Certificate

$ rpki-client -vvf rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/LDTzNZTMO-PAfo54N2v8QzJjFUg.cer
File:                     LDTzNZTMO-PAfo54N2v8QzJjFUg.cer (raw, json)
Hash identifier:          K85lo0c+FQgdMjMO4VrDgNEQRSBd7oB5Hif9ZdTCNLc=
Subject key identifier:   2C:34:F3:35:94:CC:3B:E3:C0:7E:8E:78:37:6B:FC:43:32:63:15:48
Authority key identifier: 0E:65:A4:F5:FD:36:B5:BD:68:EB:3C:92:34:08:97:8C:90:7A:A7:9F
Certificate issuer:       /CN=A90DC5BE/serialNumber=0E65A4F5FD36B5BD68EB3C923408978C907AA79F
Certificate serial:       01CD49
Authority info access:    rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
Manifest:                 rsync://rpki.apnic.net/member_repository/A914ADD8/A4D8104E1D8711E2834CB9DF08B02CD2/LDTzNZTMO-PAfo54N2v8QzJjFUg.mft
caRepository:             rsync://rpki.apnic.net/member_repository/A914ADD8/A4D8104E1D8711E2834CB9DF08B02CD2/
Notify URL:               https://rrdp.apnic.net/notification.xml
Certificate not before:   Tue 28 Nov 2023 14:31:59 +0000
Certificate not after:    Fri 31 Jan 2025 00:00:00 +0000
Subordinate resources:    AS: 17554
                          AS: 38864
                          IP: 202.68.192.0/20
                          IP: 2001:4480::/32

Validation:               OK
Signature path:           rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 04 Apr 2024 05:31:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 118089 (0x1cd49)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A90DC5BE/serialNumber=0E65A4F5FD36B5BD68EB3C923408978C907AA79F
        Validity
            Not Before: Nov 28 14:31:59 2023 GMT
            Not After : Jan 31 00:00:00 2025 GMT
        Subject: CN=A914ADD8/serialNumber=2C34F33594CC3BE3C07E8E78376BFC4332631548
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:b8:5b:7a:cf:8b:51:f8:c7:6e:8e:fe:63:bd:
                    34:35:e1:1e:bc:47:ab:d0:f4:71:3f:db:49:5b:a9:
                    6c:5a:90:92:20:55:87:4d:21:89:1f:ef:4c:0e:f2:
                    f4:c4:0e:fb:ab:16:7a:16:8f:88:59:8b:bf:58:23:
                    07:68:0d:67:b8:08:5d:f6:eb:ca:58:d7:78:2c:b3:
                    09:65:47:4d:40:b0:92:56:21:af:eb:d3:5c:6a:8e:
                    c9:ba:f5:1b:92:c9:6b:9d:b7:d3:90:e1:bb:22:d5:
                    f1:92:98:96:e1:ec:77:1f:63:f0:49:eb:8a:20:e4:
                    ca:3c:7d:66:8c:e7:9f:43:62:41:86:84:b6:46:80:
                    b1:0e:d1:05:07:86:bd:0a:79:20:87:19:bf:cf:59:
                    df:b4:29:e1:bf:46:a8:56:7e:1d:b1:c5:03:e5:6b:
                    13:44:6b:a9:5c:50:be:7a:a9:f6:3b:a9:a7:be:35:
                    ec:82:11:f8:c3:f4:3c:7f:40:b3:10:fc:58:78:88:
                    fd:1b:24:20:b6:69:c9:b0:da:bd:79:fc:57:70:90:
                    a6:86:86:d1:95:00:32:2a:b1:d9:81:c6:66:4c:9d:
                    fb:66:29:1e:49:d2:6f:df:68:19:4a:e0:11:6a:12:
                    56:2f:f6:d5:61:4b:53:c2:e1:c3:9a:91:f8:d4:0a:
                    85:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:34:F3:35:94:CC:3B:E3:C0:7E:8E:78:37:6B:FC:43:32:63:15:48
            X509v3 Authority Key Identifier:
                keyid:0E:65:A4:F5:FD:36:B5:BD:68:EB:3C:92:34:08:97:8C:90:7A:A7:9F

            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                CA Repository - URI:rsync://rpki.apnic.net/member_repository/A914ADD8/A4D8104E1D8711E2834CB9DF08B02CD2/
                RPKI Manifest - URI:rsync://rpki.apnic.net/member_repository/A914ADD8/A4D8104E1D8711E2834CB9DF08B02CD2/LDTzNZTMO-PAfo54N2v8QzJjFUg.mft
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  17554
                  38864

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.68.192.0/20
                IPv6:
                  2001:4480::/32

    Signature Algorithm: sha256WithRSAEncryption
         89:7d:14:a3:ff:16:a8:a1:cf:fc:16:10:72:b9:f1:1b:02:e0:
         4c:6e:02:bb:6a:f5:38:65:7c:78:73:47:1d:90:58:28:32:12:
         64:7b:63:c4:26:6a:87:65:f7:c2:06:d0:55:4e:f6:6f:58:4a:
         fd:f3:71:b9:3e:e8:12:9e:54:49:d6:c6:ae:d3:1e:dc:05:cd:
         59:9e:46:84:33:06:8a:34:a6:b3:ca:de:e6:94:05:75:23:16:
         14:d7:c5:dd:c4:b6:c1:8b:b2:e2:91:6d:41:13:02:d8:89:a7:
         9a:1e:9e:b3:1f:fc:be:b5:03:65:75:53:a9:fb:33:d4:60:4d:
         66:8a:3b:de:f2:f3:2a:ba:47:90:81:30:0d:16:41:67:dc:13:
         94:75:d9:d7:5c:95:8b:17:c1:a0:83:83:a2:ef:49:a0:ed:aa:
         1a:ac:a3:a2:3a:7a:99:27:70:da:12:31:0e:28:59:01:30:89:
         dd:78:38:dd:e7:e2:40:06:64:85:4c:9b:25:89:d2:9a:23:c7:
         ae:bd:10:3d:ba:9f:b9:cc:18:6c:b0:5a:8a:48:86:ef:7c:a0:
         0e:ae:a5:96:69:34:a8:60:9b:1d:e4:ab:3f:f1:a7:10:98:0a:
         3c:89:d8:61:12:aa:6f:a1:a4:e8:95:fb:e6:c9:9f:7b:b1:24:
         dd:81:d4:6d
-----BEGIN CERTIFICATE-----
MIIGLTCCBRWgAwIBAgIDAc1JMA0GCSqGSIb3DQEBCwUAMEYxETAPBgNVBAMTCEE5
MERDNUJFMTEwLwYDVQQFEygwRTY1QTRGNUZEMzZCNUJENjhFQjNDOTIzNDA4OTc4
QzkwN0FBNzlGMB4XDTIzMTEyODE0MzE1OVoXDTI1MDEzMTAwMDAwMFowRjERMA8G
A1UEAxMIQTkxNEFERDgxMTAvBgNVBAUTKDJDMzRGMzM1OTRDQzNCRTNDMDdFOEU3
ODM3NkJGQzQzMzI2MzE1NDgwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDCuFt6z4tR+Mdujv5jvTQ14R68R6vQ9HE/20lbqWxakJIgVYdNIYkf70wO8vTE
DvurFnoWj4hZi79YIwdoDWe4CF3268pY13gsswllR01AsJJWIa/r01xqjsm69RuS
yWudt9OQ4bsi1fGSmJbh7HcfY/BJ64og5Mo8fWaM559DYkGGhLZGgLEO0QUHhr0K
eSCHGb/PWd+0KeG/RqhWfh2xxQPlaxNEa6lcUL56qfY7qae+NeyCEfjD9Dx/QLMQ
/Fh4iP0bJCC2acmw2r15/FdwkKaGhtGVADIqsdmBxmZMnftmKR5J0m/faBlK4BFq
ElYv9tVhS1PC4cOakfjUCoUxAgMBAAGjggMiMIIDHjAdBgNVHQ4EFgQULDTzNZTM
O+PAfo54N2v8QzJjFUgwHwYDVR0jBBgwFoAUDmWk9f02tb1o6zySNAiXjJB6p58w
DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wcwYDVR0fBGwwajBooGag
ZIZicnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2
NjExRTJCQjQ2OEY3QzcyRkQxRkYyL0RtV2s5ZjAydGIxbzZ6eVNOQWlYakpCNnA1
OC5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvOTgwNjUyRTBCNzdFMTFFN0E5NkEzOTUyMUE0
RjRGQjQvRG1XazlmMDJ0YjFvNnp5U05BaVhqSkI2cDU4LmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwggEoBggrBgEFBQcBCwSCARowggEWMF8GCCsGAQUF
BzAFhlNyc3luYzovL3Jwa2kuYXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5
MTRBREQ4L0E0RDgxMDRFMUQ4NzExRTI4MzRDQjlERjA4QjAyQ0QyLzB+BggrBgEF
BQcwCoZycnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9B
OTE0QUREOC9BNEQ4MTA0RTFEODcxMUUyODM0Q0I5REYwOEIwMkNEMi9MRFR6TlpU
TU8tUEFmbzU0TjJ2OFF6SmpGVWcubWZ0MDMGCCsGAQUFBzANhidodHRwczovL3Jy
ZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHgYIKwYBBQUHAQgBAf8EDzAN
oAswCQICRJICAwCX0DAuBggrBgEFBQcBBwEB/wQfMB0wDAQCAAEwBgMEBMpEwDAN
BAIAAjAHAwUAIAFEgDANBgkqhkiG9w0BAQsFAAOCAQEAiX0Uo/8WqKHP/BYQcrnx
GwLgTG4Cu2r1OGV8eHNHHZBYKDISZHtjxCZqh2X3wgbQVU72b1hK/fNxuT7oEp5U
SdbGrtMe3AXNWZ5GhDMGijSms8re5pQFdSMWFNfF3cS2wYuy4pFtQRMC2Imnmh6e
sx/8vrUDZXVTqfsz1GBNZoo73vLzKrpHkIEwDRZBZ9wTlHXZ11yVixfBoIODou9J
oO2qGqyjojp6mSdw2hIxDihZATCJ3Xg43efiQAZkhUybJYnSmiPHrr0QPbqfucwY
bLBaikiG73ygDq6llmk0qGCbHeSrP/GnEJgKPInYYRKqb6Gk6JX75smfe7Ek3YHU
bQ==
-----END CERTIFICATE-----
Generated at Thu Mar 28 06:03:00 2024 by rpki-client on console-fra.rpki-client.org