Certificate

$ rpki-client -vvf repo.kagl.me/rpki/KeatonAGLair/0/64EF7C64F4E72CC0730DD0DA80D3C367CB785E67.cer
File:                     64EF7C64F4E72CC0730DD0DA80D3C367CB785E67.cer (raw, json)
Hash identifier:          czDsI/tQuiMyI0n4yPz5XTeynKE/qw/quJk5sK+zAR8=
Subject key identifier:   64:EF:7C:64:F4:E7:2C:C0:73:0D:D0:DA:80:D3:C3:67:CB:78:5E:67
Authority key identifier: 7E:C9:B5:D2:25:08:C0:23:1C:15:DA:BD:AF:51:35:99:0B:66:BF:ED
Certificate issuer:       /CN=02ba3f5254b88681ec6c5450a38717479c0589b9956c51e351
Certificate serial:       1645A2D4CF225F98A23F34737CC8EFFC577BAA3C
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/39065acc-beed-4115-bc6c-63de232f2a04/02ba3f5254b88681ec6c5450a38717479c0589b9956c51e351.cer
Manifest:                 rsync://dev.tw/rpki/August/12/64EF7C64F4E72CC0730DD0DA80D3C367CB785E67.mft
caRepository:             rsync://dev.tw/rpki/August/12/
Notify URL:               https://dev.tw/rpki/notification.xml
Certificate not before:   Sun 15 Sep 2024 05:51:26 +0000
Certificate not after:    Sun 14 Sep 2025 05:56:26 +0000
Subordinate resources:    IP: 104.37.42.0/23

Validation:               Failed, unable to get certificate CRL

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            16:45:a2:d4:cf:22:5f:98:a2:3f:34:73:7c:c8:ef:fc:57:7b:aa:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=02ba3f5254b88681ec6c5450a38717479c0589b9956c51e351
        Validity
            Not Before: Sep 15 05:51:26 2024 GMT
            Not After : Sep 14 05:56:26 2025 GMT
        Subject: CN=64EF7C64F4E72CC0730DD0DA80D3C367CB785E67
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:f4:88:ef:e2:c0:f5:a6:1f:08:77:1a:48:3c:
                    7a:a6:0b:d8:ac:1b:13:e2:d8:82:e8:f2:9e:e8:60:
                    fd:b4:86:7f:74:63:55:86:40:7d:bf:0f:72:f3:1b:
                    34:1f:68:a3:b5:f0:93:a8:7b:1c:2d:3e:a4:08:7d:
                    c9:b4:1d:3b:4e:b8:5e:e7:5d:4e:47:ef:35:66:4b:
                    59:6c:b1:a4:76:c2:fc:d9:00:06:9d:44:48:a8:cc:
                    ab:bc:26:f1:31:6f:74:7a:b0:33:27:b2:74:e3:91:
                    32:a8:de:52:34:52:16:c5:67:a3:9f:ea:ca:8c:34:
                    05:91:98:22:99:dc:4f:8b:f1:ee:4f:b3:86:fe:2f:
                    b5:bc:c9:68:e7:0a:d2:54:bf:d9:f0:a1:d7:0f:93:
                    bd:5c:e8:a6:40:4a:4b:e9:67:38:26:04:f2:27:b9:
                    cf:f8:05:5b:c4:6f:a7:85:98:30:b6:83:ae:16:d6:
                    0f:a1:09:a5:e1:36:11:f7:7a:e3:22:4e:f8:a0:52:
                    3b:0d:e8:4d:84:6e:34:8c:5f:0f:1c:11:bb:09:77:
                    3b:bc:94:8f:0f:91:0e:63:23:6a:06:18:68:8a:01:
                    ee:ef:f5:b0:a8:f7:c5:1f:54:e1:a0:35:f5:7b:03:
                    38:18:f2:89:b7:46:ca:51:c6:ec:96:a2:9e:10:5a:
                    2a:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Subject Key Identifier:
                64:EF:7C:64:F4:E7:2C:C0:73:0D:D0:DA:80:D3:C3:67:CB:78:5E:67
            X509v3 Authority Key Identifier:
                keyid:7E:C9:B5:D2:25:08:C0:23:1C:15:DA:BD:AF:51:35:99:0B:66:BF:ED

            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo.kagl.me/rpki/KeatonAGLair/0/7EC9B5D22508C0231C15DABDAF5135990B66BFED.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/39065acc-beed-4115-bc6c-63de232f2a04/02ba3f5254b88681ec6c5450a38717479c0589b9956c51e351.cer

            Subject Information Access:
                CA Repository - URI:rsync://dev.tw/rpki/August/12/
                RPKI Manifest - URI:rsync://dev.tw/rpki/August/12/64EF7C64F4E72CC0730DD0DA80D3C367CB785E67.mft
                RPKI Notify - URI:https://dev.tw/rpki/notification.xml

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  104.37.42.0/23

    Signature Algorithm: sha256WithRSAEncryption
         36:fc:3f:ed:64:e0:97:ec:f6:af:7f:f5:d8:93:ff:3f:86:3a:
         59:df:dc:1f:72:25:8c:6b:97:95:64:64:86:34:16:d0:60:c1:
         c8:9e:54:2d:29:b0:a8:db:53:c3:b8:89:ea:94:fc:dd:8a:d0:
         79:1b:f2:2a:8f:11:4b:66:48:3e:55:c2:ee:34:0c:69:ce:25:
         62:e9:a8:72:b1:21:d8:80:29:6e:ac:60:dd:0a:8a:8c:12:93:
         03:4f:c8:0e:ec:34:0f:ab:0f:9f:85:c3:72:e7:86:e2:bc:c2:
         ca:67:c3:77:e7:67:f3:9f:c6:92:c7:df:aa:fe:19:f4:ed:c6:
         ff:27:ea:c9:a2:43:e2:73:81:2b:68:29:af:99:60:de:fc:9b:
         58:64:4c:79:0f:a3:7f:5a:68:c3:69:2a:6a:c6:3d:71:8a:e6:
         30:77:bb:cc:50:5d:c2:7d:27:40:98:68:3f:04:ad:5c:44:1b:
         87:ad:63:88:cd:00:19:74:4e:7b:70:8b:f4:cb:54:e6:e8:bb:
         c8:d8:53:b4:1b:2a:a3:8b:84:4d:ce:40:6e:d4:15:80:af:48:
         aa:2f:6b:ad:28:9b:eb:0d:78:fa:01:7d:c8:ac:ba:cd:fd:dd:
         0a:65:2e:88:f3:7e:e9:0f:ee:80:37:63:72:df:22:bd:25:c8:
         c6:b0:4b:bc
-----BEGIN CERTIFICATE-----
MIIFxzCCBK+gAwIBAgIUFkWi1M8iX5iiPzRzfMjv/Fd7qjwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMDJiYTNmNTI1NGI4ODY4MWVjNmM1NDUwYTM4NzE3NDc5
YzA1ODliOTk1NmM1MWUzNTEwHhcNMjQwOTE1MDU1MTI2WhcNMjUwOTE0MDU1NjI2
WjAzMTEwLwYDVQQDEyg2NEVGN0M2NEY0RTcyQ0MwNzMwREQwREE4MEQzQzM2N0NC
Nzg1RTY3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsfSI7+LA9aYf
CHcaSDx6pgvYrBsT4tiC6PKe6GD9tIZ/dGNVhkB9vw9y8xs0H2ijtfCTqHscLT6k
CH3JtB07Trhe511OR+81ZktZbLGkdsL82QAGnURIqMyrvCbxMW90erAzJ7J045Ey
qN5SNFIWxWejn+rKjDQFkZgimdxPi/HuT7OG/i+1vMlo5wrSVL/Z8KHXD5O9XOim
QEpL6Wc4JgTyJ7nP+AVbxG+nhZgwtoOuFtYPoQml4TYR93rjIk74oFI7DehNhG40
jF8PHBG7CXc7vJSPD5EOYyNqBhhoigHu7/WwqPfFH1ThoDX1ewM4GPKJt0bKUcbs
lqKeEFoqiwIDAQABo4ICxzCCAsMwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU
ZO98ZPTnLMBzDdDagNPDZ8t4XmcwHwYDVR0jBBgwFoAUfsm10iUIwCMcFdq9r1E1
mQtmv+0wDgYDVR0PAQH/BAQDAgEGMGYGA1UdHwRfMF0wW6BZoFeGVXJzeW5jOi8v
cmVwby5rYWdsLm1lL3Jwa2kvS2VhdG9uQUdMYWlyLzAvN0VDOUI1RDIyNTA4QzAy
MzFDMTVEQUJEQUY1MTM1OTkwQjY2QkZFRC5jcmwwgfMGCCsGAQUFBwEBBIHmMIHj
MIHgBggrBgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5
L2FyaW4tcnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3
ZDMvMDM1NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzM5MDY1YWNj
LWJlZWQtNDExNS1iYzZjLTYzZGUyMzJmMmEwNC8wMmJhM2Y1MjU0Yjg4NjgxZWM2
YzU0NTBhMzg3MTc0NzljMDU4OWI5OTU2YzUxZTM1MS5jZXIwgcYGCCsGAQUFBwEL
BIG5MIG2MCoGCCsGAQUFBzAFhh5yc3luYzovL2Rldi50dy9ycGtpL0F1Z3VzdC8x
Mi8wVgYIKwYBBQUHMAqGSnJzeW5jOi8vZGV2LnR3L3Jwa2kvQXVndXN0LzEyLzY0
RUY3QzY0RjRFNzJDQzA3MzBERDBEQTgwRDNDMzY3Q0I3ODVFNjcubWZ0MDAGCCsG
AQUFBzANhiRodHRwczovL2Rldi50dy9ycGtpL25vdGlmaWNhdGlvbi54bWwwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEAWglKjANBgkqhkiG9w0BAQsFAAOCAQEANvw/7WTgl+z2r3/12JP/P4Y6Wd/c
H3IljGuXlWRkhjQW0GDByJ5ULSmwqNtTw7iJ6pT83YrQeRvyKo8RS2ZIPlXC7jQM
ac4lYumocrEh2IApbqxg3QqKjBKTA0/IDuw0D6sPn4XDcueG4rzCymfDd+dn85/G
ksffqv4Z9O3G/yfqyaJD4nOBK2gpr5lg3vybWGRMeQ+jf1pow2kqasY9cYrmMHe7
zFBdwn0nQJhoPwStXEQbh61jiM0AGXROe3CL9MtU5ui7yNhTtBsqo4uETc5AbtQV
gK9Iqi9rrSib6w14+gF9yKy6zf3dCmUuiPN+6Q/ugDdjct8ivSXIxrBLvA==
-----END CERTIFICATE-----