Certificate

$ rpki-client -vvf rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/YG7oXcPEZ_xGSolO1HqfG9MhtEE.cer
File:                     YG7oXcPEZ_xGSolO1HqfG9MhtEE.cer (raw, json)
Hash identifier:          iuB+K986V/+0NBknkvD6i+MtzGHisOBU+Bpl+SELhWI=
Subject key identifier:   60:6E:E8:5D:C3:C4:67:FC:46:4A:89:4E:D4:7A:9F:1B:D3:21:B4:41
Authority key identifier: 0E:65:A4:F5:FD:36:B5:BD:68:EB:3C:92:34:08:97:8C:90:7A:A7:9F
Certificate issuer:       /CN=A90DC5BE/serialNumber=0E65A4F5FD36B5BD68EB3C923408978C907AA79F
Certificate serial:       01E074
Authority info access:    rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
Manifest:                 rsync://rpki.apnic.net/member_repository/A91AF3C6/631CC160F33811EAA63D4154C4F9AE02/YG7oXcPEZ_xGSolO1HqfG9MhtEE.mft
caRepository:             rsync://rpki.apnic.net/member_repository/A91AF3C6/631CC160F33811EAA63D4154C4F9AE02/
Notify URL:               https://rrdp.apnic.net/notification.xml
Certificate not before:   Fri 23 Feb 2024 18:40:15 +0000
Certificate not after:    Mon 30 Sep 2024 00:00:00 +0000
Subordinate resources:    AS: 132857
                          IP: 43.243.56.0/23
                          IP: 202.49.41.0/24
                          IP: 2407:2b00::/32

Validation:               OK
Signature path:           rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 05 Apr 2024 04:49:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 122996 (0x1e074)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A90DC5BE/serialNumber=0E65A4F5FD36B5BD68EB3C923408978C907AA79F
        Validity
            Not Before: Feb 23 18:40:15 2024 GMT
            Not After : Sep 30 00:00:00 2024 GMT
        Subject: CN=A91AF3C6/serialNumber=606EE85DC3C467FC464A894ED47A9F1BD321B441
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:67:07:5a:3d:b1:92:79:21:07:3d:b4:b6:3f:
                    86:e3:fc:f8:fb:0d:3c:c7:45:52:13:e1:78:56:7c:
                    ba:02:c0:a3:38:84:4a:7d:78:81:6d:ac:7e:33:96:
                    39:1e:02:37:ba:a1:08:f3:1c:d5:9e:42:62:cb:8e:
                    c0:8a:70:10:73:10:73:24:e5:e2:1b:c5:9d:79:61:
                    8a:7b:f7:93:d4:8c:cd:16:df:5c:09:ca:c0:61:17:
                    76:57:b5:03:c2:fd:75:f5:b2:28:83:86:02:f2:bc:
                    f3:62:6f:39:00:89:5a:fe:31:2a:ea:fd:fa:42:f1:
                    c8:33:0d:c6:35:d5:59:ad:8e:f6:e9:81:7c:26:1b:
                    fd:0c:d6:0b:c4:5c:cc:a4:72:6b:05:34:a0:5f:47:
                    ba:9e:bb:0b:eb:61:d8:60:35:96:21:8e:88:47:ad:
                    5d:a9:7c:62:c4:78:97:d0:17:55:c2:05:4a:20:6a:
                    b9:c7:aa:d2:83:4d:12:33:f4:56:42:e5:c0:36:d5:
                    c8:d0:e6:ce:ed:9e:71:99:9e:77:e2:65:e3:48:ee:
                    a9:99:80:86:14:d5:29:22:2b:d6:49:d0:8f:a7:e9:
                    92:fb:42:2b:8c:0c:37:0f:19:df:60:c5:99:6a:c6:
                    c6:1c:c0:65:a5:17:5d:0c:bc:14:f3:5a:5c:e7:5d:
                    e1:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:6E:E8:5D:C3:C4:67:FC:46:4A:89:4E:D4:7A:9F:1B:D3:21:B4:41
            X509v3 Authority Key Identifier:
                keyid:0E:65:A4:F5:FD:36:B5:BD:68:EB:3C:92:34:08:97:8C:90:7A:A7:9F

            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                CA Repository - URI:rsync://rpki.apnic.net/member_repository/A91AF3C6/631CC160F33811EAA63D4154C4F9AE02/
                RPKI Manifest - URI:rsync://rpki.apnic.net/member_repository/A91AF3C6/631CC160F33811EAA63D4154C4F9AE02/YG7oXcPEZ_xGSolO1HqfG9MhtEE.mft
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  132857

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.243.56.0/23
                  202.49.41.0/24
                IPv6:
                  2407:2b00::/32

    Signature Algorithm: sha256WithRSAEncryption
         7c:26:08:d2:19:cd:cb:c5:cd:a8:dc:d5:2b:88:ed:f4:44:00:
         cd:bb:ff:14:d7:7d:18:a4:81:90:20:2d:31:9e:39:50:71:33:
         60:3c:91:64:1d:a8:9a:87:f7:38:cb:9d:a1:70:ac:91:48:90:
         04:2f:27:21:c3:13:f6:fd:2e:e9:21:1b:18:f4:67:f5:90:b3:
         b7:81:1c:ff:a7:e1:bb:6d:a0:6e:cd:0a:69:4c:70:bd:14:18:
         39:cf:4d:ad:f1:2b:1b:84:64:94:32:2b:f2:e7:ba:ce:1a:0a:
         46:76:7c:d4:76:e7:d9:42:ce:96:15:46:91:cf:a0:e7:a6:3a:
         b7:ab:5c:56:cd:5f:59:99:e5:80:0c:2b:71:eb:9e:50:20:1b:
         f7:32:be:32:2e:1c:a6:51:6d:fa:32:2f:e9:6f:37:5e:6f:b7:
         e0:c5:ee:4b:32:b7:c0:c9:75:72:01:c4:48:80:94:e8:6d:6a:
         71:7b:5a:0c:95:40:db:ce:1f:5c:c4:72:b0:fb:3e:c4:c4:55:
         d5:7e:3d:c5:5f:c7:5d:03:17:56:9d:87:0f:70:45:68:ea:ee:
         60:ac:4e:38:cb:ca:fa:6d:91:3d:5d:f6:cb:2e:a7:58:b3:9b:
         dc:99:b8:73:16:6f:f9:57:c5:09:da:d8:a9:fa:95:a0:da:8e:
         08:43:eb:a7
-----BEGIN CERTIFICATE-----
MIIGLzCCBRegAwIBAgIDAeB0MA0GCSqGSIb3DQEBCwUAMEYxETAPBgNVBAMTCEE5
MERDNUJFMTEwLwYDVQQFEygwRTY1QTRGNUZEMzZCNUJENjhFQjNDOTIzNDA4OTc4
QzkwN0FBNzlGMB4XDTI0MDIyMzE4NDAxNVoXDTI0MDkzMDAwMDAwMFowRjERMA8G
A1UEAxMIQTkxQUYzQzYxMTAvBgNVBAUTKDYwNkVFODVEQzNDNDY3RkM0NjRBODk0
RUQ0N0E5RjFCRDMyMUI0NDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQCkZwdaPbGSeSEHPbS2P4bj/Pj7DTzHRVIT4XhWfLoCwKM4hEp9eIFtrH4zljke
Aje6oQjzHNWeQmLLjsCKcBBzEHMk5eIbxZ15YYp795PUjM0W31wJysBhF3ZXtQPC
/XX1siiDhgLyvPNibzkAiVr+MSrq/fpC8cgzDcY11VmtjvbpgXwmG/0M1gvEXMyk
cmsFNKBfR7qeuwvrYdhgNZYhjohHrV2pfGLEeJfQF1XCBUogarnHqtKDTRIz9FZC
5cA21cjQ5s7tnnGZnnfiZeNI7qmZgIYU1SkiK9ZJ0I+n6ZL7QiuMDDcPGd9gxZlq
xsYcwGWlF10MvBTzWlznXeEpAgMBAAGjggMkMIIDIDAdBgNVHQ4EFgQUYG7oXcPE
Z/xGSolO1HqfG9MhtEEwHwYDVR0jBBgwFoAUDmWk9f02tb1o6zySNAiXjJB6p58w
DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wcwYDVR0fBGwwajBooGag
ZIZicnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2
NjExRTJCQjQ2OEY3QzcyRkQxRkYyL0RtV2s5ZjAydGIxbzZ6eVNOQWlYakpCNnA1
OC5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvOTgwNjUyRTBCNzdFMTFFN0E5NkEzOTUyMUE0
RjRGQjQvRG1XazlmMDJ0YjFvNnp5U05BaVhqSkI2cDU4LmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwggEoBggrBgEFBQcBCwSCARowggEWMF8GCCsGAQUF
BzAFhlNyc3luYzovL3Jwa2kuYXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5
MUFGM0M2LzYzMUNDMTYwRjMzODExRUFBNjNENDE1NEM0RjlBRTAyLzB+BggrBgEF
BQcwCoZycnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9B
OTFBRjNDNi82MzFDQzE2MEYzMzgxMUVBQTYzRDQxNTRDNEY5QUUwMi9ZRzdvWGNQ
RVpfeEdTb2xPMUhxZkc5TWh0RUUubWZ0MDMGCCsGAQUFBzANhidodHRwczovL3Jy
ZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwGgYIKwYBBQUHAQgBAf8ECzAJ
oAcwBQIDAgb5MDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQBK/M4AwQAyjEp
MA0EAgACMAcDBQAkBysAMA0GCSqGSIb3DQEBCwUAA4IBAQB8JgjSGc3Lxc2o3NUr
iO30RADNu/8U130YpIGQIC0xnjlQcTNgPJFkHaiah/c4y52hcKyRSJAELychwxP2
/S7pIRsY9Gf1kLO3gRz/p+G7baBuzQppTHC9FBg5z02t8SsbhGSUMivy57rOGgpG
dnzUdufZQs6WFUaRz6Dnpjq3q1xWzV9ZmeWADCtx655QIBv3Mr4yLhymUW36Mi/p
bzdeb7fgxe5LMrfAyXVyAcRIgJTobWpxe1oMlUDbzh9cxHKw+z7ExFXVfj3FX8dd
AxdWnYcPcEVo6u5grE44y8r6bZE9XfbLLqdYs5vcmbhzFm/5V8UJ2tip+pWg2o4I
Q+un
-----END CERTIFICATE-----
Generated at Fri Mar 29 05:47:13 2024 by rpki-client on console-ams.rpki-client.org