz0+5Oq+ugnAShecgJr
Lx+Z/CxkAAh7w+xJCRzAX8Cj50Ts2JetVKp9KFOEeIT+NfN6U+uXf1dsVG6Kzrt6
5/ObJBazfCP77hg2veFp5+6ZHIJYwEiKPV78JdemcJnsgkyYBE37Tuhw6Z37GB/3
snRZUb8G3pO8PkK8mc9QEJOJod/1pPy3u7/2CTtbei+fYTyFgB3uvEWpUEXPag73
hg4hONGhlrk8mZdQtQ/rqttJBv9RP/vDzecyTaqmUO0AJ7uFkt21wguMHQIDAQAB
o4ICozCCAp8wHQYDVR0OBBYEFMPXyzM8UP8hJuJvIuy3kc9v2VwhMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2U1Lzc3ZjU2
OS02YTVkLTQyNTgtOGRlOS0xZjA5YzhiNmEwOGQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZTUvNzdmNTY5
LTZhNWQtNDI1OC04ZGU5LTFmMDljOGI2YTA4ZC8xL3c5ZkxNenhRX3lFbTRtOGk3
TGVSejJfWlhDRS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUF
BwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeA88MBoGCCsGAQUFBwEIAQH/BAswCaAH
MAUCAwM6uDANBgkqhkiG9w0BAQsFAAOCAQEAeRAm6Zsd9b/nTr40znJeIGPweq9o
yN09/hB1qVcf/QfmQ0MDu2De+vCPgqgrIdrlBD4RP71x9FA9FYu9j8S0kG/X88Ln
NiLpzCF2/W6GjplmDApcF4mPw3V7//JRKggXenTHXhR5MB7cG0tXp00VYzyuWggO
wtJ/BVC4o7qeQ3ZNrjkhiV7Oi8T7OqQwmhI4FO4knoYBHYw2UEE5DsOfDEqwLW0A
tXShfkZ3RNPo1aI6g5IxXdH1VqUkKyT1vvnUMXIZc2mN44Gg2KFLUV6KeBYWTdG/
QLwclXAuGG1AsrJZU78MiYeozjI+tUVILhYlBFdYIvawnDoHGTYyzPV38w==
-----END CERTIFICATE-----