Certificate

$ rpki-client -vvf rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Dqs1IPA4WfwL0vT7GzbSabvqSEQ.cer
File:                     Dqs1IPA4WfwL0vT7GzbSabvqSEQ.cer (raw, json)
Hash identifier:          GnYoutag4PYF/f+xVKHyxHCstsXjrmNAx0C4ERlrnK0=
Subject key identifier:   0E:AB:35:20:F0:38:59:FC:0B:D2:F4:FB:1B:36:D2:69:BB:EA:48:44
Authority key identifier: 0E:65:A4:F5:FD:36:B5:BD:68:EB:3C:92:34:08:97:8C:90:7A:A7:9F
Certificate issuer:       /CN=A90DC5BE/serialNumber=0E65A4F5FD36B5BD68EB3C923408978C907AA79F
Certificate serial:       01340B
Authority info access:    rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
Manifest:                 rsync://rpki.apnic.net/member_repository/A91B0EF4/99E3491841D811ECBFB5FC78C4F9AE02/Dqs1IPA4WfwL0vT7GzbSabvqSEQ.mft
caRepository:             rsync://rpki.apnic.net/member_repository/A91B0EF4/99E3491841D811ECBFB5FC78C4F9AE02/
Notify URL:               https://rrdp.apnic.net/notification.xml
Certificate not before:   Wed 10 Nov 2021 03:45:18 +0000
Certificate not after:    Fri 30 Dec 2022 00:00:00 +0000
Subordinate resources:    AS: 133739
                          IP: 43.243.236.0/22
                          IP: 103.39.60.0/22
                          IP: 2400:1ee0::/32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 78859 (0x1340b)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A90DC5BE/serialNumber=0E65A4F5FD36B5BD68EB3C923408978C907AA79F
        Validity
            Not Before: Nov 10 03:45:18 2021 GMT
            Not After : Dec 30 00:00:00 2022 GMT
        Subject: CN=A91B0EF4/serialNumber=0EAB3520F03859FC0BD2F4FB1B36D269BBEA4844
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:6f:24:f7:ad:7c:59:0d:0d:4f:85:48:d0:8e:
                    32:cc:31:73:eb:17:ce:da:8b:14:69:98:a5:4a:ce:
                    1e:d4:18:b9:9c:d9:5d:86:38:0f:77:c8:3a:1f:6f:
                    42:4d:df:aa:ba:06:84:bd:08:3a:db:7b:06:b6:d0:
                    43:dc:2e:bf:b9:64:1e:63:85:81:23:ec:8b:40:aa:
                    bc:4c:16:98:43:85:ec:18:5f:d8:ec:f7:b8:2d:45:
                    34:34:71:2b:3a:b5:b1:0c:1f:a0:8e:e1:0c:79:6e:
                    64:14:b6:bf:48:2c:91:9a:66:b5:91:00:72:54:a4:
                    18:10:59:f7:51:74:e6:82:d9:3f:ec:b0:e0:5e:e1:
                    25:5d:48:ff:89:9d:2d:2d:f5:fe:15:72:12:d9:17:
                    b9:d3:fa:72:fe:fa:dd:30:c7:26:d2:b8:30:d4:dc:
                    0b:8a:cf:47:32:2b:f6:38:13:40:f6:7d:e6:31:ce:
                    29:e0:45:31:db:b2:65:3d:55:1b:c0:6b:3d:16:73:
                    f9:9a:9b:96:6a:50:cd:da:26:db:26:40:6a:52:24:
                    49:7b:48:1c:18:cb:fa:aa:54:ca:3b:30:56:c1:1e:
                    62:33:5e:1c:8d:24:49:b8:5f:e4:56:95:05:c4:40:
                    51:6a:66:bc:ca:3d:94:54:8b:4e:f7:5c:a1:1b:46:
                    c6:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:AB:35:20:F0:38:59:FC:0B:D2:F4:FB:1B:36:D2:69:BB:EA:48:44
            X509v3 Authority Key Identifier:
                keyid:0E:65:A4:F5:FD:36:B5:BD:68:EB:3C:92:34:08:97:8C:90:7A:A7:9F

            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                CA Repository - URI:rsync://rpki.apnic.net/member_repository/A91B0EF4/99E3491841D811ECBFB5FC78C4F9AE02/
                RPKI Manifest - URI:rsync://rpki.apnic.net/member_repository/A91B0EF4/99E3491841D811ECBFB5FC78C4F9AE02/Dqs1IPA4WfwL0vT7GzbSabvqSEQ.mft
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  133739

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.243.236.0/22
                  103.39.60.0/22
                IPv6:
                  2400:1ee0::/32

    Signature Algorithm: sha256WithRSAEncryption
         3e:01:9d:75:c3:88:e9:f8:96:eb:2e:c3:d4:bc:1d:7d:05:c2:
         d7:10:eb:b4:b7:0f:58:ef:aa:bd:38:ef:ce:de:6b:ba:cb:bd:
         14:11:04:8d:ee:03:dd:96:2d:1c:45:84:5e:10:78:b3:28:d2:
         9a:c9:66:46:13:0d:8b:9a:56:08:bd:9d:57:4a:b6:5e:14:4b:
         d1:7b:c3:c0:1e:51:10:75:34:51:59:da:38:fd:a7:bb:aa:17:
         3b:23:1b:05:24:34:2b:b9:f6:b7:82:da:d2:78:57:5c:1c:67:
         ab:9f:c6:85:3d:e3:98:d9:df:35:7f:6a:1b:57:43:08:c1:5a:
         ca:5a:32:1d:60:8a:9a:0f:32:ef:a4:9e:1e:fb:59:3c:2e:53:
         24:26:bc:23:45:69:35:85:7f:b0:ac:39:19:20:ed:f6:96:2d:
         c2:00:94:ee:8b:1e:04:03:c6:37:07:87:14:a3:37:76:e0:81:
         48:c7:0c:26:93:31:bf:05:dd:4a:2a:b2:7e:77:61:48:67:ec:
         8b:78:e9:76:85:c3:9f:bd:5f:81:2c:be:9e:63:c0:23:c9:60:
         b8:40:1d:61:52:a0:32:6a:e4:5d:87:8a:f2:90:9a:a8:a3:61:
         37:06:29:9e:5d:1f:ab:50:40:ae:e1:85:3f:b7:75:19:6c:3c:
         eb:b1:92:64
-----BEGIN CERTIFICATE-----
MIIGLzCCBRegAwIBAgIDATQLMA0GCSqGSIb3DQEBCwUAMEYxETAPBgNVBAMTCEE5
MERDNUJFMTEwLwYDVQQFEygwRTY1QTRGNUZEMzZCNUJENjhFQjNDOTIzNDA4OTc4
QzkwN0FBNzlGMB4XDTIxMTExMDAzNDUxOFoXDTIyMTIzMDAwMDAwMFowRjERMA8G
A1UEAxMIQTkxQjBFRjQxMTAvBgNVBAUTKDBFQUIzNTIwRjAzODU5RkMwQkQyRjRG
QjFCMzZEMjY5QkJFQTQ4NDQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQCUbyT3rXxZDQ1PhUjQjjLMMXPrF87aixRpmKVKzh7UGLmc2V2GOA93yDofb0JN
36q6BoS9CDrbewa20EPcLr+5ZB5jhYEj7ItAqrxMFphDhewYX9js97gtRTQ0cSs6
tbEMH6CO4Qx5bmQUtr9ILJGaZrWRAHJUpBgQWfdRdOaC2T/ssOBe4SVdSP+JnS0t
9f4VchLZF7nT+nL++t0wxybSuDDU3AuKz0cyK/Y4E0D2feYxzingRTHbsmU9VRvA
az0Wc/mam5ZqUM3aJtsmQGpSJEl7SBwYy/qqVMo7MFbBHmIzXhyNJEm4X+RWlQXE
QFFqZrzKPZRUi073XKEbRsZPAgMBAAGjggMkMIIDIDAdBgNVHQ4EFgQUDqs1IPA4
WfwL0vT7GzbSabvqSEQwHwYDVR0jBBgwFoAUDmWk9f02tb1o6zySNAiXjJB6p58w
DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wcwYDVR0fBGwwajBooGag
ZIZicnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2
NjExRTJCQjQ2OEY3QzcyRkQxRkYyL0RtV2s5ZjAydGIxbzZ6eVNOQWlYakpCNnA1
OC5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvOTgwNjUyRTBCNzdFMTFFN0E5NkEzOTUyMUE0
RjRGQjQvRG1XazlmMDJ0YjFvNnp5U05BaVhqSkI2cDU4LmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwggEoBggrBgEFBQcBCwSCARowggEWMF8GCCsGAQUF
BzAFhlNyc3luYzovL3Jwa2kuYXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5
MUIwRUY0Lzk5RTM0OTE4NDFEODExRUNCRkI1RkM3OEM0RjlBRTAyLzB+BggrBgEF
BQcwCoZycnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9B
OTFCMEVGNC85OUUzNDkxODQxRDgxMUVDQkZCNUZDNzhDNEY5QUUwMi9EcXMxSVBB
NFdmd0wwdlQ3R3piU2FidnFTRVEubWZ0MDMGCCsGAQUFBzANhidodHRwczovL3Jy
ZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwGgYIKwYBBQUHAQgBAf8ECzAJ
oAcwBQIDAgprMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCK/PsAwQCZyc8
MA0EAgACMAcDBQAkAB7gMA0GCSqGSIb3DQEBCwUAA4IBAQA+AZ11w4jp+JbrLsPU
vB19BcLXEOu0tw9Y76q9OO/O3mu6y70UEQSN7gPdli0cRYReEHizKNKayWZGEw2L
mlYIvZ1XSrZeFEvRe8PAHlEQdTRRWdo4/ae7qhc7IxsFJDQrufa3gtrSeFdcHGer
n8aFPeOY2d81f2obV0MIwVrKWjIdYIqaDzLvpJ4e+1k8LlMkJrwjRWk1hX+wrDkZ
IO32li3CAJTuix4EA8Y3B4cUozd24IFIxwwmkzG/Bd1KKrJ+d2FIZ+yLeOl2hcOf
vV+BLL6eY8AjyWC4QB1hUqAyauRdh4rykJqoo2E3BimeXR+rUECu4YU/t3UZbDzr
sZJk
-----END CERTIFICATE-----