Certificate

$ rpki-client -vvf rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/2yzMqD2FMojFAM38OuHi_qBJ9RQ.cer
File:                     2yzMqD2FMojFAM38OuHi_qBJ9RQ.cer (raw, json)
Hash identifier:          YUFLgbKWfhOOJbdTgAzFxJd+eQkKSQlXJuQcSKtZNCk=
Subject key identifier:   DB:2C:CC:A8:3D:85:32:88:C5:00:CD:FC:3A:E1:E2:FE:A0:49:F5:14
Authority key identifier: 0E:65:A4:F5:FD:36:B5:BD:68:EB:3C:92:34:08:97:8C:90:7A:A7:9F
Certificate issuer:       /CN=A90DC5BE/serialNumber=0E65A4F5FD36B5BD68EB3C923408978C907AA79F
Certificate serial:       01C2A8
Authority info access:    rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
Manifest:                 rsync://rpki.apnic.net/member_repository/A91CD00C/CAA8861EC60111EC95FF1E11C4F9AE02/2yzMqD2FMojFAM38OuHi_qBJ9RQ.mft
caRepository:             rsync://rpki.apnic.net/member_repository/A91CD00C/CAA8861EC60111EC95FF1E11C4F9AE02/
Notify URL:               https://rrdp.apnic.net/notification.xml
Certificate not before:   Sat 07 Oct 2023 18:28:34 +0000
Certificate not after:    Mon 30 Dec 2024 00:00:00 +0000
Subordinate resources:    AS: 133732
                          IP: 43.248.64.0/22
                          IP: 103.39.152.0/22

Validation:               OK
Signature path:           rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 05 Apr 2024 04:49:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 115368 (0x1c2a8)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A90DC5BE/serialNumber=0E65A4F5FD36B5BD68EB3C923408978C907AA79F
        Validity
            Not Before: Oct  7 18:28:34 2023 GMT
            Not After : Dec 30 00:00:00 2024 GMT
        Subject: CN=A91CD00C/serialNumber=DB2CCCA83D853288C500CDFC3AE1E2FEA049F514
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:15:25:cc:dc:69:c5:62:e9:7a:a9:fa:8c:6d:
                    c6:ae:bd:22:09:fd:8e:a8:38:f7:8f:45:b8:19:49:
                    33:f0:1e:66:58:a5:d0:57:00:bc:3b:6f:4f:a2:a1:
                    be:ad:e1:5b:aa:5e:c9:83:5e:29:1a:86:e6:d1:fa:
                    da:f3:7a:9d:4a:27:69:7f:53:c9:83:4f:0b:78:b6:
                    a9:5f:c4:c8:06:12:8c:c0:b0:ac:a3:a1:48:16:e2:
                    be:c7:b0:bc:78:95:11:78:65:a6:b5:82:29:ea:a6:
                    7b:5d:0b:89:b9:89:0c:90:88:97:86:da:76:72:5a:
                    85:ff:3f:4c:be:f6:42:d3:ed:fe:de:f9:d7:a2:13:
                    c8:8d:39:5d:4d:eb:e4:19:d9:be:22:34:2c:2a:76:
                    46:c7:03:a1:b4:c4:b7:c7:fa:0c:ab:d8:73:61:60:
                    dc:7a:f8:95:ec:d5:5f:52:18:34:58:3f:4c:af:47:
                    75:2c:80:f9:ea:c2:f3:e3:bf:3d:4a:42:12:95:3e:
                    67:bc:c3:18:80:ea:50:ee:0c:39:36:89:de:d2:ca:
                    34:79:4d:df:43:c6:31:18:29:a8:bc:4f:89:85:ba:
                    89:15:38:56:ea:34:c5:55:d2:0f:17:dd:a2:e5:94:
                    0c:ed:fe:a6:93:9d:e5:b6:66:f1:f7:23:ec:f6:08:
                    06:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:2C:CC:A8:3D:85:32:88:C5:00:CD:FC:3A:E1:E2:FE:A0:49:F5:14
            X509v3 Authority Key Identifier:
                keyid:0E:65:A4:F5:FD:36:B5:BD:68:EB:3C:92:34:08:97:8C:90:7A:A7:9F

            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                CA Repository - URI:rsync://rpki.apnic.net/member_repository/A91CD00C/CAA8861EC60111EC95FF1E11C4F9AE02/
                RPKI Manifest - URI:rsync://rpki.apnic.net/member_repository/A91CD00C/CAA8861EC60111EC95FF1E11C4F9AE02/2yzMqD2FMojFAM38OuHi_qBJ9RQ.mft
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  133732

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.248.64.0/22
                  103.39.152.0/22

    Signature Algorithm: sha256WithRSAEncryption
         ae:b2:60:1d:d6:70:ac:1c:79:ef:41:e8:70:51:0f:da:12:7c:
         81:90:40:41:2a:f4:70:b8:26:8b:22:9f:77:36:32:6c:8d:2b:
         10:49:d7:08:3c:c3:a0:9c:62:c7:5c:a2:34:01:a1:5f:30:39:
         1e:a8:5c:35:d9:96:9c:8d:18:1b:d7:3b:d5:9f:59:47:aa:62:
         3f:fe:ac:36:dd:67:ac:b5:d3:2a:26:7b:ae:f0:7a:4c:88:0e:
         d2:f3:e1:6f:53:8f:c9:95:46:38:3d:a2:88:e1:5e:8e:8a:55:
         59:a6:40:bc:da:6a:dd:0a:a4:75:7f:78:c4:5e:f3:50:05:3b:
         07:c9:db:8e:3d:aa:e4:82:f5:85:bb:ee:38:72:ad:c4:8b:33:
         d1:ef:f3:5c:45:43:7e:e9:cd:f7:7c:4e:ea:7a:c3:9d:33:15:
         d9:97:6b:e7:db:fa:39:08:59:2e:c0:d8:0b:64:aa:3c:47:38:
         8c:88:0d:30:06:1a:2a:13:a3:40:3b:1f:17:ca:62:b4:0b:83:
         d7:ac:f4:70:9a:db:96:8f:35:a6:ae:ef:ad:50:7e:e4:aa:3f:
         d9:9e:0e:73:44:86:be:e7:75:d1:d0:63:d3:23:47:a1:98:5e:
         57:d3:8e:58:73:aa:84:de:c7:19:27:0e:b9:96:7d:56:55:bb:
         a6:88:f4:46
-----BEGIN CERTIFICATE-----
MIIGIDCCBQigAwIBAgIDAcKoMA0GCSqGSIb3DQEBCwUAMEYxETAPBgNVBAMTCEE5
MERDNUJFMTEwLwYDVQQFEygwRTY1QTRGNUZEMzZCNUJENjhFQjNDOTIzNDA4OTc4
QzkwN0FBNzlGMB4XDTIzMTAwNzE4MjgzNFoXDTI0MTIzMDAwMDAwMFowRjERMA8G
A1UEAxMIQTkxQ0QwMEMxMTAvBgNVBAUTKERCMkNDQ0E4M0Q4NTMyODhDNTAwQ0RG
QzNBRTFFMkZFQTA0OUY1MTQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQC7FSXM3GnFYul6qfqMbcauvSIJ/Y6oOPePRbgZSTPwHmZYpdBXALw7b0+iob6t
4VuqXsmDXikahubR+trzep1KJ2l/U8mDTwt4tqlfxMgGEozAsKyjoUgW4r7HsLx4
lRF4Zaa1ginqpntdC4m5iQyQiJeG2nZyWoX/P0y+9kLT7f7e+deiE8iNOV1N6+QZ
2b4iNCwqdkbHA6G0xLfH+gyr2HNhYNx6+JXs1V9SGDRYP0yvR3UsgPnqwvPjvz1K
QhKVPme8wxiA6lDuDDk2id7SyjR5Td9DxjEYKai8T4mFuokVOFbqNMVV0g8X3aLl
lAzt/qaTneW2ZvH3I+z2CAZ5AgMBAAGjggMVMIIDETAdBgNVHQ4EFgQU2yzMqD2F
MojFAM38OuHi/qBJ9RQwHwYDVR0jBBgwFoAUDmWk9f02tb1o6zySNAiXjJB6p58w
DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wcwYDVR0fBGwwajBooGag
ZIZicnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2
NjExRTJCQjQ2OEY3QzcyRkQxRkYyL0RtV2s5ZjAydGIxbzZ6eVNOQWlYakpCNnA1
OC5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvOTgwNjUyRTBCNzdFMTFFN0E5NkEzOTUyMUE0
RjRGQjQvRG1XazlmMDJ0YjFvNnp5U05BaVhqSkI2cDU4LmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwggEoBggrBgEFBQcBCwSCARowggEWMF8GCCsGAQUF
BzAFhlNyc3luYzovL3Jwa2kuYXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5
MUNEMDBDL0NBQTg4NjFFQzYwMTExRUM5NUZGMUUxMUM0RjlBRTAyLzB+BggrBgEF
BQcwCoZycnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9B
OTFDRDAwQy9DQUE4ODYxRUM2MDExMUVDOTVGRjFFMTFDNEY5QUUwMi8yeXpNcUQy
Rk1vakZBTTM4T3VIaV9xQko5UlEubWZ0MDMGCCsGAQUFBzANhidodHRwczovL3Jy
ZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwGgYIKwYBBQUHAQgBAf8ECzAJ
oAcwBQIDAgpkMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCK/hAAwQCZyeY
MA0GCSqGSIb3DQEBCwUAA4IBAQCusmAd1nCsHHnvQehwUQ/aEnyBkEBBKvRwuCaL
Ip93NjJsjSsQSdcIPMOgnGLHXKI0AaFfMDkeqFw12ZacjRgb1zvVn1lHqmI//qw2
3WestdMqJnuu8HpMiA7S8+FvU4/JlUY4PaKI4V6OilVZpkC82mrdCqR1f3jEXvNQ
BTsHyduOParkgvWFu+44cq3EizPR7/NcRUN+6c33fE7qesOdMxXZl2vn2/o5CFku
wNgLZKo8RziMiA0wBhoqE6NAOx8XymK0C4PXrPRwmtuWjzWmru+tUH7kqj/Zng5z
RIa+53XR0GPTI0ehmF5X045Yc6qE3scZJw65ln1WVbumiPRG
-----END CERTIFICATE-----
Generated at Fri Mar 29 06:01:59 2024 by rpki-client on console-fra.rpki-client.org