Certificate

$ rpki-client -vvf rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/IQ_xZmjfljvg_KkGkzkX_-3tn5U.cer
File:                     IQ_xZmjfljvg_KkGkzkX_-3tn5U.cer (raw, json)
Hash identifier:          ri4AKjLSIrJqR5TJ00Mep5jrZmGFJbSQS33hvRj4Osg=
Subject key identifier:   21:0F:F1:66:68:DF:96:3B:E0:FC:A9:06:93:39:17:FF:ED:ED:9F:95
Authority key identifier: 0E:65:A4:F5:FD:36:B5:BD:68:EB:3C:92:34:08:97:8C:90:7A:A7:9F
Certificate issuer:       /CN=A90DC5BE/serialNumber=0E65A4F5FD36B5BD68EB3C923408978C907AA79F
Certificate serial:       01E367
Authority info access:    rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
Manifest:                 rsync://rpki.apnic.net/member_repository/A9170BBF/E491123A30BF11ECA85C4414C4F9AE02/IQ_xZmjfljvg_KkGkzkX_-3tn5U.mft
caRepository:             rsync://rpki.apnic.net/member_repository/A9170BBF/E491123A30BF11ECA85C4414C4F9AE02/
Notify URL:               https://rrdp.apnic.net/notification.xml
Certificate not before:   Thu 07 Mar 2024 16:30:55 +0000
Certificate not after:    Thu 01 May 2025 00:00:00 +0000
Subordinate resources:    IP: 103.84.84.0/22
                          IP: 202.59.249.0/24
                          IP: 202.61.97.0/24
                          IP: 202.61.111.0/24
                          IP: 203.33.189.0/24
                          IP: 2401:d8c0::/32

Validation:               OK
Signature path:           rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 04 Apr 2024 12:32:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 123751 (0x1e367)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A90DC5BE/serialNumber=0E65A4F5FD36B5BD68EB3C923408978C907AA79F
        Validity
            Not Before: Mar  7 16:30:55 2024 GMT
            Not After : May  1 00:00:00 2025 GMT
        Subject: CN=A9170BBF/serialNumber=210FF16668DF963BE0FCA906933917FFEDED9F95
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:e7:91:50:2f:6e:5d:fd:28:6f:78:6c:35:50:
                    20:ff:10:9b:4c:8a:11:15:eb:de:75:0f:b7:de:da:
                    dd:ce:38:64:b6:82:cb:5a:1e:80:dc:27:06:b4:38:
                    c9:ff:76:8b:aa:3a:84:da:41:42:c4:e0:2e:41:5c:
                    c7:2b:f7:2c:a1:b8:33:24:01:48:e2:5d:a8:2e:25:
                    b7:51:ab:b6:da:fa:6e:dd:7a:f6:68:23:f9:a2:f5:
                    7b:74:76:db:31:c4:18:16:90:84:d6:1f:fa:c1:b5:
                    6e:fb:d0:14:89:bc:68:e8:f6:8c:f9:8f:dd:ab:d5:
                    d4:eb:5c:9d:ba:4e:cc:db:03:bd:53:17:59:de:79:
                    18:16:28:e7:9d:de:8f:d9:a5:51:7e:b6:28:84:71:
                    20:b7:3d:3d:69:36:e3:dc:af:10:5a:b8:39:34:3c:
                    65:2a:23:c0:c3:4a:1d:d8:05:66:be:75:48:72:d7:
                    aa:1a:29:5e:09:60:0a:b0:15:f7:c0:ae:c7:0b:18:
                    76:ac:29:75:f3:e6:95:50:28:30:59:84:52:db:ec:
                    f9:30:6b:74:0a:6e:2a:5f:bc:cd:a3:12:6a:c8:c8:
                    0d:cb:af:95:9f:7c:16:37:a2:83:75:ed:8e:2c:65:
                    64:20:1f:09:7a:42:ee:c8:85:16:24:ca:70:74:56:
                    24:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:0F:F1:66:68:DF:96:3B:E0:FC:A9:06:93:39:17:FF:ED:ED:9F:95
            X509v3 Authority Key Identifier:
                keyid:0E:65:A4:F5:FD:36:B5:BD:68:EB:3C:92:34:08:97:8C:90:7A:A7:9F

            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                CA Repository - URI:rsync://rpki.apnic.net/member_repository/A9170BBF/E491123A30BF11ECA85C4414C4F9AE02/
                RPKI Manifest - URI:rsync://rpki.apnic.net/member_repository/A9170BBF/E491123A30BF11ECA85C4414C4F9AE02/IQ_xZmjfljvg_KkGkzkX_-3tn5U.mft
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.84.84.0/22
                  202.59.249.0/24
                  202.61.97.0/24
                  202.61.111.0/24
                  203.33.189.0/24
                IPv6:
                  2401:d8c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         13:ad:51:c8:32:9b:ba:ec:06:cf:dd:00:e5:56:e3:4b:50:f2:
         e0:7e:97:7e:e2:3e:2e:c8:a2:58:19:bc:32:09:7e:45:06:bd:
         7b:81:e0:ef:d5:2d:9d:31:ee:73:7d:15:ae:ed:67:a4:a6:bb:
         8b:3e:d8:e2:f6:fe:7c:34:2e:89:63:e9:37:f1:a0:d7:b5:cf:
         09:92:63:96:14:bd:5e:0f:4e:df:2d:f6:53:0e:fb:5d:22:1a:
         bc:e7:69:f7:af:e4:94:c2:70:78:65:85:6e:66:d1:49:32:2f:
         e1:7e:53:87:df:4b:37:93:bd:c3:8d:fe:86:d5:30:65:6b:c0:
         06:36:8e:69:eb:74:7c:3a:46:4b:57:7a:63:45:47:fe:e8:8d:
         de:fb:43:b6:10:a6:bf:80:ea:0d:0e:a8:72:71:8a:2b:20:e6:
         8e:b5:0b:47:0e:c8:90:cc:f3:10:17:2f:74:d2:35:04:f8:ab:
         b5:b3:f5:b2:63:55:18:57:5e:8a:02:66:ef:96:2a:9d:49:cf:
         99:f5:f9:04:80:2a:3c:33:c7:a9:d4:c5:6c:88:67:78:b9:7a:
         ea:f8:05:70:10:53:0a:bb:b8:c2:f9:dc:cd:0d:ba:3a:1e:ce:
         53:f1:49:1a:fb:34:23:91:d0:28:36:03:83:54:89:50:35:a0:
         0f:28:aa:92
-----BEGIN CERTIFICATE-----
MIIGJTCCBQ2gAwIBAgIDAeNnMA0GCSqGSIb3DQEBCwUAMEYxETAPBgNVBAMTCEE5
MERDNUJFMTEwLwYDVQQFEygwRTY1QTRGNUZEMzZCNUJENjhFQjNDOTIzNDA4OTc4
QzkwN0FBNzlGMB4XDTI0MDMwNzE2MzA1NVoXDTI1MDUwMTAwMDAwMFowRjERMA8G
A1UEAxMIQTkxNzBCQkYxMTAvBgNVBAUTKDIxMEZGMTY2NjhERjk2M0JFMEZDQTkw
NjkzMzkxN0ZGRURFRDlGOTUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDe55FQL25d/ShveGw1UCD/EJtMihEV6951D7fe2t3OOGS2gstaHoDcJwa0OMn/
douqOoTaQULE4C5BXMcr9yyhuDMkAUjiXaguJbdRq7ba+m7devZoI/mi9Xt0dtsx
xBgWkITWH/rBtW770BSJvGjo9oz5j92r1dTrXJ26TszbA71TF1neeRgWKOed3o/Z
pVF+tiiEcSC3PT1pNuPcrxBauDk0PGUqI8DDSh3YBWa+dUhy16oaKV4JYAqwFffA
rscLGHasKXXz5pVQKDBZhFLb7Pkwa3QKbipfvM2jEmrIyA3Lr5WffBY3ooN17Y4s
ZWQgHwl6Qu7IhRYkynB0ViSTAgMBAAGjggMaMIIDFjAdBgNVHQ4EFgQUIQ/xZmjf
ljvg/KkGkzkX/+3tn5UwHwYDVR0jBBgwFoAUDmWk9f02tb1o6zySNAiXjJB6p58w
DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wcwYDVR0fBGwwajBooGag
ZIZicnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2
NjExRTJCQjQ2OEY3QzcyRkQxRkYyL0RtV2s5ZjAydGIxbzZ6eVNOQWlYakpCNnA1
OC5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvOTgwNjUyRTBCNzdFMTFFN0E5NkEzOTUyMUE0
RjRGQjQvRG1XazlmMDJ0YjFvNnp5U05BaVhqSkI2cDU4LmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwggEoBggrBgEFBQcBCwSCARowggEWMF8GCCsGAQUF
BzAFhlNyc3luYzovL3Jwa2kuYXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5
MTcwQkJGL0U0OTExMjNBMzBCRjExRUNBODVDNDQxNEM0RjlBRTAyLzB+BggrBgEF
BQcwCoZycnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9B
OTE3MEJCRi9FNDkxMTIzQTMwQkYxMUVDQTg1QzQ0MTRDNEY5QUUwMi9JUV94Wm1q
ZmxqdmdfS2tHa3prWF8tM3RuNVUubWZ0MDMGCCsGAQUFBzANhidodHRwczovL3Jy
ZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwRgYIKwYBBQUHAQcBAf8ENzA1
MCQEAgABMB4DBAJnVFQDBADKO/kDBADKPWEDBADKPW8DBADLIb0wDQQCAAIwBwMF
ACQB2MAwDQYJKoZIhvcNAQELBQADggEBABOtUcgym7rsBs/dAOVW40tQ8uB+l37i
Pi7IolgZvDIJfkUGvXuB4O/VLZ0x7nN9Fa7tZ6Smu4s+2OL2/nw0Lolj6TfxoNe1
zwmSY5YUvV4PTt8t9lMO+10iGrznafev5JTCcHhlhW5m0UkyL+F+U4ffSzeTvcON
/obVMGVrwAY2jmnrdHw6RktXemNFR/7ojd77Q7YQpr+A6g0OqHJxiisg5o61C0cO
yJDM8xAXL3TSNQT4q7Wz9bJjVRhXXooCZu+WKp1Jz5n1+QSAKjwzx6nUxWyIZ3i5
eur4BXAQUwq7uML53M0NujoezlPxSRr7NCOR0Cg2A4NUiVA1oA8oqpI=
-----END CERTIFICATE-----
Generated at Thu Mar 28 13:33:54 2024 by rpki-client on console-ams.rpki-client.org