Certificate

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/3253d973-d5bf-4541-bcc1-276543a25c7d/2/32398A1406A1C1D323CA63CB320FFD1EB4D1B0C4.cer
File:                     32398A1406A1C1D323CA63CB320FFD1EB4D1B0C4.cer (raw, json)
Hash identifier:          wek+983bGhL1rzAGEQfUwkdPjxaB107zXZnMxNclcBQ=
Subject key identifier:   32:39:8A:14:06:A1:C1:D3:23:CA:63:CB:32:0F:FD:1E:B4:D1:B0:C4
Authority key identifier: CD:C0:14:66:9D:38:11:52:AF:B9:4B:76:93:62:68:BF:F7:3E:7D:50
Certificate issuer:       /CN=CDC014669D381152AFB94B76936268BFF73E7D50
Certificate serial:       414FC5178E0FEC82BC7965DB5A3F141CA8E25FB6
Authority info access:    rsync://rsync.paas.rpki.ripe.net/repository/81115bc6-10f6-4af3-ba09-8b687a56fbf5/0/CDC014669D381152AFB94B76936268BFF73E7D50.cer
Manifest:                 rsync://rsync.paas.rpki.ripe.net/repository/1bf8e977-7278-46cf-abd1-99cd1fd2be4e/8/32398A1406A1C1D323CA63CB320FFD1EB4D1B0C4.mft
caRepository:             rsync://rsync.paas.rpki.ripe.net/repository/1bf8e977-7278-46cf-abd1-99cd1fd2be4e/8/
Notify URL:               https://rrdp.paas.rpki.ripe.net/notification.xml
Certificate not before:   Tue 30 Jan 2024 06:28:17 +0000
Certificate not after:    Tue 28 Jan 2025 06:33:17 +0000
Subordinate resources:    IP: 2a11:29c0:9eb0::/44

Validation:               Failed, certificate revoked on Mon 01 Jul 2024 20:10:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:4f:c5:17:8e:0f:ec:82:bc:79:65:db:5a:3f:14:1c:a8:e2:5f:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=CDC014669D381152AFB94B76936268BFF73E7D50
        Validity
            Not Before: Jan 30 06:28:17 2024 GMT
            Not After : Jan 28 06:33:17 2025 GMT
        Subject: CN=32398A1406A1C1D323CA63CB320FFD1EB4D1B0C4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:e9:4b:30:66:12:c0:23:59:3a:27:84:ed:86:
                    bd:71:5f:91:9f:2c:11:51:a3:97:54:de:51:02:19:
                    71:22:f2:5e:0d:4f:4e:9d:82:db:3d:96:3f:b5:37:
                    23:6e:4c:c6:fb:ea:f0:af:d9:5d:1e:7f:7e:86:34:
                    93:56:d5:cb:8a:d9:7a:aa:56:ef:8a:79:6e:30:17:
                    86:b5:af:50:2b:1a:d8:44:ff:1b:6f:82:ee:23:e8:
                    fe:4f:b2:ed:d0:40:90:f8:1c:da:2e:fb:ad:2e:37:
                    1f:00:a1:83:98:be:60:f3:51:5c:c2:1d:6c:67:06:
                    bd:26:aa:f3:4d:86:c6:93:9b:4f:f7:48:4d:03:c3:
                    3a:be:3f:f0:c3:fa:27:2b:6a:cf:5b:6c:b6:ce:8d:
                    a3:b1:38:52:c3:97:fe:6d:02:1c:04:18:5c:b7:ad:
                    d2:dd:e4:a2:d1:24:35:0c:15:ca:dd:01:7d:90:2e:
                    dc:32:2a:29:8c:0a:b6:87:c4:a4:5e:f8:9c:85:6d:
                    13:c8:5b:84:bb:65:2d:10:62:74:f2:ff:0b:c7:1d:
                    7a:5e:65:d0:0d:cf:05:46:ce:ef:cc:4e:c5:c9:ed:
                    f1:95:e6:8a:da:8b:7f:89:7a:61:d8:56:da:40:de:
                    a0:79:91:9c:b3:7b:5f:a4:9d:dd:4f:63:4f:a6:79:
                    96:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Subject Key Identifier:
                32:39:8A:14:06:A1:C1:D3:23:CA:63:CB:32:0F:FD:1E:B4:D1:B0:C4
            X509v3 Authority Key Identifier:
                keyid:CD:C0:14:66:9D:38:11:52:AF:B9:4B:76:93:62:68:BF:F7:3E:7D:50

            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/3253d973-d5bf-4541-bcc1-276543a25c7d/2/CDC014669D381152AFB94B76936268BFF73E7D50.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rsync.paas.rpki.ripe.net/repository/81115bc6-10f6-4af3-ba09-8b687a56fbf5/0/CDC014669D381152AFB94B76936268BFF73E7D50.cer

            Subject Information Access:
                CA Repository - URI:rsync://rsync.paas.rpki.ripe.net/repository/1bf8e977-7278-46cf-abd1-99cd1fd2be4e/8/
                RPKI Manifest - URI:rsync://rsync.paas.rpki.ripe.net/repository/1bf8e977-7278-46cf-abd1-99cd1fd2be4e/8/32398A1406A1C1D323CA63CB320FFD1EB4D1B0C4.mft
                RPKI Notify - URI:https://rrdp.paas.rpki.ripe.net/notification.xml

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:29c0:9eb0::/44

    Signature Algorithm: sha256WithRSAEncryption
         49:b0:ca:7a:66:96:98:a8:88:b7:61:40:39:70:07:cc:45:2d:
         f9:65:d4:7b:34:91:38:7a:ad:5b:be:d9:b9:f6:27:ee:6b:5c:
         69:77:fa:3b:08:02:23:be:45:66:cb:64:4f:7c:95:d4:c7:f9:
         96:68:d9:96:93:e0:b6:82:56:d9:62:81:96:da:a8:56:dc:c7:
         43:13:57:85:06:de:0a:e5:4a:c7:a9:90:64:d7:00:ae:1c:68:
         09:4d:e0:8a:2a:09:64:99:e3:ae:58:15:b1:77:dd:27:b5:27:
         59:d5:68:36:02:eb:24:70:95:65:58:75:f0:e6:08:ba:b1:ae:
         b4:39:b2:72:c3:17:58:a5:50:73:4d:4d:0c:8f:23:c7:5e:e4:
         39:34:3c:13:a9:72:b5:4b:9e:5d:65:61:da:42:a6:b6:18:4b:
         cb:b8:94:09:27:38:a5:46:a3:6d:df:a9:37:a0:bc:73:b4:04:
         60:59:c1:8b:dd:2f:cc:d2:1c:88:02:96:c6:5b:80:6b:cb:8d:
         fc:22:8f:74:a3:44:ab:53:cb:a9:97:34:54:a3:5c:7d:3e:3a:
         a3:df:8a:d6:96:81:8c:b2:d4:63:12:b4:dd:55:fa:9e:54:4d:
         d3:5d:43:09:eb:78:99:05:47:07:dd:07:ef:e3:f9:ec:42:49:
         1f:48:36:dd
-----BEGIN CERTIFICATE-----
MIIGFTCCBP2gAwIBAgIUQU/FF44P7IK8eWXbWj8UHKjiX7YwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQ0RDMDE0NjY5RDM4MTE1MkFGQjk0Qjc2OTM2MjY4QkZG
NzNFN0Q1MDAeFw0yNDAxMzAwNjI4MTdaFw0yNTAxMjgwNjMzMTdaMDMxMTAvBgNV
BAMTKDMyMzk4QTE0MDZBMUMxRDMyM0NBNjNDQjMyMEZGRDFFQjREMUIwQzQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/6UswZhLAI1k6J4Tthr1xX5Gf
LBFRo5dU3lECGXEi8l4NT06dgts9lj+1NyNuTMb76vCv2V0ef36GNJNW1cuK2Xqq
Vu+KeW4wF4a1r1ArGthE/xtvgu4j6P5Psu3QQJD4HNou+60uNx8AoYOYvmDzUVzC
HWxnBr0mqvNNhsaTm0/3SE0Dwzq+P/DD+icras9bbLbOjaOxOFLDl/5tAhwEGFy3
rdLd5KLRJDUMFcrdAX2QLtwyKimMCraHxKRe+JyFbRPIW4S7ZS0QYnTy/wvHHXpe
ZdANzwVGzu/MTsXJ7fGV5orai3+JemHYVtpA3qB5kZyze1+knd1PY0+meZZnAgMB
AAGjggMfMIIDGzAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQyOYoUBqHB0yPK
Y8syD/0etNGwxDAfBgNVHSMEGDAWgBTNwBRmnTgRUq+5S3aTYmi/9z59UDAOBgNV
HQ8BAf8EBAMCAQYwgZUGA1UdHwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9yc3lu
Yy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS8zMjUzZDk3My1kNWJmLTQ1
NDEtYmNjMS0yNzY1NDNhMjVjN2QvMi9DREMwMTQ2NjlEMzgxMTUyQUZCOTRCNzY5
MzYyNjhCRkY3M0U3RDUwLmNybDCBngYIKwYBBQUHAQEEgZEwgY4wgYsGCCsGAQUF
BzAChn9yc3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
LzgxMTE1YmM2LTEwZjYtNGFmMy1iYTA5LThiNjg3YTU2ZmJmNS8wL0NEQzAxNDY2
OUQzODExNTJBRkI5NEI3NjkzNjI2OEJGRjczRTdENTAuY2VyMIIBPwYIKwYBBQUH
AQsEggExMIIBLTBfBggrBgEFBQcwBYZTcnN5bmM6Ly9yc3luYy5wYWFzLnJwa2ku
cmlwZS5uZXQvcmVwb3NpdG9yeS8xYmY4ZTk3Ny03Mjc4LTQ2Y2YtYWJkMS05OWNk
MWZkMmJlNGUvOC8wgYsGCCsGAQUFBzAKhn9yc3luYzovL3JzeW5jLnBhYXMucnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5LzFiZjhlOTc3LTcyNzgtNDZjZi1hYmQxLTk5
Y2QxZmQyYmU0ZS84LzMyMzk4QTE0MDZBMUMxRDMyM0NBNjNDQjMyMEZGRDFFQjRE
MUIwQzQubWZ0MDwGCCsGAQUFBzANhjBodHRwczovL3JyZHAucGFhcy5ycGtpLnJp
cGUubmV0L25vdGlmaWNhdGlvbi54bWwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcO
AjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHBCoRKcCesDANBgkqhkiG9w0B
AQsFAAOCAQEASbDKemaWmKiIt2FAOXAHzEUt+WXUezSROHqtW77ZufYn7mtcaXf6
OwgCI75FZstkT3yV1Mf5lmjZlpPgtoJW2WKBltqoVtzHQxNXhQbeCuVKx6mQZNcA
rhxoCU3giioJZJnjrlgVsXfdJ7UnWdVoNgLrJHCVZVh18OYIurGutDmycsMXWKVQ
c01NDI8jx17kOTQ8E6lytUueXWVh2kKmthhLy7iUCSc4pUajbd+pN6C8c7QEYFnB
i90vzNIciAKWxluAa8uN/CKPdKNEq1PLqZc0VKNcfT46o9+K1paBjLLUYxK03VX6
nlRN011DCet4mQVHB90H7+P57EJJH0g23Q==