Certificate

$ rpki-client -vvf rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/hgOgrKcgSw7-1k23DeUcdboDk1U.cer
File:                     hgOgrKcgSw7-1k23DeUcdboDk1U.cer (raw, json)
Hash identifier:          tzpm/mLO93oejY2MREtgdCpN7BPJQeleYRrHVDcbu/Q=
Subject key identifier:   86:03:A0:AC:A7:20:4B:0E:FE:D6:4D:B7:0D:E5:1C:75:BA:03:93:55
Authority key identifier: 0E:65:A4:F5:FD:36:B5:BD:68:EB:3C:92:34:08:97:8C:90:7A:A7:9F
Certificate issuer:       /CN=A90DC5BE/serialNumber=0E65A4F5FD36B5BD68EB3C923408978C907AA79F
Certificate serial:       0221B0
Authority info access:    rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
Manifest:                 rsync://rpki.apnic.net/member_repository/A9118EB2/7AC767DE066911EDB0AE8E37C4F9AE02/hgOgrKcgSw7-1k23DeUcdboDk1U.mft
caRepository:             rsync://rpki.apnic.net/member_repository/A9118EB2/7AC767DE066911EDB0AE8E37C4F9AE02/
Notify URL:               https://rrdp.apnic.net/notification.xml
Certificate not before:   Tue 10 Dec 2024 12:30:06 +0000
Certificate not after:    Tue 30 Sep 2025 00:00:00 +0000
Subordinate resources:    AS: 133378
                          AS: 139285
                          IP: 103.140.236.0/23
                          IP: 103.227.172.0/22
                          IP: 114.134.190.0/23
                          IP: 116.214.26.0 -- 116.214.29.255
                          IP: 2400:96a0::/32
Validation:               Failed, CRL has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 139696 (0x221b0)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A90DC5BE
        Validity
            Not Before: Dec 10 12:30:06 2024 GMT
            Not After : Sep 30 00:00:00 2025 GMT
        Subject: CN=A9118EB2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:9d:a8:e7:7e:42:8f:1d:7d:20:c2:b2:84:bd:
                    94:7c:ce:91:24:c2:9f:99:73:28:77:42:67:5e:ae:
                    e1:7c:06:6b:dc:eb:80:20:ac:e8:9e:e3:88:79:aa:
                    57:fc:ff:2c:1d:ab:df:80:3f:3b:77:2f:19:02:f1:
                    0d:78:45:b6:86:7e:df:a9:e7:e9:9d:f8:45:be:5e:
                    3b:d4:52:17:ed:c0:dd:20:83:81:8b:12:41:95:1e:
                    d6:ca:e8:7a:59:c5:b3:7e:4a:74:be:a6:26:02:2f:
                    02:04:93:f5:02:16:13:03:71:a5:08:a1:58:f9:d2:
                    6a:ef:27:39:0b:6c:9c:56:2d:4f:54:5e:ab:e8:e6:
                    f1:9d:97:37:64:94:f4:81:57:19:2a:8f:86:ae:45:
                    6e:f5:c8:3c:17:82:75:53:ab:ca:1d:e5:c3:89:65:
                    45:2c:f8:f5:be:52:23:74:76:86:c2:14:3f:d6:e1:
                    c7:29:a5:08:4a:86:46:0e:6d:4b:cf:ca:53:2d:cb:
                    88:b1:fd:91:0d:4f:fa:ff:3d:85:43:0e:e7:0c:50:
                    69:22:80:52:d2:ff:84:bc:94:16:1c:be:1f:25:fc:
                    20:1a:4e:ec:b6:6d:64:ab:0f:95:88:7d:03:ad:4c:
                    14:14:a0:0c:13:56:ab:fe:b8:1a:21:5c:28:cc:82:
                    34:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:03:A0:AC:A7:20:4B:0E:FE:D6:4D:B7:0D:E5:1C:75:BA:03:93:55
            X509v3 Authority Key Identifier:
                keyid:0E:65:A4:F5:FD:36:B5:BD:68:EB:3C:92:34:08:97:8C:90:7A:A7:9F

            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                CA Repository - URI:rsync://rpki.apnic.net/member_repository/A9118EB2/7AC767DE066911EDB0AE8E37C4F9AE02/
                RPKI Manifest - URI:rsync://rpki.apnic.net/member_repository/A9118EB2/7AC767DE066911EDB0AE8E37C4F9AE02/hgOgrKcgSw7-1k23DeUcdboDk1U.mft
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  133378
                  139285

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.140.236.0/23
                  103.227.172.0/22
                  114.134.190.0/23
                  116.214.26.0-116.214.29.255
                IPv6:
                  2400:96a0::/32

    Signature Algorithm: sha256WithRSAEncryption
         07:5e:17:df:37:98:f9:fa:9b:1f:5f:2e:60:64:b1:81:45:12:
         dc:b8:a0:02:dd:93:f8:9d:3f:46:0b:2c:1a:d6:b5:20:d6:b8:
         74:03:49:fc:d7:89:9d:b1:5f:d9:77:d2:28:29:f3:f1:4f:22:
         88:60:07:a3:a0:5e:7f:e3:24:2a:5f:a6:e6:d2:47:b1:4d:87:
         24:71:05:4e:7b:78:6d:7f:8a:58:eb:e2:3a:a6:d8:88:70:b4:
         07:20:d9:a4:da:d5:8d:dc:83:3b:88:e3:68:1e:5d:cc:63:cc:
         97:63:b4:cc:63:f2:b3:1e:d4:60:2f:04:97:d0:05:64:52:72:
         d8:bf:e3:7f:b0:a3:15:06:3b:cc:c7:6c:ef:9f:3e:32:5c:05:
         4e:fa:b8:4a:ec:8a:63:b8:69:ec:4c:38:4f:69:d1:ce:74:fd:
         ec:6a:c5:41:74:53:da:12:86:7c:b3:7c:26:c6:8f:a8:1b:0b:
         63:9a:9c:ab:42:50:de:9c:7c:6f:73:af:8b:d1:bb:b7:25:c6:
         91:42:c9:99:54:68:91:42:4a:30:67:83:10:47:2a:cf:4b:76:
         be:fd:64:da:a7:41:eb:17:b7:ec:62:89:05:05:2a:44:9f:46:
         07:c9:24:6f:1e:f6:99:d1:dd:43:4f:02:f9:f1:31:d3:eb:ea:
         cb:74:c2:d0
-----BEGIN CERTIFICATE-----
MIIGSDCCBTCgAwIBAgIDAiGwMA0GCSqGSIb3DQEBCwUAMEYxETAPBgNVBAMTCEE5
MERDNUJFMTEwLwYDVQQFEygwRTY1QTRGNUZEMzZCNUJENjhFQjNDOTIzNDA4OTc4
QzkwN0FBNzlGMB4XDTI0MTIxMDEyMzAwNloXDTI1MDkzMDAwMDAwMFowRjERMA8G
A1UEAxMIQTkxMThFQjIxMTAvBgNVBAUTKDg2MDNBMEFDQTcyMDRCMEVGRUQ2NERC
NzBERTUxQzc1QkEwMzkzNTUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDbnajnfkKPHX0gwrKEvZR8zpEkwp+Zcyh3QmderuF8Bmvc64AgrOie44h5qlf8
/ywdq9+APzt3LxkC8Q14RbaGft+p5+md+EW+XjvUUhftwN0gg4GLEkGVHtbK6HpZ
xbN+SnS+piYCLwIEk/UCFhMDcaUIoVj50mrvJzkLbJxWLU9UXqvo5vGdlzdklPSB
Vxkqj4auRW71yDwXgnVTq8od5cOJZUUs+PW+UiN0dobCFD/W4ccppQhKhkYObUvP
ylMty4ix/ZENT/r/PYVDDucMUGkigFLS/4S8lBYcvh8l/CAaTuy2bWSrD5WIfQOt
TBQUoAwTVqv+uBohXCjMgjTVAgMBAAGjggM9MIIDOTAdBgNVHQ4EFgQUhgOgrKcg
Sw7+1k23DeUcdboDk1UwHwYDVR0jBBgwFoAUDmWk9f02tb1o6zySNAiXjJB6p58w
DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wcwYDVR0fBGwwajBooGag
ZIZicnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2
NjExRTJCQjQ2OEY3QzcyRkQxRkYyL0RtV2s5ZjAydGIxbzZ6eVNOQWlYakpCNnA1
OC5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvOTgwNjUyRTBCNzdFMTFFN0E5NkEzOTUyMUE0
RjRGQjQvRG1XazlmMDJ0YjFvNnp5U05BaVhqSkI2cDU4LmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwggEoBggrBgEFBQcBCwSCARowggEWMF8GCCsGAQUF
BzAFhlNyc3luYzovL3Jwa2kuYXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5
MTE4RUIyLzdBQzc2N0RFMDY2OTExRURCMEFFOEUzN0M0RjlBRTAyLzB+BggrBgEF
BQcwCoZycnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9B
OTExOEVCMi83QUM3NjdERTA2NjkxMUVEQjBBRThFMzdDNEY5QUUwMi9oZ09ncktj
Z1N3Ny0xazIzRGVVY2Rib0RrMVUubWZ0MDMGCCsGAQUFBzANhidodHRwczovL3Jy
ZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQgBAf8EEDAO
oAwwCgIDAgkCAgMCIBUwSAYIKwYBBQUHAQcBAf8EOTA3MCYEAgABMCADBAFnjOwD
BAJn46wDBAFyhr4wDAMEAXTWGgMEAXTWHDANBAIAAjAHAwUAJACWoDANBgkqhkiG
9w0BAQsFAAOCAQEAB14X3zeY+fqbH18uYGSxgUUS3LigAt2T+J0/RgssGta1INa4
dANJ/NeJnbFf2XfSKCnz8U8iiGAHo6Bef+MkKl+m5tJHsU2HJHEFTnt4bX+KWOvi
OqbYiHC0ByDZpNrVjdyDO4jjaB5dzGPMl2O0zGPysx7UYC8El9AFZFJy2L/jf7Cj
FQY7zMds758+MlwFTvq4SuyKY7hp7Ew4T2nRznT97GrFQXRT2hKGfLN8JsaPqBsL
Y5qcq0JQ3px8b3Ovi9G7tyXGkULJmVRokUJKMGeDEEcqz0t2vv1k2qdB6xe37GKJ
BQUqRJ9GB8kkbx72mdHdQ08C+fEx0+vqy3TC0A==
-----END CERTIFICATE-----