Certificate

$ rpki-client -vvf rpki.afrinic.net/repository/afrinic/HNlmJ3URky060f0tMBT24WjMSOU.cer
File:                     HNlmJ3URky060f0tMBT24WjMSOU.cer (raw, json)
Hash identifier:          83H06e4yP/8jUqtqkxnOlcxKACxc4ew+eqBjsTZ77uw=
Subject key identifier:   1C:D9:66:27:75:11:93:2D:3A:D1:FD:2D:30:14:F6:E1:68:CC:48:E5
Authority key identifier: 2B:57:89:7A:7C:A9:64:C3:C8:B7:F7:BD:DA:A7:A4:DA:34:A9:8F:80
Certificate issuer:       /CN=AFRINIC/serialNumber=2B57897A7CA964C3C8B7F7BDDAA7A4DA34A98F80
Certificate serial:       3332
Authority info access:    rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer
Manifest:                 rsync://rpki.afrinic.net/repository/member_repository/F36E2B69/1B6AC538F67811EDA33672194AD9E6FC/HNlmJ3URky060f0tMBT24WjMSOU.mft
caRepository:             rsync://rpki.afrinic.net/repository/member_repository/F36E2B69/1B6AC538F67811EDA33672194AD9E6FC/
Notify URL:               https://rrdp.afrinic.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 05:51:53 +0000
Certificate not after:    Tue 31 Mar 2026 00:00:00 +0000
Subordinate resources:    AS: 328760
                          IP: 102.221.248.0/22
                          IP: 2c0f:1b80::/32
Validation:               Failed, CRL has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 13106 (0x3332)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=AFRINIC
        Validity
            Not Before: Jan  1 05:51:53 2025 GMT
            Not After : Mar 31 00:00:00 2026 GMT
        Subject: CN=F36E2B69AF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:ca:3b:54:77:40:ae:9f:7f:bb:8c:42:66:f1:
                    48:93:b3:6b:45:63:a9:6d:24:d8:85:0f:3a:77:d6:
                    b7:98:41:46:24:ec:61:73:84:ab:56:ee:c1:5e:33:
                    85:9b:22:af:b8:99:33:2f:ac:fa:7b:2f:c1:c1:8a:
                    f9:08:ef:39:76:26:ce:42:9a:4e:2c:c3:8d:bf:92:
                    2f:0a:fe:8e:dc:ab:96:b4:00:e7:9b:e2:cf:64:1b:
                    57:bd:d0:9f:b8:09:ed:37:fa:a6:9d:19:b3:4c:07:
                    ec:43:08:6b:46:03:f1:61:a7:82:d3:ef:9b:c9:65:
                    4a:9d:fc:09:0e:b0:98:97:19:7e:c4:df:0d:fd:d2:
                    36:ad:80:42:ac:01:40:64:09:0f:56:96:99:b0:6f:
                    92:22:bd:ba:fb:26:74:c9:72:07:b1:c7:39:e3:65:
                    57:6a:11:63:f2:ab:0d:6f:5d:aa:b6:ea:eb:80:8a:
                    90:e3:ab:f5:be:5a:99:d1:5d:c5:aa:9f:96:98:e0:
                    74:bf:39:69:77:b5:dd:a4:d3:b9:f2:84:bb:70:35:
                    5f:cb:3e:b0:5c:37:4d:6d:21:32:95:b4:78:0d:12:
                    2d:9d:31:c4:b6:69:1b:4f:75:4d:47:2b:fb:44:2c:
                    60:43:cb:62:65:fb:63:31:0d:02:c0:e9:5c:05:be:
                    b4:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:D9:66:27:75:11:93:2D:3A:D1:FD:2D:30:14:F6:E1:68:CC:48:E5
            X509v3 Authority Key Identifier:
                keyid:2B:57:89:7A:7C:A9:64:C3:C8:B7:F7:BD:DA:A7:A4:DA:34:A9:8F:80

            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://rpki.afrinic.net/policy/CPS.pdf

            Subject Information Access:
                CA Repository - URI:rsync://rpki.afrinic.net/repository/member_repository/F36E2B69/1B6AC538F67811EDA33672194AD9E6FC/
                RPKI Notify - URI:https://rrdp.afrinic.net/notification.xml
                RPKI Manifest - URI:rsync://rpki.afrinic.net/repository/member_repository/F36E2B69/1B6AC538F67811EDA33672194AD9E6FC/HNlmJ3URky060f0tMBT24WjMSOU.mft

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  328760

            sbgp-ipAddrBlock: critical
                IPv4:
                  102.221.248.0/22
                IPv6:
                  2c0f:1b80::/32

    Signature Algorithm: sha256WithRSAEncryption
         46:b2:3a:d0:01:73:6c:8c:ca:1d:65:74:3a:19:48:74:db:26:
         81:a0:e3:e5:7b:31:e3:9f:15:43:64:d3:d3:ab:ac:e5:8b:b7:
         db:5d:86:1e:c2:62:7f:2f:fb:6d:6c:09:6c:b7:62:cf:63:0c:
         9f:a2:b2:26:0d:df:c7:7d:ca:68:88:08:36:c9:7b:19:cf:37:
         ee:83:73:4f:f9:2e:5c:19:e5:59:42:f0:63:f7:db:e3:6b:ec:
         5b:c0:b3:24:33:2c:4c:3b:8f:a5:ac:ee:23:29:a4:47:90:8d:
         24:56:66:27:ef:20:a3:36:0a:c4:1d:69:a3:42:fd:e5:a9:08:
         ab:de:55:ea:1d:19:16:3f:89:ab:14:ff:01:c5:be:ff:87:fe:
         fb:9a:bd:e3:d7:db:b3:d1:67:03:f8:16:02:30:ea:70:1a:9b:
         67:8b:55:43:27:1c:93:c4:62:2e:32:d9:a9:c7:38:a9:6b:d2:
         18:5e:82:e0:08:9a:66:03:db:5b:7c:0d:0b:61:89:b5:a7:6f:
         35:d7:55:37:4e:74:c4:35:d1:86:0b:cb:5d:c3:93:d8:fd:16:
         11:fc:26:6f:4f:a4:11:69:ff:a1:8d:ca:f0:bd:fa:8a:b5:49:
         d7:be:9d:75:da:e2:ae:98:5c:d4:ae:36:cb:25:39:66:4c:11:
         f3:a3:94:5a
-----BEGIN CERTIFICATE-----
MIIGJTCCBQ2gAwIBAgICMzIwDQYJKoZIhvcNAQELBQAwRTEQMA4GA1UEAxMHQUZS
SU5JQzExMC8GA1UEBRMoMkI1Nzg5N0E3Q0E5NjRDM0M4QjdGN0JEREFBN0E0REEz
NEE5OEY4MDAeFw0yNTAxMDEwNTUxNTNaFw0yNjAzMzEwMDAwMDBaMEgxEzARBgNV
BAMTCkYzNkUyQjY5QUYxMTAvBgNVBAUTKDFDRDk2NjI3NzUxMTkzMkQzQUQxRkQy
RDMwMTRGNkUxNjhDQzQ4RTUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDoyjtUd0Cun3+7jEJm8UiTs2tFY6ltJNiFDzp31reYQUYk7GFzhKtW7sFeM4Wb
Iq+4mTMvrPp7L8HBivkI7zl2Js5Cmk4sw42/ki8K/o7cq5a0AOeb4s9kG1e90J+4
Ce03+qadGbNMB+xDCGtGA/Fhp4LT75vJZUqd/AkOsJiXGX7E3w390jatgEKsAUBk
CQ9Wlpmwb5Iivbr7JnTJcgexxznjZVdqEWPyqw1vXaq26uuAipDjq/W+WpnRXcWq
n5aY4HS/OWl3td2k07nyhLtwNV/LPrBcN01tITKVtHgNEi2dMcS2aRtPdU1HK/tE
LGBDy2Jl+2MxDQLA6VwFvrTxAgMBAAGjggMaMIIDFjAdBgNVHQ4EFgQUHNlmJ3UR
ky060f0tMBT24WjMSOUwHwYDVR0jBBgwFoAUK1eJenypZMPIt/e92qek2jSpj4Aw
DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wXAYDVR0fBFUwUzBRoE+g
TYZLcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvYWZyaW5pYy9L
MWVKZW55cFpNUEl0X2U5MnFlazJqU3BqNEEuY3JsMG8GCCsGAQUFBwEBBGMwYTBf
BggrBgEFBQcwAoZTcnN5bmM6Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkv
MDRFOEIwRDgwRjREMTFFMEI2NTdEODkzMTM2N0FFN0QvYWZyaW5pYy1jYS5jZXIw
TwYDVR0gAQH/BEUwQzBBBggrBgEFBQcOAjA1MDMGCCsGAQUFBwIBFidodHRwczov
L3Jwa2kuYWZyaW5pYy5uZXQvcG9saWN5L0NQUy5wZGYwggFFBggrBgEFBQcBCwSC
ATcwggEzMGwGCCsGAQUFBzAFhmByc3luYzovL3Jwa2kuYWZyaW5pYy5uZXQvcmVw
b3NpdG9yeS9tZW1iZXJfcmVwb3NpdG9yeS9GMzZFMkI2OS8xQjZBQzUzOEY2Nzgx
MUVEQTMzNjcyMTk0QUQ5RTZGQy8wNQYIKwYBBQUHMA2GKWh0dHBzOi8vcnJkcC5h
ZnJpbmljLm5ldC9ub3RpZmljYXRpb24ueG1sMIGLBggrBgEFBQcwCoZ/cnN5bmM6
Ly9ycGtpLmFmcmluaWMubmV0L3JlcG9zaXRvcnkvbWVtYmVyX3JlcG9zaXRvcnkv
RjM2RTJCNjkvMUI2QUM1MzhGNjc4MTFFREEzMzY3MjE5NEFEOUU2RkMvSE5sbUoz
VVJreTA2MGYwdE1CVDI0V2pNU09VLm1mdDAaBggrBgEFBQcBCAEB/wQLMAmgBzAF
AgMFBDgwLgYIKwYBBQUHAQcBAf8EHzAdMAwEAgABMAYDBAJm3fgwDQQCAAIwBwMF
ACwPG4AwDQYJKoZIhvcNAQELBQADggEBAEayOtABc2yMyh1ldDoZSHTbJoGg4+V7
MeOfFUNk09OrrOWLt9tdhh7CYn8v+21sCWy3Ys9jDJ+isiYN38d9ymiICDbJexnP
N+6Dc0/5LlwZ5VlC8GP32+Nr7FvAsyQzLEw7j6Ws7iMppEeQjSRWZifvIKM2CsQd
aaNC/eWpCKveVeodGRY/iasU/wHFvv+H/vuavePX27PRZwP4FgIw6nAam2eLVUMn
HJPEYi4y2anHOKlr0hheguAImmYD21t8DQthibWnbzXXVTdOdMQ10YYLy13Dk9j9
FhH8Jm9PpBFp/6GNyvC9+oq1Sde+nXXa4q6YXNSuNsslOWZMEfOjlFo=
-----END CERTIFICATE-----