Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/xK2FnKavXl_ey-QIjWFh9wTzgoI.cer
File:                     xK2FnKavXl_ey-QIjWFh9wTzgoI.cer (raw, json)
Hash identifier:          wsL5x0M7z4PPyg6rPCdJRW26/HjsTVY2wrTom+5iuGk=
Subject key identifier:   C4:AD:85:9C:A6:AF:5E:5F:DE:CB:E4:08:8D:61:61:F7:04:F3:82:82
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018B14A46240BD389091EA3D8C02E9D04B49
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rsync.paas.rpki.ripe.net/repository/28eea536-873f-43f8-b1ef-0fb4fa2be39e/0/C4AD859CA6AF5E5FDECBE4088D6161F704F38282.mft
caRepository:             rsync://rsync.paas.rpki.ripe.net/repository/28eea536-873f-43f8-b1ef-0fb4fa2be39e/0/
Notify URL:               https://rrdp.paas.rpki.ripe.net/notification.xml
Certificate not before:   Mon 09 Oct 2023 13:33:19 +0000
Certificate not after:    Mon 01 Jul 2024 00:00:00 +0000
Subordinate resources:    AS: 50530
                          IP: 109.110.160.0/19
                          IP: 185.4.220.0/22
                          IP: 185.205.220.0/22
                          IP: 185.222.184.0/22
                          IP: 193.246.160.0/23
                          IP: 2a00:1ce0::/32
                          IP: 2a0b:ac0::/29

Validation:               Failed, certificate revoked on Mon 13 Nov 2023 11:20:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:14:a4:62:40:bd:38:90:91:ea:3d:8c:02:e9:d0:4b:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Oct  9 13:33:19 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=c4ad859ca6af5e5fdecbe4088d6161f704f38282
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:0f:39:a5:ca:43:fc:08:e5:f2:8d:6f:04:b1:
                    ee:47:c4:6a:d0:25:e5:1e:b4:bd:62:b3:ba:71:d9:
                    03:1a:9e:7b:b4:a8:fb:1c:e9:f4:96:42:81:ec:c5:
                    ab:b4:d5:b4:d6:e3:ef:96:f3:93:18:80:63:eb:15:
                    fa:fc:ee:69:1b:7d:05:a4:fc:8b:37:38:4e:1d:08:
                    2c:e6:3c:40:bd:1a:e2:01:8b:21:d0:73:7a:21:c2:
                    bc:f6:12:7f:ae:26:d7:2b:f0:96:5d:ec:11:c1:43:
                    12:b2:d8:d1:08:32:ac:4e:9b:97:a8:38:07:68:02:
                    17:5c:91:9c:a9:c0:02:68:bb:ab:dc:c1:9e:27:5e:
                    26:98:38:2e:e8:ae:ba:72:79:a3:ae:61:fd:6f:b1:
                    35:83:39:c7:91:19:4b:13:69:1c:7b:70:8a:17:74:
                    26:f7:fd:fc:e3:83:85:f4:e4:25:b8:dc:3a:78:59:
                    d7:ad:cb:91:5b:f2:55:30:f5:50:09:5b:b4:59:4d:
                    15:49:e7:60:c0:ed:9c:8b:35:77:50:25:55:84:d0:
                    3c:26:c8:62:cd:ce:3b:5c:84:17:a6:e2:27:c2:8a:
                    70:d1:de:dd:c2:91:7a:1f:ac:4b:92:0b:88:45:25:
                    11:19:1a:86:18:11:8e:f4:4c:94:df:7d:2a:58:94:
                    6c:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:AD:85:9C:A6:AF:5E:5F:DE:CB:E4:08:8D:61:61:F7:04:F3:82:82
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rsync.paas.rpki.ripe.net/repository/28eea536-873f-43f8-b1ef-0fb4fa2be39e/0/
                RPKI Manifest - URI:rsync://rsync.paas.rpki.ripe.net/repository/28eea536-873f-43f8-b1ef-0fb4fa2be39e/0/C4AD859CA6AF5E5FDECBE4088D6161F704F38282.mft
                RPKI Notify - URI:https://rrdp.paas.rpki.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.110.160.0/19
                  185.4.220.0/22
                  185.205.220.0/22
                  185.222.184.0/22
                  193.246.160.0/23
                IPv6:
                  2a00:1ce0::/32
                  2a0b:ac0::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  50530

    Signature Algorithm: sha256WithRSAEncryption
         b1:3d:0d:8b:18:ff:3d:fa:cf:bf:2b:4e:89:dc:79:73:e7:6b:
         4f:e7:d9:c6:26:06:80:d2:c3:45:6f:4b:fb:57:7b:3d:ab:4d:
         0b:c8:10:46:d1:cb:ed:ca:79:36:f0:12:6f:cc:a6:90:0b:02:
         99:8d:ac:5d:4e:70:5f:a9:fa:28:74:01:28:eb:01:13:11:0b:
         1b:cc:4d:0c:0a:4d:2e:fe:82:1d:1c:29:10:ad:4e:f6:6f:ba:
         88:02:80:8e:ed:fa:1f:77:e1:96:37:59:b7:53:74:07:c0:06:
         e0:f3:02:2e:ee:5a:96:88:c5:a8:9b:5f:7a:71:ec:a9:3a:90:
         1b:45:96:b5:51:12:64:14:54:dc:90:b0:4a:9a:19:f5:e4:9f:
         b8:e9:84:ad:24:ac:7d:7f:c6:ee:f8:c5:e1:d9:2c:e4:72:31:
         28:44:7a:41:24:5a:b4:ed:c7:89:5b:60:65:e9:d9:34:f3:42:
         9a:97:cf:b5:a0:c0:29:e6:b3:3a:cb:f2:eb:8d:c4:b7:a5:00:
         85:85:a1:35:03:5e:64:24:50:28:e9:33:7f:88:08:e0:2f:35:
         e2:fd:24:20:e1:af:15:31:da:2d:70:53:10:0d:28:ec:8a:27:
         b4:e1:41:5f:bf:80:3e:34:89:1f:fa:da:38:53:31:36:a9:f1:
         4a:d8:4d:dd
-----BEGIN CERTIFICATE-----
MIIF3jCCBMagAwIBAgISAYsUpGJAvTiQkeo9jALp0EtJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjMxMDA5MTMzMzE5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNGFkODU5Y2E2YWY1ZTVmZGVjYmU0MDg4ZDYxNjFmNzA0ZjM4MjgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwg85pcpD/Ajl8o1vBLHuR8Rq0CXl
HrS9YrO6cdkDGp57tKj7HOn0lkKB7MWrtNW01uPvlvOTGIBj6xX6/O5pG30FpPyL
NzhOHQgs5jxAvRriAYsh0HN6IcK89hJ/ribXK/CWXewRwUMSstjRCDKsTpuXqDgH
aAIXXJGcqcACaLur3MGeJ14mmDgu6K66cnmjrmH9b7E1gznHkRlLE2kce3CKF3Qm
9/3844OF9OQluNw6eFnXrcuRW/JVMPVQCVu0WU0VSedgwO2cizV3UCVVhNA8Jshi
zc47XIQXpuInwopw0d7dwpF6H6xLkguIRSURGRqGGBGO9EyU330qWJRswQIDAQAB
o4IC6jCCAuYwHQYDVR0OBBYEFMSthZymr15f3svkCI1hYfcE84KCMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggE/BggrBgEFBQcBCwSCATEwggEtMF8GCCsGAQUFBzAFhlNy
c3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzI4ZWVh
NTM2LTg3M2YtNDNmOC1iMWVmLTBmYjRmYTJiZTM5ZS8wLzCBiwYIKwYBBQUHMAqG
f3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMjhl
ZWE1MzYtODczZi00M2Y4LWIxZWYtMGZiNGZhMmJlMzllLzAvQzRBRDg1OUNBNkFG
NUU1RkRFQ0JFNDA4OEQ2MTYxRjcwNEYzODI4Mi5tZnQwPAYIKwYBBQUHMA2GMGh0
dHBzOi8vcnJkcC5wYWFzLnJwa2kucmlwZS5uZXQvbm90aWZpY2F0aW9uLnhtbDBZ
BgNVHR8EUjBQME6gTKBKhkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS9ERUZBVUxUL0twU28zVlZLNXdFSElKbkhDMlFIVlYzZDVtay5jcmwwGAYDVR0g
AQH/BA4wDDAKBggrBgEFBQcOAjBNBggrBgEFBQcBBwEB/wQ+MDwwJAQCAAEwHgME
BW1uoAMEArkE3AMEArnN3AMEArneuAMEAcH2oDAUBAIAAjAOAwUAKgAc4AMFAyoL
CsAwGgYIKwYBBQUHAQgBAf8ECzAJoAcwBQIDAMViMA0GCSqGSIb3DQEBCwUAA4IB
AQCxPQ2LGP89+s+/K06J3Hlz52tP59nGJgaA0sNFb0v7V3s9q00LyBBG0cvtynk2
8BJvzKaQCwKZjaxdTnBfqfoodAEo6wETEQsbzE0MCk0u/oIdHCkQrU72b7qIAoCO
7fofd+GWN1m3U3QHwAbg8wIu7lqWiMWom196ceypOpAbRZa1URJkFFTckLBKmhn1
5J+46YStJKx9f8bu+MXh2SzkcjEoRHpBJFq07ceJW2Bl6dk080Kal8+1oMAp5rM6
y/LrjcS3pQCFhaE1A15kJFAo6TN/iAjgLzXi/SQg4a8VMdotcFMQDSjsiie04UFf
v4A+NIkf+to4UzE2qfFK2E3d
-----END CERTIFICATE-----