Certificate

$ rpki-client -vvf rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/NkXNkOP0PAEtqzvzly6GvJTd1FQ.cer
File:                     NkXNkOP0PAEtqzvzly6GvJTd1FQ.cer (raw, json)
Hash identifier:          s1Pz6z5tLbCgYgTes7bOc8EzdO/iGt1ly3CDO4UHWGY=
Subject key identifier:   36:45:CD:90:E3:F4:3C:01:2D:AB:3B:F3:97:2E:86:BC:94:DD:D4:54
Authority key identifier: 0E:65:A4:F5:FD:36:B5:BD:68:EB:3C:92:34:08:97:8C:90:7A:A7:9F
Certificate issuer:       /CN=A90DC5BE/serialNumber=0E65A4F5FD36B5BD68EB3C923408978C907AA79F
Certificate serial:       01FFD4
Authority info access:    rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
Manifest:                 rsync://rpki.apnic.net/member_repository/A91CFC1C/3C142B1657FE11EEAA553060C4F9AE02/NkXNkOP0PAEtqzvzly6GvJTd1FQ.mft
caRepository:             rsync://rpki.apnic.net/member_repository/A91CFC1C/3C142B1657FE11EEAA553060C4F9AE02/
Notify URL:               https://rrdp.apnic.net/notification.xml
Certificate not before:   Fri 12 Jul 2024 20:36:23 +0000
Certificate not after:    Tue 30 Sep 2025 00:00:00 +0000
Subordinate resources:    AS: 58421
                          IP: 202.49.208.0/21

Validation:               OK
Signature path:           rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 29 Nov 2024 20:43:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 131028 (0x1ffd4)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A90DC5BE/serialNumber=0E65A4F5FD36B5BD68EB3C923408978C907AA79F
        Validity
            Not Before: Jul 12 20:36:23 2024 GMT
            Not After : Sep 30 00:00:00 2025 GMT
        Subject: CN=A91CFC1C/serialNumber=3645CD90E3F43C012DAB3BF3972E86BC94DDD454
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:66:bd:a6:1a:54:6d:1a:e1:39:81:56:d3:eb:
                    54:99:8d:18:c3:94:3d:43:8a:c4:09:fa:38:cc:b8:
                    0c:c2:de:06:c4:95:26:ca:99:88:27:86:a2:8e:ed:
                    8c:48:15:1e:21:5b:23:09:90:1a:0f:c6:9e:83:1e:
                    51:56:00:fe:50:56:3d:bb:97:ed:0b:9d:36:ba:2d:
                    31:7d:a4:70:75:a7:af:b6:f0:3c:1c:a3:ff:d8:8c:
                    ad:82:c0:5b:d4:15:c9:f4:21:f3:0e:bf:85:af:19:
                    f0:71:f7:15:10:e1:37:a1:cd:b2:20:96:04:5a:46:
                    d2:79:e5:c5:b1:80:11:c7:c3:fd:32:60:39:ea:e9:
                    0c:a3:8e:82:4a:99:72:41:6e:dd:06:92:a7:aa:40:
                    13:d8:61:37:79:75:55:1d:c3:ff:f5:52:f4:76:77:
                    76:74:ba:78:00:66:81:55:28:0e:6b:25:eb:67:ca:
                    88:1a:b7:c5:08:50:30:bf:0c:51:4d:c6:e5:2d:77:
                    d6:fc:13:e3:bd:48:0e:a1:b0:a1:ee:9a:b9:b1:5c:
                    7d:cd:48:84:be:0e:f5:9a:24:d4:b5:75:1a:c6:fe:
                    99:44:7a:1e:33:96:27:f0:bc:8d:36:7e:bb:73:9e:
                    1f:f5:4b:0b:58:9d:f7:f6:c6:52:03:20:37:bb:b6:
                    cb:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:45:CD:90:E3:F4:3C:01:2D:AB:3B:F3:97:2E:86:BC:94:DD:D4:54
            X509v3 Authority Key Identifier:
                keyid:0E:65:A4:F5:FD:36:B5:BD:68:EB:3C:92:34:08:97:8C:90:7A:A7:9F

            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                CA Repository - URI:rsync://rpki.apnic.net/member_repository/A91CFC1C/3C142B1657FE11EEAA553060C4F9AE02/
                RPKI Manifest - URI:rsync://rpki.apnic.net/member_repository/A91CFC1C/3C142B1657FE11EEAA553060C4F9AE02/NkXNkOP0PAEtqzvzly6GvJTd1FQ.mft
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  58421

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.49.208.0/21

    Signature Algorithm: sha256WithRSAEncryption
         1a:b7:48:5f:b1:f7:1a:c6:ad:79:e9:66:71:13:e2:b3:17:9d:
         9b:2e:70:79:75:4f:cf:35:d8:92:7e:6e:6e:97:56:db:26:9d:
         ce:13:fd:49:d7:fc:ee:e9:76:06:53:70:9d:d1:07:a3:5a:a6:
         b9:68:fd:ac:2c:57:52:8c:af:fd:06:09:bc:27:b7:82:e4:95:
         27:d1:68:57:7f:db:1b:3d:7c:c1:ae:fb:d4:31:bd:f6:e4:a0:
         88:78:7a:3b:7e:ee:49:0e:62:36:af:ae:71:05:0d:c1:5d:79:
         d9:c3:30:ac:c1:19:a9:fa:34:e8:e1:4c:34:81:16:e7:2a:d4:
         08:1e:c4:1a:2b:66:dc:0c:db:0a:29:8f:ee:9c:be:51:7d:4f:
         a7:08:f7:2e:bf:e5:18:dc:46:c2:ea:40:5d:a6:a8:69:5b:b9:
         25:b9:bc:d8:b5:6c:b3:4a:4b:7d:ea:7f:5d:9a:44:56:d7:6e:
         ec:02:2a:54:17:69:5c:21:53:2c:33:c2:3b:1c:8d:8f:78:8f:
         26:bc:d2:32:72:3f:4a:93:81:49:b9:d6:03:06:56:01:58:d1:
         24:84:00:fc:c9:ff:fe:0c:9a:ed:89:cf:10:f0:de:18:4b:fc:
         fc:4d:91:87:c3:52:22:45:a4:4d:85:cd:8d:d2:46:f4:7f:27:
         59:df:21:5b
-----BEGIN CERTIFICATE-----
MIIGGjCCBQKgAwIBAgIDAf/UMA0GCSqGSIb3DQEBCwUAMEYxETAPBgNVBAMTCEE5
MERDNUJFMTEwLwYDVQQFEygwRTY1QTRGNUZEMzZCNUJENjhFQjNDOTIzNDA4OTc4
QzkwN0FBNzlGMB4XDTI0MDcxMjIwMzYyM1oXDTI1MDkzMDAwMDAwMFowRjERMA8G
A1UEAxMIQTkxQ0ZDMUMxMTAvBgNVBAUTKDM2NDVDRDkwRTNGNDNDMDEyREFCM0JG
Mzk3MkU4NkJDOTREREQ0NTQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDOZr2mGlRtGuE5gVbT61SZjRjDlD1DisQJ+jjMuAzC3gbElSbKmYgnhqKO7YxI
FR4hWyMJkBoPxp6DHlFWAP5QVj27l+0LnTa6LTF9pHB1p6+28Dwco//YjK2CwFvU
Fcn0IfMOv4WvGfBx9xUQ4TehzbIglgRaRtJ55cWxgBHHw/0yYDnq6QyjjoJKmXJB
bt0GkqeqQBPYYTd5dVUdw//1UvR2d3Z0ungAZoFVKA5rJetnyogat8UIUDC/DFFN
xuUtd9b8E+O9SA6hsKHumrmxXH3NSIS+DvWaJNS1dRrG/plEeh4zlifwvI02frtz
nh/1SwtYnff2xlIDIDe7tssVAgMBAAGjggMPMIIDCzAdBgNVHQ4EFgQUNkXNkOP0
PAEtqzvzly6GvJTd1FQwHwYDVR0jBBgwFoAUDmWk9f02tb1o6zySNAiXjJB6p58w
DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wcwYDVR0fBGwwajBooGag
ZIZicnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2
NjExRTJCQjQ2OEY3QzcyRkQxRkYyL0RtV2s5ZjAydGIxbzZ6eVNOQWlYakpCNnA1
OC5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvOTgwNjUyRTBCNzdFMTFFN0E5NkEzOTUyMUE0
RjRGQjQvRG1XazlmMDJ0YjFvNnp5U05BaVhqSkI2cDU4LmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwggEoBggrBgEFBQcBCwSCARowggEWMF8GCCsGAQUF
BzAFhlNyc3luYzovL3Jwa2kuYXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5
MUNGQzFDLzNDMTQyQjE2NTdGRTExRUVBQTU1MzA2MEM0RjlBRTAyLzB+BggrBgEF
BQcwCoZycnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9B
OTFDRkMxQy8zQzE0MkIxNjU3RkUxMUVFQUE1NTMwNjBDNEY5QUUwMi9Oa1hOa09Q
MFBBRXRxenZ6bHk2R3ZKVGQxRlEubWZ0MDMGCCsGAQUFBzANhidodHRwczovL3Jy
ZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwGgYIKwYBBQUHAQgBAf8ECzAJ
oAcwBQIDAOQ1MB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDyjHQMA0GCSqG
SIb3DQEBCwUAA4IBAQAat0hfsfcaxq156WZxE+KzF52bLnB5dU/PNdiSfm5ul1bb
Jp3OE/1J1/zu6XYGU3Cd0QejWqa5aP2sLFdSjK/9Bgm8J7eC5JUn0WhXf9sbPXzB
rvvUMb325KCIeHo7fu5JDmI2r65xBQ3BXXnZwzCswRmp+jTo4Uw0gRbnKtQIHsQa
K2bcDNsKKY/unL5RfU+nCPcuv+UY3EbC6kBdpqhpW7klubzYtWyzSkt96n9dmkRW
127sAipUF2lcIVMsM8I7HI2PeI8mvNIycj9Kk4FJudYDBlYBWNEkhAD8yf/+DJrt
ic8Q8N4YS/z8TZGHw1IiRaRNhc2N0kb0fydZ3yFb
-----END CERTIFICATE-----
Generated at Fri Nov 22 22:24:38 2024 by rpki-client on console-fra.rpki-client.org