Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/xT_rKsYPoxP5pzAOTF7jO0Oog0E.cer
File:                     xT_rKsYPoxP5pzAOTF7jO0Oog0E.cer (raw, json)
Hash identifier:          q5MtEoXSVlybzyMZaz63q7Mez29zvtBY4YfU+ChMWsI=
Subject key identifier:   C5:3F:EB:2A:C6:0F:A3:13:F9:A7:30:0E:4C:5E:E3:3B:43:A8:83:41
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC3494FAE8D091CD08F2CCAAC74A18D4B
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/6b/37efd5-4266-4146-8e21-67fd717c6ca7/1/xT_rKsYPoxP5pzAOTF7jO0Oog0E.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/6b/37efd5-4266-4146-8e21-67fd717c6ca7/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 04:30:10 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 95.181.220.0/22
                          IP: 185.39.216.0/22
                          IP: 2a04:800::/29

Validation:               Failed, certificate revoked on Thu 28 Mar 2024 06:54:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:4f:ae:8d:09:1c:d0:8f:2c:ca:ac:74:a1:8d:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 04:30:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c53feb2ac60fa313f9a7300e4c5ee33b43a88341
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:32:8f:b5:24:ad:11:7a:2a:b5:ec:99:43:c9:
                    36:57:38:bf:ba:34:ec:d3:5a:cf:1e:e1:de:22:3c:
                    23:64:62:05:ea:5f:70:9b:0c:3a:d6:3a:aa:d4:f5:
                    9e:34:9c:4e:d9:d3:15:8c:fa:55:97:ff:09:50:ca:
                    5f:41:06:11:c7:d0:b3:44:47:cd:59:89:f1:64:4c:
                    4f:7d:71:de:dc:e4:ec:06:aa:6b:17:cf:09:8f:07:
                    47:2e:f5:8c:39:f0:94:c5:29:f2:08:31:06:7c:8c:
                    46:d3:a5:70:ca:7d:6b:91:b1:4c:88:c7:84:36:75:
                    c6:d3:44:9e:b0:20:c6:59:a5:e6:f4:4b:e1:36:30:
                    95:d2:93:2d:28:68:06:8b:b4:5c:e9:0e:1d:86:ad:
                    d4:5a:06:42:28:e4:13:c6:a9:ac:c3:e8:fd:db:52:
                    d3:c0:c2:a5:55:e8:fc:90:b0:59:38:f7:a3:fe:54:
                    32:af:ea:cb:9c:cd:dd:67:2a:d8:3b:86:3a:df:33:
                    22:cc:e0:7e:da:c7:b1:cf:8e:42:05:72:82:2c:a4:
                    b3:fa:fa:10:39:49:a2:60:fd:46:41:73:a7:b8:8a:
                    37:52:fb:cc:0b:b6:23:c3:a3:7d:e8:dd:43:66:de:
                    fc:e9:18:0e:f4:8a:1d:f4:6f:5e:11:6e:46:14:cd:
                    cc:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:3F:EB:2A:C6:0F:A3:13:F9:A7:30:0E:4C:5E:E3:3B:43:A8:83:41
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/37efd5-4266-4146-8e21-67fd717c6ca7/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/37efd5-4266-4146-8e21-67fd717c6ca7/1/xT_rKsYPoxP5pzAOTF7jO0Oog0E.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.181.220.0/22
                  185.39.216.0/22
                IPv6:
                  2a04:800::/29

    Signature Algorithm: sha256WithRSAEncryption
         68:eb:0a:8e:d3:cf:72:70:20:e4:39:8b:52:dd:9a:1b:d9:ee:
         48:a6:b4:7a:bf:f4:3a:c6:9c:2d:9e:6c:50:74:1e:ed:bb:90:
         ea:2d:8c:78:a3:b6:a7:b4:44:97:ec:2e:77:1b:11:d9:78:5c:
         c4:a1:e8:ed:99:81:83:81:8d:94:cd:e3:42:4a:bb:f4:55:41:
         7e:34:a3:f7:17:22:dd:33:20:b4:a2:cf:74:8b:77:00:fc:dd:
         bf:ae:02:fa:6d:95:f4:17:7e:7d:93:1d:81:b5:1b:5d:ac:fd:
         98:c1:86:5c:41:bf:a8:87:d1:e8:8d:82:e3:52:44:5c:4d:07:
         54:94:0a:35:83:22:fb:a6:ce:86:b7:71:bd:76:35:5d:e4:86:
         51:85:d7:70:b8:b5:2a:a1:f2:56:e0:07:61:d8:46:95:23:2b:
         5e:52:76:fc:ed:73:67:05:95:d9:fa:46:07:7b:a5:34:99:81:
         78:c3:0e:85:79:36:fa:70:00:57:6f:72:7b:03:56:e8:a5:fb:
         ae:70:a8:4e:04:30:f8:48:be:d6:60:dd:9d:30:dc:3f:39:e8:
         6f:4a:d1:46:bd:ca:b8:23:53:94:90:3b:74:88:71:fd:6c:12:
         81:bf:05:b7:48:49:2a:c2:9d:4e:fb:cf:bf:c7:af:5c:e4:d9:
         09:f9:08:aa
-----BEGIN CERTIFICATE-----
MIIFjTCCBHWgAwIBAgISAYzDSU+ujQkc0I8syqx0oY1LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDQzMDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTNmZWIyYWM2MGZhMzEzZjlhNzMwMGU0YzVlZTMzYjQzYTg4MzQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsDKPtSStEXoqteyZQ8k2Vzi/ujTs
01rPHuHeIjwjZGIF6l9wmww61jqq1PWeNJxO2dMVjPpVl/8JUMpfQQYRx9CzREfN
WYnxZExPfXHe3OTsBqprF88JjwdHLvWMOfCUxSnyCDEGfIxG06Vwyn1rkbFMiMeE
NnXG00SesCDGWaXm9EvhNjCV0pMtKGgGi7Rc6Q4dhq3UWgZCKOQTxqmsw+j921LT
wMKlVej8kLBZOPej/lQyr+rLnM3dZyrYO4Y63zMizOB+2sexz45CBXKCLKSz+voQ
OUmiYP1GQXOnuIo3UvvMC7Yjw6N96N1DZt786RgO9Iod9G9eEW5GFM3MXwIDAQAB
o4ICmTCCApUwHQYDVR0OBBYEFMU/6yrGD6MT+acwDkxe4ztDqINBMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzZiLzM3ZWZk
NS00MjY2LTQxNDYtOGUyMS02N2ZkNzE3YzZjYTcvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNmIvMzdlZmQ1
LTQyNjYtNDE0Ni04ZTIxLTY3ZmQ3MTdjNmNhNy8xL3hUX3JLc1lQb3hQNXB6QU9U
RjdqTzBPb2cwRS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDQGCCsGAQUF
BwEHAQH/BCUwIzASBAIAATAMAwQCX7XcAwQCuSfYMA0EAgACMAcDBQMqBAgAMA0G
CSqGSIb3DQEBCwUAA4IBAQBo6wqO089ycCDkOYtS3Zob2e5IprR6v/Q6xpwtnmxQ
dB7tu5DqLYx4o7antESX7C53GxHZeFzEoejtmYGDgY2UzeNCSrv0VUF+NKP3FyLd
MyC0os90i3cA/N2/rgL6bZX0F359kx2BtRtdrP2YwYZcQb+oh9HojYLjUkRcTQdU
lAo1gyL7ps6Gt3G9djVd5IZRhddwuLUqofJW4Adh2EaVIyteUnb87XNnBZXZ+kYH
e6U0mYF4ww6FeTb6cABXb3J7A1bopfuucKhOBDD4SL7WYN2dMNw/OehvStFGvcq4
I1OUkDt0iHH9bBKBvwW3SEkqwp1O+8+/x69c5NkJ+Qiq
-----END CERTIFICATE-----