Certificate

$ rpki-client -vvf rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ovb2YTEslb8FoLUjCxNx1GIv1ic.cer
File:                     ovb2YTEslb8FoLUjCxNx1GIv1ic.cer (raw, json)
Hash identifier:          RAZbWC4pWXyziD109YItjIR5LBsVUhZTKI1jFzgU2t8=
Subject key identifier:   A2:F6:F6:61:31:2C:95:BF:05:A0:B5:23:0B:13:71:D4:62:2F:D6:27
Authority key identifier: 74:01:65:A8:0D:10:71:97:0A:BC:09:C0:2B:71:C1:AC:7C:1D:6E:0E
Certificate issuer:       /CN=A90DC5BE/serialNumber=740165A80D1071970ABC09C02B71C1AC7C1D6E0E
Certificate serial:       5104
Authority info access:    rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
Manifest:                 rsync://rpki.apnic.net/member_repository/A91E7BC4/261D2830D50D11E9BAD6C226C4F9AE02/ovb2YTEslb8FoLUjCxNx1GIv1ic.mft
caRepository:             rsync://rpki.apnic.net/member_repository/A91E7BC4/261D2830D50D11E9BAD6C226C4F9AE02/
Notify URL:               https://rrdp.apnic.net/notification.xml
Certificate not before:   Tue 23 Jan 2024 21:24:01 +0000
Certificate not after:    Mon 31 Mar 2025 00:00:00 +0000
Subordinate resources:    IP: 161.142.0.0/16
                          IP: 192.228.128.0/17

Validation:               OK
Signature path:           rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 04 Apr 2024 12:13:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 20740 (0x5104)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A90DC5BE/serialNumber=740165A80D1071970ABC09C02B71C1AC7C1D6E0E
        Validity
            Not Before: Jan 23 21:24:01 2024 GMT
            Not After : Mar 31 00:00:00 2025 GMT
        Subject: CN=A91E7BC4/serialNumber=A2F6F661312C95BF05A0B5230B1371D4622FD627
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:cb:8c:c9:6a:11:2c:07:ba:bd:05:90:e5:c5:
                    56:0c:f1:a2:4f:9c:37:a3:4d:b0:51:09:7a:63:b6:
                    82:cf:d1:5b:b4:2f:c0:e8:32:82:b6:61:4d:6b:c7:
                    0b:d6:bf:db:d0:26:d1:96:13:18:c0:6f:2c:fa:e6:
                    8a:a4:0a:d4:df:a7:0d:6f:42:2e:63:7a:88:ca:c1:
                    2c:ae:6e:1d:f4:1d:99:0c:c9:7d:98:8a:b0:e6:e9:
                    d9:3b:f6:b1:e9:55:72:1d:9c:05:91:75:f9:fd:7d:
                    4f:7a:a3:ff:6f:3a:0b:b8:10:d3:a4:17:c2:5f:75:
                    71:a5:9c:13:48:fa:7d:a6:53:2a:7f:34:3b:d0:1c:
                    df:3d:b5:2c:f0:ca:c4:9a:85:0c:07:6e:f6:65:d8:
                    c3:ca:f9:ff:5a:f2:b7:30:6c:ae:0d:8d:51:43:ec:
                    be:c5:13:03:b3:c1:35:e5:e9:a7:09:97:34:01:c5:
                    4a:5a:d1:6e:13:8a:b2:f7:32:56:29:14:86:80:fe:
                    a5:5d:79:33:72:0d:81:9b:bf:25:3d:bc:d0:cc:65:
                    db:72:a5:87:17:2c:09:d3:04:82:4f:d8:c8:9d:62:
                    0f:81:df:9d:00:43:11:07:78:5d:98:40:b0:c5:9d:
                    96:59:26:9b:fa:df:3d:55:7f:7f:8d:ba:96:0a:5a:
                    e1:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:F6:F6:61:31:2C:95:BF:05:A0:B5:23:0B:13:71:D4:62:2F:D6:27
            X509v3 Authority Key Identifier:
                keyid:74:01:65:A8:0D:10:71:97:0A:BC:09:C0:2B:71:C1:AC:7C:1D:6E:0E

            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                CA Repository - URI:rsync://rpki.apnic.net/member_repository/A91E7BC4/261D2830D50D11E9BAD6C226C4F9AE02/
                RPKI Manifest - URI:rsync://rpki.apnic.net/member_repository/A91E7BC4/261D2830D50D11E9BAD6C226C4F9AE02/ovb2YTEslb8FoLUjCxNx1GIv1ic.mft
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  161.142.0.0/16
                  192.228.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         56:01:2e:6d:44:b6:52:69:f3:a1:63:35:b3:48:89:b9:05:6c:
         3c:6d:6a:70:39:84:07:5c:a2:d6:87:c0:1d:13:d1:03:e8:87:
         f5:17:ba:af:5f:8c:2e:c5:08:9d:3d:b4:22:d7:dd:2b:a2:df:
         53:5d:6f:f4:29:a6:2e:c9:92:8f:79:d5:90:10:1d:c7:cf:82:
         92:e6:d6:d7:19:bc:7b:ac:2b:2c:3e:5f:94:a2:b7:67:eb:17:
         0c:8f:72:af:a0:41:cd:c2:c6:24:7c:ff:f3:66:d7:cb:6c:26:
         12:5f:13:53:2f:43:d8:c3:b2:62:35:2e:55:f9:ae:6a:c9:a9:
         a3:1e:5e:02:1f:1a:8f:3f:e0:7d:1d:b7:2a:71:f9:09:48:91:
         a3:67:30:a7:f8:8e:c9:6b:cb:17:7e:1f:63:a4:27:e9:28:08:
         7a:fb:b5:c6:f6:42:17:97:0d:82:b8:a8:07:01:d6:fd:02:e6:
         78:ac:00:74:71:a2:a1:5e:e7:4c:6a:45:ef:31:3f:ee:67:a7:
         d0:46:ac:c1:b2:2d:d9:da:e0:03:e3:03:56:a7:0b:be:fc:a9:
         ea:96:14:b9:9d:54:0f:be:08:a0:ed:f0:35:5c:39:fb:ba:c0:
         24:e3:44:fc:bc:80:20:76:f5:0c:e8:08:de:a7:27:41:4a:fc:
         4f:d0:a6:24
-----BEGIN CERTIFICATE-----
MIIGAjCCBOqgAwIBAgICUQQwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkw
REM1QkUxMTAvBgNVBAUTKDc0MDE2NUE4MEQxMDcxOTcwQUJDMDlDMDJCNzFDMUFD
N0MxRDZFMEUwHhcNMjQwMTIzMjEyNDAxWhcNMjUwMzMxMDAwMDAwWjBGMREwDwYD
VQQDEwhBOTFFN0JDNDExMC8GA1UEBRMoQTJGNkY2NjEzMTJDOTVCRjA1QTBCNTIz
MEIxMzcxRDQ2MjJGRDYyNzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AKnLjMlqESwHur0FkOXFVgzxok+cN6NNsFEJemO2gs/RW7QvwOgygrZhTWvHC9a/
29Am0ZYTGMBvLPrmiqQK1N+nDW9CLmN6iMrBLK5uHfQdmQzJfZiKsObp2Tv2selV
ch2cBZF1+f19T3qj/286C7gQ06QXwl91caWcE0j6faZTKn80O9Ac3z21LPDKxJqF
DAdu9mXYw8r5/1rytzBsrg2NUUPsvsUTA7PBNeXppwmXNAHFSlrRbhOKsvcyVikU
hoD+pV15M3INgZu/JT280Mxl23KlhxcsCdMEgk/YyJ1iD4HfnQBDEQd4XZhAsMWd
llkmm/rfPVV/f426lgpa4UMCAwEAAaOCAvgwggL0MB0GA1UdDgQWBBSi9vZhMSyV
vwWgtSMLE3HUYi/WJzAfBgNVHSMEGDAWgBR0AWWoDRBxlwq8CcArccGsfB1uDjAO
BgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zBzBgNVHR8EbDBqMGigZqBk
hmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRGMjAxRDY2
MTFFMjhBQzg4MzdDNzJGRDFGRjIvZEFGbHFBMFFjWmNLdkFuQUszSEJySHdkYmc0
LmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5h
cG5pYy5uZXQvcmVwb3NpdG9yeS85ODA2NTJFMEI3N0UxMUU3QTk2QTM5NTIxQTRG
NEZCNC9kQUZscUEwUWNaY0t2QW5BSzNIQnJId2RiZzQuY2VyMEoGA1UdIAEB/wRA
MD4wPAYIKwYBBQUHDgIwMDAuBggrBgEFBQcCARYiaHR0cHM6Ly93d3cuYXBuaWMu
bmV0L1JQS0kvQ1BTLnBkZjCCASgGCCsGAQUFBwELBIIBGjCCARYwXwYIKwYBBQUH
MAWGU3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RTdCQzQvMjYxRDI4MzBENTBEMTFFOUJBRDZDMjI2QzRGOUFFMDIvMH4GCCsGAQUF
BzAKhnJyc3luYzovL3Jwa2kuYXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5
MUU3QkM0LzI2MUQyODMwRDUwRDExRTlCQUQ2QzIyNkM0RjlBRTAyL292YjJZVEVz
bGI4Rm9MVWpDeE54MUdJdjFpYy5tZnQwMwYIKwYBBQUHMA2GJ2h0dHBzOi8vcnJk
cC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAkBggrBgEFBQcBBwEB/wQVMBMw
EQQCAAEwCwMDAKGOAwQHwOSAMA0GCSqGSIb3DQEBCwUAA4IBAQBWAS5tRLZSafOh
YzWzSIm5BWw8bWpwOYQHXKLWh8AdE9ED6If1F7qvX4wuxQidPbQi190rot9TXW/0
KaYuyZKPedWQEB3Hz4KS5tbXGbx7rCssPl+Uordn6xcMj3KvoEHNwsYkfP/zZtfL
bCYSXxNTL0PYw7JiNS5V+a5qyamjHl4CHxqPP+B9HbcqcfkJSJGjZzCn+I7Ja8sX
fh9jpCfpKAh6+7XG9kIXlw2CuKgHAdb9AuZ4rAB0caKhXudMakXvMT/uZ6fQRqzB
si3Z2uAD4wNWpwu+/KnqlhS5nVQPvgig7fA1XDn7usAk40T8vIAgdvUM6AjepydB
SvxP0KYk
-----END CERTIFICATE-----
Generated at Thu Mar 28 13:33:39 2024 by rpki-client on console-ams.rpki-client.org