$ openssl s_client -showcerts -servername <hostname> -connect <hostname>:443
$ openssl crl -inform {DER|PEM} -noout -text -in <crl>