Certificate

$ rpki-client -vvf rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/He4XpqM4DuSI7ztuISW4eOZAckg.cer
File:                     He4XpqM4DuSI7ztuISW4eOZAckg.cer (raw, json)
Hash identifier:          Q+VZegPliWc9gL+9ovBGw+aAWjbqX8Pw5yJgtIt4GO8=
Subject key identifier:   1D:EE:17:A6:A3:38:0E:E4:88:EF:3B:6E:21:25:B8:78:E6:40:72:48
Authority key identifier: 0E:65:A4:F5:FD:36:B5:BD:68:EB:3C:92:34:08:97:8C:90:7A:A7:9F
Certificate issuer:       /CN=A90DC5BE/serialNumber=0E65A4F5FD36B5BD68EB3C923408978C907AA79F
Certificate serial:       01E7FF
Authority info access:    rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
Manifest:                 rsync://rpki.apnic.net/member_repository/A91E8D22/3F7D68A8FDE511ED87841770C4F9AE02/He4XpqM4DuSI7ztuISW4eOZAckg.mft
caRepository:             rsync://rpki.apnic.net/member_repository/A91E8D22/3F7D68A8FDE511ED87841770C4F9AE02/
Notify URL:               https://rrdp.apnic.net/notification.xml
Certificate not before:   Mon 01 Apr 2024 03:31:25 +0000
Certificate not after:    Wed 28 May 2025 00:00:00 +0000
Subordinate resources:    AS: 133053
                          IP: 103.120.219.0/24
                          IP: 103.251.171.0/24
                          IP: 203.24.26.0/24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 30 Nov 2024 11:16:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 124927 (0x1e7ff)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A90DC5BE/serialNumber=0E65A4F5FD36B5BD68EB3C923408978C907AA79F
        Validity
            Not Before: Apr  1 03:31:25 2024 GMT
            Not After : May 28 00:00:00 2025 GMT
        Subject: CN=A91E8D22/serialNumber=1DEE17A6A3380EE488EF3B6E2125B878E6407248
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:cf:f2:42:d8:fe:08:99:2d:2d:09:87:70:20:
                    7e:7a:ba:a3:94:00:68:21:3a:2f:c7:3d:c7:49:74:
                    52:09:73:8b:a5:3d:79:2b:78:0f:54:54:e3:18:e6:
                    a2:b1:b3:b0:3e:0f:a3:b2:28:0b:4a:15:c9:7f:9d:
                    50:12:90:1e:e3:7e:fa:85:ea:97:78:e0:ac:fc:1c:
                    64:59:a4:72:56:43:f6:92:b7:5e:78:7b:67:90:3c:
                    1f:76:57:99:09:8e:87:95:2e:6c:fa:61:86:4e:91:
                    d8:b0:fd:a8:cf:f2:1b:b3:22:95:cf:84:30:03:07:
                    75:b6:5e:89:5e:d2:08:91:bb:55:c6:22:bd:23:4c:
                    c3:ee:0f:6b:ee:80:47:1b:d1:f0:76:01:6c:69:78:
                    31:a6:ee:99:ce:13:dc:02:d9:6f:3f:17:08:2a:f0:
                    1c:41:6d:c9:2a:32:23:aa:4d:06:0e:9a:b7:ec:59:
                    e1:cf:97:a2:5d:36:06:43:8c:00:c2:8d:0f:d3:c5:
                    73:b5:36:66:f8:59:1b:0e:e3:f4:4d:c6:01:2c:b6:
                    a7:67:c3:20:30:e0:a2:eb:98:45:36:8b:37:70:d7:
                    20:f7:d6:4c:09:82:21:c3:1e:2f:03:a1:00:b0:a3:
                    bc:6c:f9:b9:19:e2:bd:55:59:41:71:87:ce:39:72:
                    54:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:EE:17:A6:A3:38:0E:E4:88:EF:3B:6E:21:25:B8:78:E6:40:72:48
            X509v3 Authority Key Identifier:
                keyid:0E:65:A4:F5:FD:36:B5:BD:68:EB:3C:92:34:08:97:8C:90:7A:A7:9F

            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                CA Repository - URI:rsync://rpki.apnic.net/member_repository/A91E8D22/3F7D68A8FDE511ED87841770C4F9AE02/
                RPKI Manifest - URI:rsync://rpki.apnic.net/member_repository/A91E8D22/3F7D68A8FDE511ED87841770C4F9AE02/He4XpqM4DuSI7ztuISW4eOZAckg.mft
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  133053

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.120.219.0/24
                  103.251.171.0/24
                  203.24.26.0/24

    Signature Algorithm: sha256WithRSAEncryption
         cc:06:e6:97:24:a1:70:7a:9e:28:32:36:48:1c:40:ce:73:1c:
         96:4b:18:5a:08:fd:99:cd:5b:ab:36:1e:ed:14:0c:15:1a:09:
         2e:ea:5d:27:9c:7b:2f:5a:43:bd:8b:2a:ba:8a:4d:36:1c:3d:
         ca:d7:de:83:58:d8:f9:f2:f2:10:72:15:9e:91:39:bc:a1:e3:
         9c:f4:c4:01:de:8b:db:ce:80:76:1b:39:92:ba:f0:bf:af:c6:
         72:ff:2b:88:a6:58:32:d1:b1:81:31:e2:d2:3f:6e:46:99:cd:
         04:71:b6:a2:c0:ec:7f:d5:62:f2:13:01:b3:31:30:e3:cf:5c:
         2f:db:cf:11:36:6d:a0:f0:ae:ae:b4:fe:de:c6:cd:b9:59:57:
         f2:af:bd:bc:6f:eb:83:1b:3e:f7:e0:f0:d2:67:fa:0e:6d:d3:
         22:02:47:bd:0f:ae:27:35:e4:70:d5:9a:44:dc:42:f5:75:2a:
         b3:1d:5a:ae:5f:e6:7c:10:b0:19:33:71:29:fb:fc:ec:9d:2c:
         1c:2a:d5:84:51:49:ec:68:70:30:c6:83:b9:ab:0c:28:7b:d6:
         00:81:93:13:9d:bc:4c:98:d3:3a:4f:7c:b7:50:f8:6f:2a:2f:
         b9:61:d4:07:5b:7f:4b:ea:24:bc:33:bd:4b:65:35:47:f5:dd:
         80:d4:6b:b0
-----BEGIN CERTIFICATE-----
MIIGJjCCBQ6gAwIBAgIDAef/MA0GCSqGSIb3DQEBCwUAMEYxETAPBgNVBAMTCEE5
MERDNUJFMTEwLwYDVQQFEygwRTY1QTRGNUZEMzZCNUJENjhFQjNDOTIzNDA4OTc4
QzkwN0FBNzlGMB4XDTI0MDQwMTAzMzEyNVoXDTI1MDUyODAwMDAwMFowRjERMA8G
A1UEAxMIQTkxRThEMjIxMTAvBgNVBAUTKDFERUUxN0E2QTMzODBFRTQ4OEVGM0I2
RTIxMjVCODc4RTY0MDcyNDgwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQC1z/JC2P4ImS0tCYdwIH56uqOUAGghOi/HPcdJdFIJc4ulPXkreA9UVOMY5qKx
s7A+D6OyKAtKFcl/nVASkB7jfvqF6pd44Kz8HGRZpHJWQ/aSt154e2eQPB92V5kJ
joeVLmz6YYZOkdiw/ajP8huzIpXPhDADB3W2Xole0giRu1XGIr0jTMPuD2vugEcb
0fB2AWxpeDGm7pnOE9wC2W8/Fwgq8BxBbckqMiOqTQYOmrfsWeHPl6JdNgZDjADC
jQ/TxXO1Nmb4WRsO4/RNxgEstqdnwyAw4KLrmEU2izdw1yD31kwJgiHDHi8DoQCw
o7xs+bkZ4r1VWUFxh845clRtAgMBAAGjggMbMIIDFzAdBgNVHQ4EFgQUHe4XpqM4
DuSI7ztuISW4eOZAckgwHwYDVR0jBBgwFoAUDmWk9f02tb1o6zySNAiXjJB6p58w
DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wcwYDVR0fBGwwajBooGag
ZIZicnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2
NjExRTJCQjQ2OEY3QzcyRkQxRkYyL0RtV2s5ZjAydGIxbzZ6eVNOQWlYakpCNnA1
OC5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvOTgwNjUyRTBCNzdFMTFFN0E5NkEzOTUyMUE0
RjRGQjQvRG1XazlmMDJ0YjFvNnp5U05BaVhqSkI2cDU4LmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwggEoBggrBgEFBQcBCwSCARowggEWMF8GCCsGAQUF
BzAFhlNyc3luYzovL3Jwa2kuYXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5
MUU4RDIyLzNGN0Q2OEE4RkRFNTExRUQ4Nzg0MTc3MEM0RjlBRTAyLzB+BggrBgEF
BQcwCoZycnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9B
OTFFOEQyMi8zRjdENjhBOEZERTUxMUVEODc4NDE3NzBDNEY5QUUwMi9IZTRYcHFN
NER1U0k3enR1SVNXNGVPWkFja2cubWZ0MDMGCCsGAQUFBzANhidodHRwczovL3Jy
ZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwGgYIKwYBBQUHAQgBAf8ECzAJ
oAcwBQIDAge9MCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAZ3jbAwQAZ/ur
AwQAyxgaMA0GCSqGSIb3DQEBCwUAA4IBAQDMBuaXJKFwep4oMjZIHEDOcxyWSxha
CP2ZzVurNh7tFAwVGgku6l0nnHsvWkO9iyq6ik02HD3K196DWNj58vIQchWekTm8
oeOc9MQB3ovbzoB2GzmSuvC/r8Zy/yuIplgy0bGBMeLSP25Gmc0EcbaiwOx/1WLy
EwGzMTDjz1wv288RNm2g8K6utP7exs25WVfyr728b+uDGz734PDSZ/oObdMiAke9
D64nNeRw1ZpE3EL1dSqzHVquX+Z8ELAZM3Ep+/zsnSwcKtWEUUnsaHAwxoO5qwwo
e9YAgZMTnbxMmNM6T3y3UPhvKi+5YdQHW39L6iS8M71LZTVH9d2A1Guw
-----END CERTIFICATE-----
Generated at Sat Nov 23 12:37:21 2024 by rpki-client on console-ams.rpki-client.org