Certificate

$ rpki-client -vvf rpki.apnic.net/repository/B322A5F41D6611E2A3F27F7C72FD1FF2/G5AiZjIh2M567rA_P1eZ8NV-phY.cer
File:                     G5AiZjIh2M567rA_P1eZ8NV-phY.cer (raw, json)
Hash identifier:          G/yaX+7EL0/GwkkUlc7OR1TxoR2Vd/QXFlcTZOMhsLE=
Subject key identifier:   1B:90:22:66:32:21:D8:CE:7A:EE:B0:3F:3F:57:99:F0:D5:7E:A6:16
Authority key identifier: 0C:FC:E7:78:57:FC:F0:1F:39:D9:9A:62:B4:AA:62:E6:15:9E:76:F8
Certificate issuer:       /CN=A90DC5BE/serialNumber=0CFCE77857FCF01F39D99A62B4AA62E6159E76F8
Certificate serial:       42D4
Authority info access:    rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DPzneFf88B852ZpitKpi5hWedvg.cer
Manifest:                 rsync://rpki.apnic.net/member_repository/A9133E16/F47B6CD4AC7411EA86EA9F48C4F9AE02/G5AiZjIh2M567rA_P1eZ8NV-phY.mft
caRepository:             rsync://rpki.apnic.net/member_repository/A9133E16/F47B6CD4AC7411EA86EA9F48C4F9AE02/
Notify URL:               https://rrdp.apnic.net/notification.xml
Certificate not before:   Tue 19 Sep 2023 13:13:10 +0000
Certificate not after:    Sun 02 Mar 2025 00:00:00 +0000
Subordinate resources:    IP: 94.190.208.0 -- 94.190.239.255

Validation:               OK
Signature path:           rsync://rpki.apnic.net/repository/B322A5F41D6611E2A3F27F7C72FD1FF2/DPzneFf88B852ZpitKpi5hWedvg.crl
                          rsync://rpki.apnic.net/repository/B322A5F41D6611E2A3F27F7C72FD1FF2/DPzneFf88B852ZpitKpi5hWedvg.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DPzneFf88B852ZpitKpi5hWedvg.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 29 Nov 2024 02:50:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 17108 (0x42d4)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A90DC5BE/serialNumber=0CFCE77857FCF01F39D99A62B4AA62E6159E76F8
        Validity
            Not Before: Sep 19 13:13:10 2023 GMT
            Not After : Mar  2 00:00:00 2025 GMT
        Subject: CN=A9133E16/serialNumber=1B9022663221D8CE7AEEB03F3F5799F0D57EA616
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:83:8f:2f:bd:1a:e6:bb:c4:57:35:ec:40:b1:
                    4e:6d:c5:ae:59:bb:19:0a:5b:0e:61:0f:5f:f8:b3:
                    99:da:ae:3a:00:4d:2d:21:60:6d:53:2f:57:79:cf:
                    e2:94:63:55:c5:ee:d8:9a:cb:9e:57:08:e3:e6:97:
                    13:2a:4f:97:ed:cd:c9:34:87:19:9c:5c:30:97:70:
                    59:4c:61:80:fb:64:4d:1e:d6:6b:5c:a4:d1:00:9a:
                    26:d7:c8:05:40:f8:0a:05:a2:18:f9:cc:76:75:e6:
                    87:0d:86:38:24:c6:62:e0:e9:c4:be:96:5a:41:39:
                    b5:62:a3:3e:3a:53:b1:53:af:2d:51:63:58:b5:1f:
                    ea:b4:6e:4b:92:22:11:97:62:74:ab:1e:f2:12:73:
                    ea:ab:11:5a:64:64:e7:78:09:4a:c4:d8:03:8b:2a:
                    0c:75:78:ee:98:9c:f6:0a:95:13:0e:c1:e3:66:64:
                    b5:65:a0:67:28:80:02:1f:58:3d:4f:cd:3a:29:c2:
                    79:1b:20:e0:99:3b:52:83:2f:dc:79:a0:ec:ca:d4:
                    4b:a3:60:fa:b9:25:7b:5a:d4:7f:5b:e6:dd:57:77:
                    ae:c4:b7:7b:5c:51:86:10:b7:3b:23:3b:f5:14:a1:
                    88:79:71:16:5a:22:6d:c8:c9:c3:b6:87:f5:59:e3:
                    95:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:90:22:66:32:21:D8:CE:7A:EE:B0:3F:3F:57:99:F0:D5:7E:A6:16
            X509v3 Authority Key Identifier:
                keyid:0C:FC:E7:78:57:FC:F0:1F:39:D9:9A:62:B4:AA:62:E6:15:9E:76:F8

            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/repository/B322A5F41D6611E2A3F27F7C72FD1FF2/DPzneFf88B852ZpitKpi5hWedvg.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DPzneFf88B852ZpitKpi5hWedvg.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                CA Repository - URI:rsync://rpki.apnic.net/member_repository/A9133E16/F47B6CD4AC7411EA86EA9F48C4F9AE02/
                RPKI Manifest - URI:rsync://rpki.apnic.net/member_repository/A9133E16/F47B6CD4AC7411EA86EA9F48C4F9AE02/G5AiZjIh2M567rA_P1eZ8NV-phY.mft
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.190.208.0-94.190.239.255

    Signature Algorithm: sha256WithRSAEncryption
         05:ba:f5:bd:2d:f0:b8:79:e9:a2:8a:c8:2e:67:5a:f4:63:4b:
         48:c2:89:48:84:ad:65:05:8a:49:2b:13:85:1d:53:2b:f1:54:
         24:01:a7:94:01:15:7e:80:5e:59:3e:f7:21:81:e6:0f:ad:1c:
         e1:0c:75:c4:44:e3:e2:00:72:8b:b3:5b:b6:92:0b:4b:8b:f7:
         99:63:67:70:cb:0a:7a:8f:d6:7e:d6:06:de:15:f3:4b:4b:cd:
         0e:a7:31:a3:f8:9c:b2:de:a6:c6:fd:3f:32:c5:0f:b0:16:90:
         f4:bc:69:71:62:c0:2f:2b:2e:b1:7a:fe:84:79:61:31:16:7b:
         aa:b5:da:e9:69:68:b4:95:54:06:7f:0a:20:4f:71:42:a1:6e:
         22:f6:b6:62:69:18:b5:79:da:89:be:a4:44:28:a1:95:de:25:
         96:91:16:cf:82:a7:97:2e:93:c7:66:68:6c:8b:29:31:91:d9:
         c6:9f:7c:ac:11:bc:49:76:46:8c:cd:d0:80:70:7f:54:f5:4b:
         c8:74:19:40:8a:9a:f6:e9:2e:92:af:d0:9f:39:d4:64:3f:d6:
         05:36:78:c0:ef:80:fb:a2:0f:74:41:b0:69:b9:e4:09:ce:85:
         13:45:51:ca:fe:93:ab:d2:94:0c:7b:90:26:40:d2:42:65:a6:
         3c:a8:8f:f2
-----BEGIN CERTIFICATE-----
MIIGBTCCBO2gAwIBAgICQtQwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkw
REM1QkUxMTAvBgNVBAUTKDBDRkNFNzc4NTdGQ0YwMUYzOUQ5OUE2MkI0QUE2MkU2
MTU5RTc2RjgwHhcNMjMwOTE5MTMxMzEwWhcNMjUwMzAyMDAwMDAwWjBGMREwDwYD
VQQDEwhBOTEzM0UxNjExMC8GA1UEBRMoMUI5MDIyNjYzMjIxRDhDRTdBRUVCMDNG
M0Y1Nzk5RjBENTdFQTYxNjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AJyDjy+9Gua7xFc17ECxTm3Frlm7GQpbDmEPX/izmdquOgBNLSFgbVMvV3nP4pRj
VcXu2JrLnlcI4+aXEypPl+3NyTSHGZxcMJdwWUxhgPtkTR7Wa1yk0QCaJtfIBUD4
CgWiGPnMdnXmhw2GOCTGYuDpxL6WWkE5tWKjPjpTsVOvLVFjWLUf6rRuS5IiEZdi
dKse8hJz6qsRWmRk53gJSsTYA4sqDHV47pic9gqVEw7B42ZktWWgZyiAAh9YPU/N
OinCeRsg4Jk7UoMv3Hmg7MrUS6Ng+rkle1rUf1vm3Vd3rsS3e1xRhhC3OyM79RSh
iHlxFloibcjJw7aH9VnjldkCAwEAAaOCAvswggL3MB0GA1UdDgQWBBQbkCJmMiHY
znrusD8/V5nw1X6mFjAfBgNVHSMEGDAWgBQM/Od4V/zwHznZmmK0qmLmFZ52+DAO
BgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zBzBgNVHR8EbDBqMGigZqBk
hmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjMyMkE1RjQxRDY2
MTFFMkEzRjI3RjdDNzJGRDFGRjIvRFB6bmVGZjg4Qjg1MlpwaXRLcGk1aFdlZHZn
LmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5h
cG5pYy5uZXQvcmVwb3NpdG9yeS85ODA2NTJFMEI3N0UxMUU3QTk2QTM5NTIxQTRG
NEZCNC9EUHpuZUZmODhCODUyWnBpdEtwaTVoV2VkdmcuY2VyMEoGA1UdIAEB/wRA
MD4wPAYIKwYBBQUHDgIwMDAuBggrBgEFBQcCARYiaHR0cHM6Ly93d3cuYXBuaWMu
bmV0L1JQS0kvQ1BTLnBkZjCCASgGCCsGAQUFBwELBIIBGjCCARYwXwYIKwYBBQUH
MAWGU3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MzNFMTYvRjQ3QjZDRDRBQzc0MTFFQTg2RUE5RjQ4QzRGOUFFMDIvMH4GCCsGAQUF
BzAKhnJyc3luYzovL3Jwa2kuYXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5
MTMzRTE2L0Y0N0I2Q0Q0QUM3NDExRUE4NkVBOUY0OEM0RjlBRTAyL0c1QWlaaklo
Mk01NjdyQV9QMWVaOE5WLXBoWS5tZnQwMwYIKwYBBQUHMA2GJ2h0dHBzOi8vcnJk
cC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAnBggrBgEFBQcBBwEB/wQYMBYw
FAQCAAEwDjAMAwQEXr7QAwQEXr7gMA0GCSqGSIb3DQEBCwUAA4IBAQAFuvW9LfC4
eemiisguZ1r0Y0tIwolIhK1lBYpJKxOFHVMr8VQkAaeUARV+gF5ZPvchgeYPrRzh
DHXEROPiAHKLs1u2kgtLi/eZY2dwywp6j9Z+1gbeFfNLS80OpzGj+Jyy3qbG/T8y
xQ+wFpD0vGlxYsAvKy6xev6EeWExFnuqtdrpaWi0lVQGfwogT3FCoW4i9rZiaRi1
edqJvqREKKGV3iWWkRbPgqeXLpPHZmhsiykxkdnGn3ysEbxJdkaMzdCAcH9U9UvI
dBlAipr26S6Sr9CfOdRkP9YFNnjA74D7og90QbBpueQJzoUTRVHK/pOr0pQMe5Am
QNJCZaY8qI/y
-----END CERTIFICATE-----
Generated at Fri Nov 22 04:05:41 2024 by rpki-client on console-ams.rpki-client.org