Certificate

$ rpki-client -vvf rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/zb-gptBh4f5wNLQPLuLktT3o_eE.cer
File:                     zb-gptBh4f5wNLQPLuLktT3o_eE.cer (raw, json)
Hash identifier:          VYiZTym/L9wGg0sXQamB6HJtp6Iq9HmaHLNLSQeokWw=
Subject key identifier:   CD:BF:A0:A6:D0:61:E1:FE:70:34:B4:0F:2E:E2:E4:B5:3D:E8:FD:E1
Authority key identifier: 0E:65:A4:F5:FD:36:B5:BD:68:EB:3C:92:34:08:97:8C:90:7A:A7:9F
Certificate issuer:       /CN=A90DC5BE/serialNumber=0E65A4F5FD36B5BD68EB3C923408978C907AA79F
Certificate serial:       023179
Authority info access:    rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
Manifest:                 rsync://rpki.apnic.net/member_repository/A91F98B5/96D8238AEC0011EF8B5D172DC4F9AE02/zb-gptBh4f5wNLQPLuLktT3o_eE.mft
caRepository:             rsync://rpki.apnic.net/member_repository/A91F98B5/96D8238AEC0011EF8B5D172DC4F9AE02/
Notify URL:               https://rrdp.apnic.net/notification.xml
Certificate not before:   Sun 16 Feb 2025 00:54:39 +0000
Certificate not after:    Mon 02 Mar 2026 00:00:00 +0000
Subordinate resources:    IP: 103.254.7.0/24
Validation:               Failed, CRL has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 143737 (0x23179)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A90DC5BE
        Validity
            Not Before: Feb 16 00:54:39 2025 GMT
            Not After : Mar  2 00:00:00 2026 GMT
        Subject: CN=A91F98B5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:42:37:52:38:22:e7:25:e7:e7:3d:d6:a1:bb:
                    3f:02:98:4c:1a:0d:4e:f4:16:18:98:75:06:f4:e9:
                    32:9e:de:87:f7:9f:c9:ec:29:f9:21:db:41:b1:bd:
                    fd:2e:a1:da:be:3d:99:46:dd:80:2f:b9:9b:fe:9d:
                    ac:ab:6d:bc:0c:c1:45:94:24:69:b3:33:ea:ca:a7:
                    4a:5a:6d:0d:fa:7f:57:88:18:25:80:32:5e:78:cf:
                    f3:77:74:2f:86:f5:ae:1c:4c:3b:43:79:dd:2e:b4:
                    d4:9d:65:1c:5c:13:4e:76:09:e7:1b:05:8c:a9:e1:
                    c3:c0:15:fa:8d:85:49:05:f1:81:ae:a6:1e:68:02:
                    62:25:e2:c8:45:3d:44:a5:ce:36:d8:7b:68:9d:a3:
                    c9:30:8f:23:ff:0e:78:3e:95:ad:12:31:80:79:32:
                    98:86:4f:21:d8:f2:65:fd:82:d9:0b:72:8d:80:56:
                    d8:60:17:b8:fc:dd:1c:bc:59:2e:11:af:b8:1c:59:
                    bf:c9:d3:93:36:56:34:d8:43:69:7d:ca:ef:ec:12:
                    1c:89:d4:83:60:24:7b:38:52:de:6c:c4:b6:43:24:
                    84:ca:19:76:d1:d1:05:2c:4a:56:85:13:7d:97:ad:
                    c3:b5:df:13:2e:26:42:db:1b:f2:16:51:95:a0:1c:
                    71:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:BF:A0:A6:D0:61:E1:FE:70:34:B4:0F:2E:E2:E4:B5:3D:E8:FD:E1
            X509v3 Authority Key Identifier:
                keyid:0E:65:A4:F5:FD:36:B5:BD:68:EB:3C:92:34:08:97:8C:90:7A:A7:9F

            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                CA Repository - URI:rsync://rpki.apnic.net/member_repository/A91F98B5/96D8238AEC0011EF8B5D172DC4F9AE02/
                RPKI Manifest - URI:rsync://rpki.apnic.net/member_repository/A91F98B5/96D8238AEC0011EF8B5D172DC4F9AE02/zb-gptBh4f5wNLQPLuLktT3o_eE.mft
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.254.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:c8:4f:0a:1e:dc:0a:ac:2e:2b:d2:d0:29:c6:0d:46:f4:2f:
         02:bb:06:1f:4b:9d:5e:0b:05:10:90:eb:c6:2d:21:13:36:f4:
         7e:0c:c3:14:e6:22:ac:47:86:f1:f7:c7:e0:05:33:5e:f5:22:
         56:13:8c:89:fe:7c:21:87:d4:2d:c6:da:d6:42:3f:3f:5f:11:
         31:f4:91:1e:d1:75:b1:35:ed:f3:a0:4a:ab:09:38:de:42:ba:
         50:9e:75:2e:31:e7:7b:ed:33:31:5d:94:4f:f1:0b:e9:3a:08:
         2b:4f:10:60:10:d0:1f:08:08:cb:ba:e6:c4:8e:15:83:9b:c7:
         15:0b:fd:d1:ba:77:65:11:08:15:e0:25:ff:56:da:1b:d6:c3:
         e4:87:9d:c5:05:ef:8e:f5:04:86:30:cc:9a:9e:b5:38:9d:af:
         04:9b:e4:4c:35:d5:88:a5:5b:e7:e9:6b:3e:6b:d8:a7:3f:3c:
         b8:41:a5:7e:47:6b:17:6e:69:31:10:4f:3d:0a:1b:50:df:89:
         72:0f:cc:7e:8d:b8:14:7d:0b:fa:70:31:d2:7e:da:90:14:0a:
         6a:4a:bc:d3:6d:bf:ee:d6:d1:eb:d6:7a:11:52:88:73:c9:f0:
         25:bb:38:1b:4c:20:fa:c8:4c:2e:57:4c:b3:7e:5f:75:62:10:
         ea:6e:d7:7d
-----BEGIN CERTIFICATE-----
MIIF/jCCBOagAwIBAgIDAjF5MA0GCSqGSIb3DQEBCwUAMEYxETAPBgNVBAMTCEE5
MERDNUJFMTEwLwYDVQQFEygwRTY1QTRGNUZEMzZCNUJENjhFQjNDOTIzNDA4OTc4
QzkwN0FBNzlGMB4XDTI1MDIxNjAwNTQzOVoXDTI2MDMwMjAwMDAwMFowRjERMA8G
A1UEAxMIQTkxRjk4QjUxMTAvBgNVBAUTKENEQkZBMEE2RDA2MUUxRkU3MDM0QjQw
RjJFRTJFNEI1M0RFOEZERTEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQCbQjdSOCLnJefnPdahuz8CmEwaDU70FhiYdQb06TKe3of3n8nsKfkh20Gxvf0u
odq+PZlG3YAvuZv+nayrbbwMwUWUJGmzM+rKp0pabQ36f1eIGCWAMl54z/N3dC+G
9a4cTDtDed0utNSdZRxcE052CecbBYyp4cPAFfqNhUkF8YGuph5oAmIl4shFPUSl
zjbYe2ido8kwjyP/Dng+la0SMYB5MpiGTyHY8mX9gtkLco2AVthgF7j83Ry8WS4R
r7gcWb/J05M2VjTYQ2l9yu/sEhyJ1INgJHs4Ut5sxLZDJITKGXbR0QUsSlaFE32X
rcO13xMuJkLbG/IWUZWgHHG1AgMBAAGjggLzMIIC7zAdBgNVHQ4EFgQUzb+gptBh
4f5wNLQPLuLktT3o/eEwHwYDVR0jBBgwFoAUDmWk9f02tb1o6zySNAiXjJB6p58w
DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wcwYDVR0fBGwwajBooGag
ZIZicnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2
NjExRTJCQjQ2OEY3QzcyRkQxRkYyL0RtV2s5ZjAydGIxbzZ6eVNOQWlYakpCNnA1
OC5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvOTgwNjUyRTBCNzdFMTFFN0E5NkEzOTUyMUE0
RjRGQjQvRG1XazlmMDJ0YjFvNnp5U05BaVhqSkI2cDU4LmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwggEoBggrBgEFBQcBCwSCARowggEWMF8GCCsGAQUF
BzAFhlNyc3luYzovL3Jwa2kuYXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5
MUY5OEI1Lzk2RDgyMzhBRUMwMDExRUY4QjVEMTcyREM0RjlBRTAyLzB+BggrBgEF
BQcwCoZycnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9B
OTFGOThCNS85NkQ4MjM4QUVDMDAxMUVGOEI1RDE3MkRDNEY5QUUwMi96Yi1ncHRC
aDRmNXdOTFFQTHVMa3RUM29fZUUubWZ0MDMGCCsGAQUFBzANhidodHRwczovL3Jy
ZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8EEDAO
MAwEAgABMAYDBABn/gcwDQYJKoZIhvcNAQELBQADggEBABHITwoe3AqsLivS0CnG
DUb0LwK7Bh9LnV4LBRCQ68YtIRM29H4MwxTmIqxHhvH3x+AFM171IlYTjIn+fCGH
1C3G2tZCPz9fETH0kR7RdbE17fOgSqsJON5CulCedS4x53vtMzFdlE/xC+k6CCtP
EGAQ0B8ICMu65sSOFYObxxUL/dG6d2URCBXgJf9W2hvWw+SHncUF7471BIYwzJqe
tTidrwSb5Ew11YilW+fpaz5r2Kc/PLhBpX5HaxduaTEQTz0KG1DfiXIPzH6NuBR9
C/pwMdJ+2pAUCmpKvNNtv+7W0evWehFSiHPJ8CW7OBtMIPrITC5XTLN+X3ViEOpu
130=
-----END CERTIFICATE-----