Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/avKvL-Kj7-VKFPoJJiAwrNBxHXg.cer
File:                     avKvL-Kj7-VKFPoJJiAwrNBxHXg.cer (raw, json)
Hash identifier:          in5xE9FjSMLO95et2sHYOx1fifKdy6UdYNhK5Lb/WWc=
Subject key identifier:   6A:F2:AF:2F:E2:A3:EF:E5:4A:14:FA:09:26:20:30:AC:D0:71:1D:78
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01856FB03E51A312ED0DE41044636BA454C2
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/00/a1c55b-ac96-4963-89ad-7ca11b7a0a6e/1/avKvL-Kj7-VKFPoJJiAwrNBxHXg.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/00/a1c55b-ac96-4963-89ad-7ca11b7a0a6e/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Sun 01 Jan 2023 23:34:59 +0000
Certificate not after:    Mon 01 Jul 2024 00:00:00 +0000
Subordinate resources:    IP: 77.83.48.0/22
                          IP: 80.243.228.0/22
                          IP: 86.62.52.0/22
                          IP: 95.214.244.0/22
                          IP: 213.109.188.0/22
                          IP: 2a09:200::/29
                          IP: 2a09:7a80::/29
                          IP: 2a09:8500::/29
                          IP: 2a09:ef80::/29
                          IP: 2a0d:21c0::/29

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:b0:3e:51:a3:12:ed:0d:e4:10:44:63:6b:a4:54:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 23:34:59 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=6af2af2fe2a3efe54a14fa09262030acd0711d78
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:66:db:77:2d:fd:8c:6b:81:94:f3:97:fd:72:
                    e0:fa:de:e1:03:58:8b:1d:99:21:d6:41:3f:ec:07:
                    f8:1e:31:61:31:c4:0b:21:62:a0:b8:fd:ee:e3:b3:
                    e5:49:c6:3f:97:45:ac:eb:8a:b7:50:28:1f:cd:22:
                    69:6e:ee:6d:d6:79:63:54:21:6c:63:04:4f:d2:ee:
                    2f:35:ad:e8:70:19:3a:45:ad:38:80:33:06:d5:96:
                    94:c8:82:d6:60:76:04:ea:bb:ce:e4:2f:bf:a3:49:
                    94:11:4d:d6:80:b0:74:65:21:18:b7:a6:87:6c:86:
                    29:29:49:da:f3:84:84:e0:f1:e8:7a:21:d3:f7:f9:
                    b6:68:40:1f:0e:c0:a8:65:c3:c4:77:12:22:48:53:
                    43:3f:5e:8c:d5:c7:e5:86:7f:de:c6:a4:d6:7e:18:
                    46:0d:74:8c:52:84:ee:d5:88:23:aa:4f:d0:d4:14:
                    ab:fe:55:e8:6c:e7:92:99:8e:45:cf:7b:68:da:b6:
                    60:37:c2:1b:f1:5d:be:36:23:47:39:cf:ee:19:68:
                    b0:ea:89:7c:f6:e4:ec:c1:87:f0:7e:10:0d:78:ca:
                    6a:16:da:61:ac:d0:27:3b:4f:08:ff:3b:1e:24:92:
                    55:5a:37:b9:f7:d0:01:18:3f:31:0c:1f:75:68:e5:
                    56:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:F2:AF:2F:E2:A3:EF:E5:4A:14:FA:09:26:20:30:AC:D0:71:1D:78
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/a1c55b-ac96-4963-89ad-7ca11b7a0a6e/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/a1c55b-ac96-4963-89ad-7ca11b7a0a6e/1/avKvL-Kj7-VKFPoJJiAwrNBxHXg.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.83.48.0/22
                  80.243.228.0/22
                  86.62.52.0/22
                  95.214.244.0/22
                  213.109.188.0/22
                IPv6:
                  2a09:200::/29
                  2a09:7a80::/29
                  2a09:8500::/29
                  2a09:ef80::/29
                  2a0d:21c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         1b:5a:cc:ce:9a:ac:fe:fb:54:b0:d4:b8:33:1d:90:61:e5:1e:
         a6:df:08:25:e6:5b:08:fd:c4:cd:3a:08:b3:57:2a:05:7b:f9:
         d8:0a:91:c2:7b:c5:20:26:8a:67:ec:b7:69:57:41:97:da:bb:
         94:3d:59:b3:6c:ba:93:ad:45:98:e3:4b:b1:d3:59:a8:eb:56:
         b6:a2:0d:e3:93:a8:75:07:97:71:df:b5:e2:a0:a9:31:14:93:
         d4:ed:76:e7:92:40:f5:94:8d:f6:1e:c6:e9:93:f3:73:48:e9:
         ac:0c:47:a1:62:0c:e7:de:65:13:bf:b0:4f:15:e8:dc:25:16:
         da:5e:da:fd:1a:6a:e8:66:1a:df:72:8b:dd:2e:5d:58:ea:66:
         09:42:34:7e:7a:52:9a:62:8e:8d:21:fe:0b:98:07:fb:23:08:
         36:50:20:7b:1f:12:18:e1:95:6a:ca:1d:56:26:ac:1e:cd:ed:
         e5:eb:c9:30:43:c3:3a:dd:8b:fc:b7:92:95:2a:13:13:0b:d6:
         d6:7a:41:ae:0d:71:8c:00:9f:e7:91:4d:fc:17:02:73:56:ea:
         7b:94:50:e7:b5:83:99:75:80:bb:45:9e:89:b5:bb:cc:7b:bf:
         7f:59:1e:59:a6:d1:b0:f1:96:09:d3:96:8c:02:ed:2a:e8:25:
         3e:85:92:63
-----BEGIN CERTIFICATE-----
MIIFuzCCBKOgAwIBAgISAYVvsD5RoxLtDeQQRGNrpFTCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjMwMTAxMjMzNDU5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YWYyYWYyZmUyYTNlZmU1NGExNGZhMDkyNjIwMzBhY2QwNzExZDc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvWbbdy39jGuBlPOX/XLg+t7hA1iL
HZkh1kE/7Af4HjFhMcQLIWKguP3u47PlScY/l0Ws64q3UCgfzSJpbu5t1nljVCFs
YwRP0u4vNa3ocBk6Ra04gDMG1ZaUyILWYHYE6rvO5C+/o0mUEU3WgLB0ZSEYt6aH
bIYpKUna84SE4PHoeiHT9/m2aEAfDsCoZcPEdxIiSFNDP16M1cflhn/exqTWfhhG
DXSMUoTu1Ygjqk/Q1BSr/lXobOeSmY5Fz3to2rZgN8Ib8V2+NiNHOc/uGWiw6ol8
9uTswYfwfhANeMpqFtphrNAnO08I/zseJJJVWje599ABGD8xDB91aOVWoQIDAQAB
o4ICxzCCAsMwHQYDVR0OBBYEFGryry/io+/lShT6CSYgMKzQcR14MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzAwL2ExYzU1
Yi1hYzk2LTQ5NjMtODlhZC03Y2ExMWI3YTBhNmUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDAvYTFjNTVi
LWFjOTYtNDk2My04OWFkLTdjYTExYjdhMGE2ZS8xL2F2S3ZMLUtqNy1WS0ZQb0pK
aUF3ck5CeEhYZy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMGIGCCsGAQUF
BwEHAQH/BFMwUTAkBAIAATAeAwQCTVMwAwQCUPPkAwQCVj40AwQCX9b0AwQC1W28
MCkEAgACMCMDBQMqCQIAAwUDKgl6gAMFAyoJhQADBQMqCe+AAwUDKg0hwDANBgkq
hkiG9w0BAQsFAAOCAQEAG1rMzpqs/vtUsNS4Mx2QYeUept8IJeZbCP3EzToIs1cq
BXv52AqRwnvFICaKZ+y3aVdBl9q7lD1Zs2y6k61FmONLsdNZqOtWtqIN45OodQeX
cd+14qCpMRST1O1255JA9ZSN9h7G6ZPzc0jprAxHoWIM595lE7+wTxXo3CUW2l7a
/Rpq6GYa33KL3S5dWOpmCUI0fnpSmmKOjSH+C5gH+yMINlAgex8SGOGVasodVias
Hs3t5evJMEPDOt2L/LeSlSoTEwvW1npBrg1xjACf55FN/BcCc1bqe5RQ57WDmXWA
u0WeibW7zHu/f1keWabRsPGWCdOWjALtKuglPoWSYw==
-----END CERTIFICATE-----