Certificate

$ rpki-client -vvf rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/IQxJ-g9E8m3euJCS85ctrrKLAzs.cer
File:                     IQxJ-g9E8m3euJCS85ctrrKLAzs.cer (raw, json)
Hash identifier:          e9mdkrOu86+m7pIgkNeT7tTHEfa570ylJh5/HlvqQJY=
Subject key identifier:   21:0C:49:FA:0F:44:F2:6D:DE:B8:90:92:F3:97:2D:AE:B2:8B:03:3B
Authority key identifier: 0E:65:A4:F5:FD:36:B5:BD:68:EB:3C:92:34:08:97:8C:90:7A:A7:9F
Certificate issuer:       /CN=A90DC5BE/serialNumber=0E65A4F5FD36B5BD68EB3C923408978C907AA79F
Certificate serial:       01DDC9
Authority info access:    rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
Manifest:                 rsync://rpki.apnic.net/member_repository/A91B80AB/023DD08C1BC311EC9846045DC4F9AE02/IQxJ-g9E8m3euJCS85ctrrKLAzs.mft
caRepository:             rsync://rpki.apnic.net/member_repository/A91B80AB/023DD08C1BC311EC9846045DC4F9AE02/
Notify URL:               https://rrdp.apnic.net/notification.xml
Certificate not before:   Tue 06 Feb 2024 19:42:02 +0000
Certificate not after:    Thu 01 May 2025 00:00:00 +0000
Subordinate resources:    AS: 140058
                          IP: 103.147.234.0/23

Validation:               OK
Signature path:           rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 05 Apr 2024 04:49:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 122313 (0x1ddc9)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A90DC5BE/serialNumber=0E65A4F5FD36B5BD68EB3C923408978C907AA79F
        Validity
            Not Before: Feb  6 19:42:02 2024 GMT
            Not After : May  1 00:00:00 2025 GMT
        Subject: CN=A91B80AB/serialNumber=210C49FA0F44F26DDEB89092F3972DAEB28B033B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:e7:47:f9:cb:1b:b0:1a:43:c5:07:24:30:b2:
                    59:f0:69:f9:31:22:97:be:fb:6e:8f:1c:4c:13:82:
                    2c:2f:0d:46:b1:10:eb:be:3a:ff:41:1d:1a:e8:97:
                    d3:8e:16:ad:21:b6:f6:e4:8c:ff:60:ef:4b:d8:3d:
                    e2:76:31:18:c1:62:af:43:25:45:26:7f:fb:d1:f3:
                    1c:39:0a:56:d8:80:f5:ca:30:7a:c5:89:fa:b8:42:
                    8a:05:96:b0:3e:9e:93:2d:75:b2:1c:d9:f9:2f:b8:
                    f5:3c:1a:d8:2c:21:9b:eb:92:3d:47:09:a9:36:35:
                    c2:77:ea:5e:01:46:49:ca:3d:a6:ca:f1:92:14:37:
                    1b:1e:0e:fb:34:5d:5c:ca:8c:7d:c7:fb:81:9e:df:
                    01:bf:35:d3:f1:b4:95:10:99:c5:d4:30:88:8d:2d:
                    26:c9:0a:57:a3:0c:b2:40:3a:5b:9f:66:42:3d:47:
                    3b:a6:71:47:f7:5b:e9:20:ca:cf:c0:9a:bd:90:4b:
                    51:b4:29:fa:ae:35:2d:08:35:4f:69:cb:0c:42:da:
                    b5:43:0c:0b:04:b8:50:2e:f7:de:30:be:2a:65:c0:
                    38:fe:a8:24:19:85:21:56:67:a0:04:17:c6:8f:3a:
                    01:d0:5d:c3:88:2c:06:5a:fe:dc:53:8e:1d:be:90:
                    38:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:0C:49:FA:0F:44:F2:6D:DE:B8:90:92:F3:97:2D:AE:B2:8B:03:3B
            X509v3 Authority Key Identifier:
                keyid:0E:65:A4:F5:FD:36:B5:BD:68:EB:3C:92:34:08:97:8C:90:7A:A7:9F

            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                CA Repository - URI:rsync://rpki.apnic.net/member_repository/A91B80AB/023DD08C1BC311EC9846045DC4F9AE02/
                RPKI Manifest - URI:rsync://rpki.apnic.net/member_repository/A91B80AB/023DD08C1BC311EC9846045DC4F9AE02/IQxJ-g9E8m3euJCS85ctrrKLAzs.mft
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  140058

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.147.234.0/23

    Signature Algorithm: sha256WithRSAEncryption
         35:14:c8:e2:fe:eb:0c:24:7f:9e:6d:4e:43:79:54:e1:e7:f9:
         74:b3:37:4e:5d:18:a8:a6:9d:3d:e1:3f:67:5d:4a:a2:73:80:
         0e:76:e9:9a:b6:bb:14:92:a9:f1:ec:77:1c:97:1a:b1:55:ba:
         73:52:b8:aa:be:a6:83:bb:55:cf:00:26:73:f1:0d:0f:7e:c8:
         62:84:82:4e:19:72:3d:7a:a1:22:84:92:16:fc:8d:f3:48:c7:
         46:6d:aa:d0:3b:57:ce:eb:cb:c0:d1:a6:6a:2d:32:d8:f0:29:
         87:e8:97:9d:29:ca:81:c8:4e:85:74:b2:a6:12:b4:d6:14:f9:
         8b:ac:c6:5a:85:ec:a7:7c:bc:51:ef:a2:7e:00:43:e5:4f:68:
         a4:7c:bf:de:e4:93:b8:38:3d:4c:46:31:a6:d0:df:94:ae:1f:
         83:48:26:98:60:2b:5e:ae:f3:c5:54:48:40:3f:e0:25:ae:71:
         be:d8:2f:2b:2f:3b:c6:e9:8a:ae:1b:ce:8e:23:33:17:c9:44:
         18:41:88:f3:25:97:d8:b3:fd:3e:cd:e1:fb:b6:71:9a:81:f0:
         51:22:14:fa:70:23:db:87:e1:91:bc:7e:f7:f0:f2:6a:0a:2d:
         70:08:01:6c:73:3f:85:f1:e2:44:05:3b:fd:3c:ac:46:b3:e8:
         5f:e1:32:a4
-----BEGIN CERTIFICATE-----
MIIGGjCCBQKgAwIBAgIDAd3JMA0GCSqGSIb3DQEBCwUAMEYxETAPBgNVBAMTCEE5
MERDNUJFMTEwLwYDVQQFEygwRTY1QTRGNUZEMzZCNUJENjhFQjNDOTIzNDA4OTc4
QzkwN0FBNzlGMB4XDTI0MDIwNjE5NDIwMloXDTI1MDUwMTAwMDAwMFowRjERMA8G
A1UEAxMIQTkxQjgwQUIxMTAvBgNVBAUTKDIxMEM0OUZBMEY0NEYyNkRERUI4OTA5
MkYzOTcyREFFQjI4QjAzM0IwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDT50f5yxuwGkPFByQwslnwafkxIpe++26PHEwTgiwvDUaxEOu+Ov9BHRrol9OO
Fq0htvbkjP9g70vYPeJ2MRjBYq9DJUUmf/vR8xw5ClbYgPXKMHrFifq4QooFlrA+
npMtdbIc2fkvuPU8GtgsIZvrkj1HCak2NcJ36l4BRknKPabK8ZIUNxseDvs0XVzK
jH3H+4Ge3wG/NdPxtJUQmcXUMIiNLSbJClejDLJAOlufZkI9RzumcUf3W+kgys/A
mr2QS1G0KfquNS0INU9pywxC2rVDDAsEuFAu994wviplwDj+qCQZhSFWZ6AEF8aP
OgHQXcOILAZa/txTjh2+kDinAgMBAAGjggMPMIIDCzAdBgNVHQ4EFgQUIQxJ+g9E
8m3euJCS85ctrrKLAzswHwYDVR0jBBgwFoAUDmWk9f02tb1o6zySNAiXjJB6p58w
DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wcwYDVR0fBGwwajBooGag
ZIZicnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2
NjExRTJCQjQ2OEY3QzcyRkQxRkYyL0RtV2s5ZjAydGIxbzZ6eVNOQWlYakpCNnA1
OC5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvOTgwNjUyRTBCNzdFMTFFN0E5NkEzOTUyMUE0
RjRGQjQvRG1XazlmMDJ0YjFvNnp5U05BaVhqSkI2cDU4LmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwggEoBggrBgEFBQcBCwSCARowggEWMF8GCCsGAQUF
BzAFhlNyc3luYzovL3Jwa2kuYXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5
MUI4MEFCLzAyM0REMDhDMUJDMzExRUM5ODQ2MDQ1REM0RjlBRTAyLzB+BggrBgEF
BQcwCoZycnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9B
OTFCODBBQi8wMjNERDA4QzFCQzMxMUVDOTg0NjA0NURDNEY5QUUwMi9JUXhKLWc5
RThtM2V1SkNTODVjdHJyS0xBenMubWZ0MDMGCCsGAQUFBzANhidodHRwczovL3Jy
ZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwGgYIKwYBBQUHAQgBAf8ECzAJ
oAcwBQIDAiMaMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBZ5PqMA0GCSqG
SIb3DQEBCwUAA4IBAQA1FMji/usMJH+ebU5DeVTh5/l0szdOXRiopp094T9nXUqi
c4AOdumatrsUkqnx7HcclxqxVbpzUriqvqaDu1XPACZz8Q0PfshihIJOGXI9eqEi
hJIW/I3zSMdGbarQO1fO68vA0aZqLTLY8CmH6JedKcqByE6FdLKmErTWFPmLrMZa
heynfLxR76J+AEPlT2ikfL/e5JO4OD1MRjGm0N+Urh+DSCaYYCtervPFVEhAP+Al
rnG+2C8rLzvG6YquG86OIzMXyUQYQYjzJZfYs/0+zeH7tnGagfBRIhT6cCPbh+GR
vH738PJqCi1wCAFscz+F8eJEBTv9PKxGs+hf4TKk
-----END CERTIFICATE-----
Generated at Fri Mar 29 06:02:11 2024 by rpki-client on console-fra.rpki-client.org