Certificate

$ rpki-client -vvf rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/d2kjY-As1XnsUuGBSKcq3smWh1M.cer
File:                     d2kjY-As1XnsUuGBSKcq3smWh1M.cer (raw, json)
Hash identifier:          /LgD9DMMhFtx6trV3oWPdaRlw57zzX47z3BW81pDQ68=
Subject key identifier:   77:69:23:63:E0:2C:D5:79:EC:52:E1:81:48:A7:2A:DE:C9:96:87:53
Authority key identifier: 0E:65:A4:F5:FD:36:B5:BD:68:EB:3C:92:34:08:97:8C:90:7A:A7:9F
Certificate issuer:       /CN=A90DC5BE/serialNumber=0E65A4F5FD36B5BD68EB3C923408978C907AA79F
Certificate serial:       0130B5
Authority info access:    rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
Manifest:                 rsync://rpki.apnic.net/member_repository/A91FD4CC/4C8EBEE2279311EAA00E9724C4F9AE02/d2kjY-As1XnsUuGBSKcq3smWh1M.mft
caRepository:             rsync://rpki.apnic.net/member_repository/A91FD4CC/4C8EBEE2279311EAA00E9724C4F9AE02/
Notify URL:               https://rrdp.apnic.net/notification.xml
Certificate not before:   Tue 26 Oct 2021 19:00:41 +0000
Certificate not after:    Thu 01 Dec 2022 00:00:00 +0000
Subordinate resources:    IP: 103.121.208.0/22
                          IP: 2403:71c0::/32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 78005 (0x130b5)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A90DC5BE/serialNumber=0E65A4F5FD36B5BD68EB3C923408978C907AA79F
        Validity
            Not Before: Oct 26 19:00:41 2021 GMT
            Not After : Dec  1 00:00:00 2022 GMT
        Subject: CN=A91FD4CC/serialNumber=77692363E02CD579EC52E18148A72ADEC9968753
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:7b:ba:76:1a:26:b6:ef:88:c2:43:70:c2:72:
                    11:3a:59:60:ce:ed:4a:5c:ff:66:fe:08:fe:44:50:
                    9c:63:00:38:d0:10:2c:46:c3:ac:e8:45:59:1d:e9:
                    1f:87:06:d3:3d:a4:e2:00:dd:e8:e0:72:36:a1:46:
                    30:48:2f:20:e3:79:5b:03:bf:79:e3:8c:40:0f:8d:
                    5d:ba:a9:67:67:8f:77:05:11:b5:02:1d:13:cf:18:
                    ac:b9:17:bb:c2:ae:98:2d:d8:88:a4:7c:88:e0:51:
                    08:81:ae:94:63:dd:30:34:a5:48:bf:d9:1b:d9:3f:
                    c4:24:d7:b7:f3:f1:bb:a9:5c:5c:bf:65:f7:76:9d:
                    8e:52:84:7b:18:e8:e2:74:7d:c2:92:e9:3a:c3:b8:
                    62:bc:ba:ae:b2:70:8c:a2:99:c9:53:c5:44:95:52:
                    20:cf:45:b0:05:e6:01:9d:85:63:be:9d:a5:f6:22:
                    3c:86:b1:49:03:8a:e8:55:a3:73:1d:bb:97:12:87:
                    17:34:22:b0:bd:fd:42:e0:14:aa:fe:22:4d:0b:2b:
                    b2:b8:6c:e2:97:63:60:52:27:52:ad:11:db:bb:bb:
                    b4:bd:a5:82:a0:f7:59:34:ef:f7:06:92:61:42:9c:
                    f7:7b:ba:13:92:e4:a9:90:3d:5f:2c:0e:88:0c:7b:
                    9c:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:69:23:63:E0:2C:D5:79:EC:52:E1:81:48:A7:2A:DE:C9:96:87:53
            X509v3 Authority Key Identifier:
                keyid:0E:65:A4:F5:FD:36:B5:BD:68:EB:3C:92:34:08:97:8C:90:7A:A7:9F

            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                CA Repository - URI:rsync://rpki.apnic.net/member_repository/A91FD4CC/4C8EBEE2279311EAA00E9724C4F9AE02/
                RPKI Manifest - URI:rsync://rpki.apnic.net/member_repository/A91FD4CC/4C8EBEE2279311EAA00E9724C4F9AE02/d2kjY-As1XnsUuGBSKcq3smWh1M.mft
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.121.208.0/22
                IPv6:
                  2403:71c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         82:3b:a2:bd:fd:0c:af:04:1e:0b:85:c1:e4:85:56:a0:54:db:
         91:fa:ba:e1:03:47:5a:6f:9e:99:70:0e:38:25:b4:5f:ca:cf:
         02:e0:eb:80:e7:8b:14:a1:73:0d:d5:a2:d5:0f:7f:ca:cd:fc:
         e0:a3:3a:47:2a:11:79:6a:5b:4c:fb:23:f0:ef:f8:2d:b1:f0:
         0b:8e:ab:cb:49:68:46:1e:26:72:f4:02:28:40:51:62:e4:d7:
         cd:fe:41:83:ed:0d:43:22:6c:9c:48:25:cb:1b:3b:67:87:4d:
         e4:31:ad:2f:4a:85:3a:3a:4a:7b:16:9d:09:90:f7:81:03:69:
         c7:5a:02:55:5a:f3:2f:93:95:cf:ef:5c:8b:1e:67:5b:76:a4:
         1c:20:33:90:4b:57:37:1e:75:94:86:64:ac:49:e2:3f:4d:38:
         d8:06:39:05:c4:e7:f0:da:65:50:5a:d0:c4:68:35:d9:06:31:
         d0:cb:0e:e9:e1:ab:96:61:70:e4:b0:5a:2a:a9:8a:16:e7:a5:
         b0:fa:3e:76:a3:c7:27:e9:62:1d:22:a6:1c:54:08:9d:16:bb:
         04:96:ab:5d:c2:49:78:bd:05:2a:f4:81:85:75:60:86:69:b2:
         93:a8:27:75:e9:24:c1:9b:c2:aa:b4:5e:8f:df:a9:27:fa:ba:
         cf:d0:da:5b
-----BEGIN CERTIFICATE-----
MIIGDTCCBPWgAwIBAgIDATC1MA0GCSqGSIb3DQEBCwUAMEYxETAPBgNVBAMTCEE5
MERDNUJFMTEwLwYDVQQFEygwRTY1QTRGNUZEMzZCNUJENjhFQjNDOTIzNDA4OTc4
QzkwN0FBNzlGMB4XDTIxMTAyNjE5MDA0MVoXDTIyMTIwMTAwMDAwMFowRjERMA8G
A1UEAxMIQTkxRkQ0Q0MxMTAvBgNVBAUTKDc3NjkyMzYzRTAyQ0Q1NzlFQzUyRTE4
MTQ4QTcyQURFQzk5Njg3NTMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQCYe7p2Gia274jCQ3DCchE6WWDO7Upc/2b+CP5EUJxjADjQECxGw6zoRVkd6R+H
BtM9pOIA3ejgcjahRjBILyDjeVsDv3njjEAPjV26qWdnj3cFEbUCHRPPGKy5F7vC
rpgt2IikfIjgUQiBrpRj3TA0pUi/2RvZP8Qk17fz8bupXFy/Zfd2nY5ShHsY6OJ0
fcKS6TrDuGK8uq6ycIyimclTxUSVUiDPRbAF5gGdhWO+naX2IjyGsUkDiuhVo3Md
u5cShxc0IrC9/ULgFKr+Ik0LK7K4bOKXY2BSJ1KtEdu7u7S9pYKg91k07/cGkmFC
nPd7uhOS5KmQPV8sDogMe5ydAgMBAAGjggMCMIIC/jAdBgNVHQ4EFgQUd2kjY+As
1XnsUuGBSKcq3smWh1MwHwYDVR0jBBgwFoAUDmWk9f02tb1o6zySNAiXjJB6p58w
DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wcwYDVR0fBGwwajBooGag
ZIZicnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2
NjExRTJCQjQ2OEY3QzcyRkQxRkYyL0RtV2s5ZjAydGIxbzZ6eVNOQWlYakpCNnA1
OC5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvOTgwNjUyRTBCNzdFMTFFN0E5NkEzOTUyMUE0
RjRGQjQvRG1XazlmMDJ0YjFvNnp5U05BaVhqSkI2cDU4LmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwggEoBggrBgEFBQcBCwSCARowggEWMF8GCCsGAQUF
BzAFhlNyc3luYzovL3Jwa2kuYXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5
MUZENENDLzRDOEVCRUUyMjc5MzExRUFBMDBFOTcyNEM0RjlBRTAyLzB+BggrBgEF
BQcwCoZycnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9B
OTFGRDRDQy80QzhFQkVFMjI3OTMxMUVBQTAwRTk3MjRDNEY5QUUwMi9kMmtqWS1B
czFYbnNVdUdCU0tjcTNzbVdoMU0ubWZ0MDMGCCsGAQUFBzANhidodHRwczovL3Jy
ZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwLgYIKwYBBQUHAQcBAf8EHzAd
MAwEAgABMAYDBAJnedAwDQQCAAIwBwMFACQDccAwDQYJKoZIhvcNAQELBQADggEB
AII7or39DK8EHguFweSFVqBU25H6uuEDR1pvnplwDjgltF/KzwLg64DnixShcw3V
otUPf8rN/OCjOkcqEXlqW0z7I/Dv+C2x8AuOq8tJaEYeJnL0AihAUWLk183+QYPt
DUMibJxIJcsbO2eHTeQxrS9KhTo6SnsWnQmQ94EDacdaAlVa8y+Tlc/vXIseZ1t2
pBwgM5BLVzcedZSGZKxJ4j9NONgGOQXE5/DaZVBa0MRoNdkGMdDLDunhq5ZhcOSw
WiqpihbnpbD6PnajxyfpYh0iphxUCJ0WuwSWq13CSXi9BSr0gYV1YIZpspOoJ3Xp
JMGbwqq0Xo/fqSf6us/Q2ls=
-----END CERTIFICATE-----