Certificate

$ rpki-client -vvf rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/mFjOS0vHLnbmaMR9RImMCQiWq-s.cer
File:                     mFjOS0vHLnbmaMR9RImMCQiWq-s.cer (raw, json)
Hash identifier:          M5TTOqC0s0QqOBbOIeyoiinRXVgCa8P2BMfvFIllmm0=
Subject key identifier:   98:58:CE:4B:4B:C7:2E:76:E6:68:C4:7D:44:89:8C:09:08:96:AB:EB
Authority key identifier: 74:01:65:A8:0D:10:71:97:0A:BC:09:C0:2B:71:C1:AC:7C:1D:6E:0E
Certificate issuer:       /CN=A90DC5BE/serialNumber=740165A80D1071970ABC09C02B71C1AC7C1D6E0E
Certificate serial:       4FA9
Authority info access:    rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
Manifest:                 rsync://rpki.apnic.net/member_repository/A91A4B1A/B45F3FC4819A11ED8D61BA2BC4F9AE02/mFjOS0vHLnbmaMR9RImMCQiWq-s.mft
caRepository:             rsync://rpki.apnic.net/member_repository/A91A4B1A/B45F3FC4819A11ED8D61BA2BC4F9AE02/
Notify URL:               https://rrdp.apnic.net/notification.xml
Certificate not before:   Thu 28 Dec 2023 16:24:49 +0000
Certificate not after:    Sun 02 Mar 2025 00:00:00 +0000
Subordinate resources:    IP: 129.60.0.0/16
                          IP: 192.5.216.0/24
                          IP: 192.26.94.0/24
                          IP: 192.47.167.0 -- 192.47.169.255
                          IP: 192.68.235.0 -- 192.68.249.255

Validation:               OK
Signature path:           rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 04 Apr 2024 15:53:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 20393 (0x4fa9)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A90DC5BE/serialNumber=740165A80D1071970ABC09C02B71C1AC7C1D6E0E
        Validity
            Not Before: Dec 28 16:24:49 2023 GMT
            Not After : Mar  2 00:00:00 2025 GMT
        Subject: CN=A91A4B1A/serialNumber=9858CE4B4BC72E76E668C47D44898C090896ABEB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:53:ca:a5:53:70:2f:83:db:ee:e3:b4:dc:8b:
                    09:41:f1:4f:41:60:b8:cc:07:3c:5b:2f:b5:50:78:
                    04:03:a2:dd:4e:e0:43:35:20:68:78:bd:a6:ba:e3:
                    aa:39:5c:55:1b:8a:f0:8d:69:b1:09:c8:b2:b7:ca:
                    a8:66:a2:3e:e7:bb:b5:ad:28:c4:5c:08:35:ae:7d:
                    84:8e:9a:b2:51:9c:71:fd:f0:b5:ec:d1:2a:df:88:
                    d1:88:d3:c7:16:fa:35:b7:9b:10:23:0e:7e:c8:09:
                    37:fa:15:92:36:b3:71:cb:a8:fc:d8:7c:f0:ad:7f:
                    06:96:fa:a2:eb:5a:38:a3:08:6b:9e:e2:d1:31:69:
                    c0:bf:98:24:64:a9:3f:d5:2d:33:0a:86:e7:af:98:
                    69:80:ce:25:5b:9f:54:aa:a8:e2:93:f5:5a:93:2d:
                    0a:42:43:28:75:75:7b:0d:a7:0c:4e:c9:12:a9:15:
                    15:5a:05:8a:b2:d6:ae:7c:46:6f:f6:5e:a9:68:73:
                    3e:12:37:c4:49:bc:ea:40:54:54:ec:c8:8a:ec:e8:
                    b7:7c:15:c8:f2:f8:5a:6f:81:fa:a3:8e:28:cd:55:
                    52:98:b4:f1:6e:a0:2d:98:81:6e:67:d1:10:6a:07:
                    a3:ac:50:9f:06:34:9d:02:ea:0c:2d:3e:18:13:ef:
                    2e:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:58:CE:4B:4B:C7:2E:76:E6:68:C4:7D:44:89:8C:09:08:96:AB:EB
            X509v3 Authority Key Identifier:
                keyid:74:01:65:A8:0D:10:71:97:0A:BC:09:C0:2B:71:C1:AC:7C:1D:6E:0E

            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                CA Repository - URI:rsync://rpki.apnic.net/member_repository/A91A4B1A/B45F3FC4819A11ED8D61BA2BC4F9AE02/
                RPKI Manifest - URI:rsync://rpki.apnic.net/member_repository/A91A4B1A/B45F3FC4819A11ED8D61BA2BC4F9AE02/mFjOS0vHLnbmaMR9RImMCQiWq-s.mft
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  129.60.0.0/16
                  192.5.216.0/24
                  192.26.94.0/24
                  192.47.167.0-192.47.169.255
                  192.68.235.0-192.68.249.255

    Signature Algorithm: sha256WithRSAEncryption
         33:a5:76:61:71:6c:73:d5:c5:66:f3:04:99:72:d2:3b:43:5a:
         8e:8b:69:68:73:49:2e:38:0a:91:3f:a3:27:a1:1a:49:45:e3:
         93:ca:91:36:41:0e:6d:34:6f:b0:66:99:ec:e5:4d:0b:ea:e0:
         74:24:dd:92:a7:a4:62:f5:bd:fa:7e:d0:9f:4e:2a:02:08:6f:
         0c:b5:e5:06:88:cc:2a:42:47:d6:f9:5b:cd:9f:1e:4e:54:40:
         34:6d:27:3a:ba:2d:de:ad:d5:f4:70:4a:74:fd:39:60:3e:ed:
         13:5c:05:54:95:b7:34:a1:4e:39:40:be:f4:c7:9f:a1:30:b9:
         1a:29:32:5c:0b:6f:b6:0e:6b:17:cf:68:9f:a4:76:e9:f3:f8:
         5f:d3:45:e7:b9:2f:86:0a:f8:c2:ab:ff:81:41:ab:10:6b:93:
         f0:39:0d:4c:24:3f:fd:91:50:fc:8c:15:87:e7:3b:4f:bf:4a:
         d9:4d:7b:76:bb:88:4c:dd:bb:ef:d5:f5:76:b9:f5:b3:de:f2:
         7b:1e:d4:90:3e:40:4e:f6:2c:ee:4f:df:4d:e9:3a:fe:a9:31:
         bf:e3:a4:e2:79:b7:bc:b6:7d:c1:2f:84:89:c3:8d:ae:5f:32:
         f2:60:49:9b:10:87:f0:3d:d7:90:67:1f:6f:d4:4a:de:93:33:
         31:b4:92:d1
-----BEGIN CERTIFICATE-----
MIIGJDCCBQygAwIBAgICT6kwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkw
REM1QkUxMTAvBgNVBAUTKDc0MDE2NUE4MEQxMDcxOTcwQUJDMDlDMDJCNzFDMUFD
N0MxRDZFMEUwHhcNMjMxMjI4MTYyNDQ5WhcNMjUwMzAyMDAwMDAwWjBGMREwDwYD
VQQDEwhBOTFBNEIxQTExMC8GA1UEBRMoOTg1OENFNEI0QkM3MkU3NkU2NjhDNDdE
NDQ4OThDMDkwODk2QUJFQjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AM5TyqVTcC+D2+7jtNyLCUHxT0FguMwHPFsvtVB4BAOi3U7gQzUgaHi9prrjqjlc
VRuK8I1psQnIsrfKqGaiPue7ta0oxFwINa59hI6aslGccf3wtezRKt+I0YjTxxb6
NbebECMOfsgJN/oVkjazccuo/Nh88K1/Bpb6outaOKMIa57i0TFpwL+YJGSpP9Ut
MwqG56+YaYDOJVufVKqo4pP1WpMtCkJDKHV1ew2nDE7JEqkVFVoFirLWrnxGb/Ze
qWhzPhI3xEm86kBUVOzIiuzot3wVyPL4Wm+B+qOOKM1VUpi08W6gLZiBbmfREGoH
o6xQnwY0nQLqDC0+GBPvLpcCAwEAAaOCAxowggMWMB0GA1UdDgQWBBSYWM5LS8cu
duZoxH1EiYwJCJar6zAfBgNVHSMEGDAWgBR0AWWoDRBxlwq8CcArccGsfB1uDjAO
BgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zBzBgNVHR8EbDBqMGigZqBk
hmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRGMjAxRDY2
MTFFMjhBQzg4MzdDNzJGRDFGRjIvZEFGbHFBMFFjWmNLdkFuQUszSEJySHdkYmc0
LmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5h
cG5pYy5uZXQvcmVwb3NpdG9yeS85ODA2NTJFMEI3N0UxMUU3QTk2QTM5NTIxQTRG
NEZCNC9kQUZscUEwUWNaY0t2QW5BSzNIQnJId2RiZzQuY2VyMEoGA1UdIAEB/wRA
MD4wPAYIKwYBBQUHDgIwMDAuBggrBgEFBQcCARYiaHR0cHM6Ly93d3cuYXBuaWMu
bmV0L1JQS0kvQ1BTLnBkZjCCASgGCCsGAQUFBwELBIIBGjCCARYwXwYIKwYBBQUH
MAWGU3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QTRCMUEvQjQ1RjNGQzQ4MTlBMTFFRDhENjFCQTJCQzRGOUFFMDIvMH4GCCsGAQUF
BzAKhnJyc3luYzovL3Jwa2kuYXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5
MUE0QjFBL0I0NUYzRkM0ODE5QTExRUQ4RDYxQkEyQkM0RjlBRTAyL21Gak9TMHZI
TG5ibWFNUjlSSW1NQ1FpV3Etcy5tZnQwMwYIKwYBBQUHMA2GJ2h0dHBzOi8vcnJk
cC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDBGBggrBgEFBQcBBwEB/wQ3MDUw
MwQCAAEwLQMDAIE8AwQAwAXYAwQAwBpeMAwDBADAL6cDBAHAL6gwDAMEAMBE6wME
AcBE+DANBgkqhkiG9w0BAQsFAAOCAQEAM6V2YXFsc9XFZvMEmXLSO0NajotpaHNJ
LjgKkT+jJ6EaSUXjk8qRNkEObTRvsGaZ7OVNC+rgdCTdkqekYvW9+n7Qn04qAghv
DLXlBojMKkJH1vlbzZ8eTlRANG0nOrot3q3V9HBKdP05YD7tE1wFVJW3NKFOOUC+
9MefoTC5GikyXAtvtg5rF89on6R26fP4X9NF57kvhgr4wqv/gUGrEGuT8DkNTCQ/
/ZFQ/IwVh+c7T79K2U17druITN2779X1drn1s97yex7UkD5ATvYs7k/fTek6/qkx
v+Ok4nm3vLZ9wS+EicONrl8y8mBJmxCH8D3XkGcfb9RK3pMzMbSS0Q==
-----END CERTIFICATE-----
Generated at Thu Mar 28 18:54:46 2024 by rpki-client on console-ams.rpki-client.org