Certificate

$ rpki-client -vvf rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/jA43PR8ZGDzxvYIgsUAguL8sZ00.cer
File:                     jA43PR8ZGDzxvYIgsUAguL8sZ00.cer (raw, json)
Hash identifier:          ESqMeJ3/pGk0OYuHLrTDUvIO7Pqk3Rt3rmAbdiDcseg=
Subject key identifier:   8C:0E:37:3D:1F:19:18:3C:F1:BD:82:20:B1:40:20:B8:BF:2C:67:4D
Authority key identifier: 0E:65:A4:F5:FD:36:B5:BD:68:EB:3C:92:34:08:97:8C:90:7A:A7:9F
Certificate issuer:       /CN=A90DC5BE/serialNumber=0E65A4F5FD36B5BD68EB3C923408978C907AA79F
Certificate serial:       01EAE6
Authority info access:    rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
Manifest:                 rsync://rsync.paas.rpki.ripe.net/repository/04032c8f-1d57-4c3b-9043-a0e7febf167d/3/8C0E373D1F19183CF1BD8220B14020B8BF2C674D.mft
caRepository:             rsync://rsync.paas.rpki.ripe.net/repository/04032c8f-1d57-4c3b-9043-a0e7febf167d/3
Notify URL:               https://rrdp.paas.rpki.ripe.net/notification.xml
Certificate not before:   Wed 10 Apr 2024 10:20:51 +0000
Certificate not after:    Thu 31 Oct 2024 00:00:00 +0000
Subordinate resources:    AS: 134598
                          IP: 103.121.40.0/22
                          IP: 2403:63c0::/32

Validation:               Failed, certificate revoked on Wed 17 Apr 2024 23:54:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 125670 (0x1eae6)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A90DC5BE/serialNumber=0E65A4F5FD36B5BD68EB3C923408978C907AA79F
        Validity
            Not Before: Apr 10 10:20:51 2024 GMT
            Not After : Oct 31 00:00:00 2024 GMT
        Subject: CN=A916C10F0000/serialNumber=8C0E373D1F19183CF1BD8220B14020B8BF2C674D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:91:3c:12:e7:86:98:b5:e3:28:ba:00:07:6f:
                    0d:3d:70:17:fe:27:36:54:50:d4:2f:83:a1:d2:08:
                    a4:eb:8b:8f:f0:3b:3d:b1:e1:0b:ed:79:15:12:8d:
                    8f:6a:43:c7:27:b6:dc:aa:4e:04:72:cb:34:48:10:
                    b8:31:83:09:31:01:c5:17:9d:9a:65:99:8c:43:1a:
                    c4:6d:49:f7:94:af:52:44:30:f2:df:9f:59:cf:dc:
                    7f:8f:b3:25:93:44:7c:45:f9:6f:50:02:b0:78:54:
                    0d:71:14:9c:3d:5c:90:78:0d:c2:38:2a:b0:29:8c:
                    ba:24:2d:04:64:b7:83:ed:21:23:ed:97:df:f2:f7:
                    17:6c:68:a8:7e:6f:af:39:5d:b8:c0:b8:0d:23:6a:
                    2c:68:1d:2c:e1:81:ab:4b:ae:9a:7c:a2:67:76:97:
                    57:e0:60:c5:19:3e:e7:1d:8b:da:ab:cd:4d:e3:9d:
                    fe:44:90:2a:ae:09:e2:a2:29:4b:14:ce:f4:e7:63:
                    4b:f0:ee:78:b3:af:50:58:3e:0c:72:24:63:30:93:
                    8b:f1:94:ca:5b:d7:c3:a9:b5:34:3f:57:05:9b:c0:
                    2d:16:0b:6c:ba:9a:d0:e4:8a:92:f3:60:be:16:e0:
                    49:4f:59:6e:33:82:96:12:f4:c7:43:8b:fc:04:d6:
                    89:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:0E:37:3D:1F:19:18:3C:F1:BD:82:20:B1:40:20:B8:BF:2C:67:4D
            X509v3 Authority Key Identifier:
                keyid:0E:65:A4:F5:FD:36:B5:BD:68:EB:3C:92:34:08:97:8C:90:7A:A7:9F

            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                CA Repository - URI:rsync://rsync.paas.rpki.ripe.net/repository/04032c8f-1d57-4c3b-9043-a0e7febf167d/3
                RPKI Manifest - URI:rsync://rsync.paas.rpki.ripe.net/repository/04032c8f-1d57-4c3b-9043-a0e7febf167d/3/8C0E373D1F19183CF1BD8220B14020B8BF2C674D.mft
                RPKI Notify - URI:https://rrdp.paas.rpki.ripe.net/notification.xml

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  134598

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.121.40.0/22
                IPv6:
                  2403:63c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         ba:c9:a7:f0:3a:c4:5f:7e:a5:a5:0a:9f:18:03:06:d1:4e:2a:
         52:62:2a:79:f2:2e:b3:c0:90:6f:b7:8a:de:b2:41:54:01:9e:
         24:32:2a:0b:0b:7d:2a:48:09:6f:9c:69:2e:b9:05:f7:af:95:
         ab:99:36:d8:9a:a3:01:89:aa:50:08:79:b0:10:22:e2:93:a0:
         48:60:e2:0b:39:5b:fb:4f:9d:ac:85:aa:c6:da:3f:13:c1:5c:
         8f:4d:c7:c8:85:af:9c:6e:d2:6a:85:d6:ba:c9:b2:be:b3:16:
         91:e8:85:22:79:92:9e:c6:a4:a6:22:bd:cf:f3:83:1b:3a:d1:
         0d:d4:12:e3:28:fb:a3:5c:8d:7b:2c:b4:a7:d7:82:7a:a0:10:
         b0:d6:76:60:a0:39:75:2b:07:d7:fa:ca:8a:87:9b:8b:92:00:
         d0:cc:32:5d:2e:51:b1:cf:88:ef:8f:9e:bf:66:68:5f:8b:c9:
         e0:87:a1:3b:c4:7a:39:5f:cb:74:ac:06:a6:aa:d0:1a:d1:5b:
         57:98:a5:8f:57:5e:76:17:ad:28:26:75:76:68:b2:81:c6:db:
         2b:f2:88:5a:e5:27:8c:79:30:ca:8e:73:a6:49:a5:6a:45:e9:
         41:a6:9a:c6:4a:45:c1:7b:e5:0f:e9:15:23:6a:63:e4:fe:51:
         17:5a:5a:a2
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIDAermMA0GCSqGSIb3DQEBCwUAMEYxETAPBgNVBAMTCEE5
MERDNUJFMTEwLwYDVQQFEygwRTY1QTRGNUZEMzZCNUJENjhFQjNDOTIzNDA4OTc4
QzkwN0FBNzlGMB4XDTI0MDQxMDEwMjA1MVoXDTI0MTAzMTAwMDAwMFowSjEVMBMG
A1UEAxMMQTkxNkMxMEYwMDAwMTEwLwYDVQQFEyg4QzBFMzczRDFGMTkxODNDRjFC
RDgyMjBCMTQwMjBCOEJGMkM2NzREMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAtJE8EueGmLXjKLoAB28NPXAX/ic2VFDUL4Oh0gik64uP8Ds9seEL7XkV
Eo2PakPHJ7bcqk4Ecss0SBC4MYMJMQHFF52aZZmMQxrEbUn3lK9SRDDy359Zz9x/
j7Mlk0R8RflvUAKweFQNcRScPVyQeA3COCqwKYy6JC0EZLeD7SEj7Zff8vcXbGio
fm+vOV24wLgNI2osaB0s4YGrS66afKJndpdX4GDFGT7nHYvaq81N453+RJAqrgni
oilLFM7052NL8O54s69QWD4MciRjMJOL8ZTKW9fDqbU0P1cFm8AtFgtsuprQ5IqS
82C+FuBJT1luM4KWEvTHQ4v8BNaJtQIDAQABo4IDNDCCAzAwHQYDVR0OBBYEFIwO
Nz0fGRg88b2CILFAILi/LGdNMB8GA1UdIwQYMBaAFA5lpPX9NrW9aOs8kjQIl4yQ
eqefMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MHMGA1UdHwRsMGow
aKBmoGSGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1
ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9EbVdrOWYwMnRiMW82enlTTkFpWGpK
QjZwNTguY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9y
cGtpLmFwbmljLm5ldC9yZXBvc2l0b3J5Lzk4MDY1MkUwQjc3RTExRTdBOTZBMzk1
MjFBNEY0RkI0L0RtV2s5ZjAydGIxbzZ6eVNOQWlYakpCNnA1OC5jZXIwSgYDVR0g
AQH/BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5h
cG5pYy5uZXQvUlBLSS9DUFMucGRmMIIBPgYIKwYBBQUHAQsEggEwMIIBLDBeBggr
BgEFBQcwBYZScnN5bmM6Ly9yc3luYy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3Np
dG9yeS8wNDAzMmM4Zi0xZDU3LTRjM2ItOTA0My1hMGU3ZmViZjE2N2QvMzCBiwYI
KwYBBQUHMAqGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9z
aXRvcnkvMDQwMzJjOGYtMWQ1Ny00YzNiLTkwNDMtYTBlN2ZlYmYxNjdkLzMvOEMw
RTM3M0QxRjE5MTgzQ0YxQkQ4MjIwQjE0MDIwQjhCRjJDNjc0RC5tZnQwPAYIKwYB
BQUHMA2GMGh0dHBzOi8vcnJkcC5wYWFzLnJwa2kucmlwZS5uZXQvbm90aWZpY2F0
aW9uLnhtbDAaBggrBgEFBQcBCAEB/wQLMAmgBzAFAgMCDcYwLgYIKwYBBQUHAQcB
Af8EHzAdMAwEAgABMAYDBAJneSgwDQQCAAIwBwMFACQDY8AwDQYJKoZIhvcNAQEL
BQADggEBALrJp/A6xF9+paUKnxgDBtFOKlJiKnnyLrPAkG+3it6yQVQBniQyKgsL
fSpICW+caS65BfevlauZNtiaowGJqlAIebAQIuKToEhg4gs5W/tPnayFqsbaPxPB
XI9Nx8iFr5xu0mqF1rrJsr6zFpHohSJ5kp7GpKYivc/zgxs60Q3UEuMo+6NcjXss
tKfXgnqgELDWdmCgOXUrB9f6yoqHm4uSANDMMl0uUbHPiO+Pnr9maF+LyeCHoTvE
ejlfy3SsBqaq0BrRW1eYpY9XXnYXrSgmdXZosoHG2yvyiFrlJ4x5MMqOc6ZJpWpF
6UGmmsZKRcF75Q/pFSNqY+T+URdaWqI=
-----END CERTIFICATE-----