Certificate

$ rpki-client -vvf rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/k3hpHVqDzAJrjR8jKAYAg3G-3AQ.cer
File:                     k3hpHVqDzAJrjR8jKAYAg3G-3AQ.cer (raw, json)
Hash identifier:          iXECbRZbnwVVmzFFKCIZ332sliGBOEMMLlt31jknkoM=
Subject key identifier:   93:78:69:1D:5A:83:CC:02:6B:8D:1F:23:28:06:00:83:71:BE:DC:04
Authority key identifier: 0E:65:A4:F5:FD:36:B5:BD:68:EB:3C:92:34:08:97:8C:90:7A:A7:9F
Certificate issuer:       /CN=A90DC5BE/serialNumber=0E65A4F5FD36B5BD68EB3C923408978C907AA79F
Certificate serial:       01C776
Authority info access:    rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
Manifest:                 rsync://rpki.apnic.net/member_repository/A9164FD2/B94B4F7C0C3611EB85233121C4F9AE02/k3hpHVqDzAJrjR8jKAYAg3G-3AQ.mft
caRepository:             rsync://rpki.apnic.net/member_repository/A9164FD2/B94B4F7C0C3611EB85233121C4F9AE02/
Notify URL:               https://rrdp.apnic.net/notification.xml
Certificate not before:   Tue 31 Oct 2023 18:30:43 +0000
Certificate not after:    Mon 30 Dec 2024 00:00:00 +0000
Subordinate resources:    IP: 103.9.51.0/24
                          IP: 103.81.162.0/24
                          IP: 103.195.143.0/24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 05 Apr 2024 04:49:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 116598 (0x1c776)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A90DC5BE/serialNumber=0E65A4F5FD36B5BD68EB3C923408978C907AA79F
        Validity
            Not Before: Oct 31 18:30:43 2023 GMT
            Not After : Dec 30 00:00:00 2024 GMT
        Subject: CN=A9164FD2/serialNumber=9378691D5A83CC026B8D1F232806008371BEDC04
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:64:41:e7:e0:64:66:35:8a:55:2f:93:21:ee:
                    67:f3:fe:37:b3:c0:fb:95:6a:ac:4a:82:23:bf:c8:
                    17:53:76:db:01:e4:88:0b:2a:86:7b:65:6b:b4:63:
                    6e:1b:dd:bd:8f:ac:dc:07:f8:3a:02:a8:98:34:34:
                    b0:96:a8:1d:a3:a2:27:6f:68:3a:8a:9a:1e:4d:25:
                    be:1f:54:4d:94:60:03:1a:10:de:b0:bd:f1:10:5d:
                    d8:1e:c8:bf:1c:7f:57:33:9c:67:90:e9:40:32:d4:
                    0e:f3:81:27:3f:74:5a:6c:1d:d6:0d:44:01:fd:33:
                    f2:69:cc:45:1c:4c:3b:03:b7:c6:32:3c:15:68:af:
                    f1:1c:aa:8f:e7:6e:e9:25:ad:7d:5d:78:9e:aa:7d:
                    5a:b3:a9:e8:3e:b2:7f:0e:f8:fa:cb:be:c2:91:52:
                    7b:0b:4e:b3:c9:b1:af:be:a8:a3:cf:c5:de:df:52:
                    71:58:6f:52:6b:c7:e3:80:c0:fc:06:80:54:37:26:
                    c6:57:30:66:cf:d3:08:2a:16:b5:91:3d:17:b8:b2:
                    50:2e:d6:71:54:fc:85:22:cf:f6:a0:6e:d2:45:51:
                    24:c1:5e:74:b5:0d:dd:e0:6d:3e:a2:31:8c:f7:92:
                    2c:4d:e9:d4:a8:5b:80:b0:54:29:50:6e:f4:72:e2:
                    5e:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:78:69:1D:5A:83:CC:02:6B:8D:1F:23:28:06:00:83:71:BE:DC:04
            X509v3 Authority Key Identifier:
                keyid:0E:65:A4:F5:FD:36:B5:BD:68:EB:3C:92:34:08:97:8C:90:7A:A7:9F

            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                CA Repository - URI:rsync://rpki.apnic.net/member_repository/A9164FD2/B94B4F7C0C3611EB85233121C4F9AE02/
                RPKI Manifest - URI:rsync://rpki.apnic.net/member_repository/A9164FD2/B94B4F7C0C3611EB85233121C4F9AE02/k3hpHVqDzAJrjR8jKAYAg3G-3AQ.mft
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.9.51.0/24
                  103.81.162.0/24
                  103.195.143.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c0:b1:cd:20:3f:a4:83:06:b0:ac:1a:aa:98:63:46:e9:30:8c:
         fb:11:2b:34:82:7b:88:39:84:a7:9a:2c:a2:4d:2d:84:62:88:
         4f:d5:7d:48:a8:e2:ea:4a:b3:12:ca:f2:fa:0d:fd:55:2f:48:
         98:e2:46:88:a2:19:4f:22:87:99:80:1f:fd:74:6d:90:5d:ed:
         49:18:4d:e7:98:37:dc:f2:01:50:e2:ec:d0:67:01:06:90:fb:
         4b:94:5f:dd:42:20:e0:81:33:c1:cd:34:d5:87:b7:03:73:9b:
         97:74:11:42:2a:b9:ba:c4:41:00:e9:db:9d:37:70:a2:d2:e9:
         8d:79:07:3d:eb:83:e9:8e:10:17:03:ae:20:34:19:49:c0:21:
         24:8d:2d:a4:cb:aa:f3:22:ef:f8:c9:a5:2a:1a:84:4e:4d:e0:
         12:f0:2d:4e:60:c7:a4:05:74:fe:da:79:53:d5:86:69:71:16:
         3b:6b:a0:b7:e3:99:0f:57:36:5e:bb:e6:d2:5d:85:c0:7f:79:
         65:e3:db:4b:aa:d9:4c:17:ff:1c:50:17:05:14:e7:af:26:9e:
         49:fd:0e:2e:ec:b1:8c:e6:e6:c9:75:03:3e:c3:be:a7:6a:8b:
         5e:a1:99:49:7a:c5:3e:46:f5:74:62:2d:37:cc:d2:8a:70:62:
         95:86:a4:64
-----BEGIN CERTIFICATE-----
MIIGCjCCBPKgAwIBAgIDAcd2MA0GCSqGSIb3DQEBCwUAMEYxETAPBgNVBAMTCEE5
MERDNUJFMTEwLwYDVQQFEygwRTY1QTRGNUZEMzZCNUJENjhFQjNDOTIzNDA4OTc4
QzkwN0FBNzlGMB4XDTIzMTAzMTE4MzA0M1oXDTI0MTIzMDAwMDAwMFowRjERMA8G
A1UEAxMIQTkxNjRGRDIxMTAvBgNVBAUTKDkzNzg2OTFENUE4M0NDMDI2QjhEMUYy
MzI4MDYwMDgzNzFCRURDMDQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDUZEHn4GRmNYpVL5Mh7mfz/jezwPuVaqxKgiO/yBdTdtsB5IgLKoZ7ZWu0Y24b
3b2PrNwH+DoCqJg0NLCWqB2joidvaDqKmh5NJb4fVE2UYAMaEN6wvfEQXdgeyL8c
f1cznGeQ6UAy1A7zgSc/dFpsHdYNRAH9M/JpzEUcTDsDt8YyPBVor/Ecqo/nbukl
rX1deJ6qfVqzqeg+sn8O+PrLvsKRUnsLTrPJsa++qKPPxd7fUnFYb1Jrx+OAwPwG
gFQ3JsZXMGbP0wgqFrWRPRe4slAu1nFU/IUiz/agbtJFUSTBXnS1Dd3gbT6iMYz3
kixN6dSoW4CwVClQbvRy4l7XAgMBAAGjggL/MIIC+zAdBgNVHQ4EFgQUk3hpHVqD
zAJrjR8jKAYAg3G+3AQwHwYDVR0jBBgwFoAUDmWk9f02tb1o6zySNAiXjJB6p58w
DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wcwYDVR0fBGwwajBooGag
ZIZicnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2
NjExRTJCQjQ2OEY3QzcyRkQxRkYyL0RtV2s5ZjAydGIxbzZ6eVNOQWlYakpCNnA1
OC5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvOTgwNjUyRTBCNzdFMTFFN0E5NkEzOTUyMUE0
RjRGQjQvRG1XazlmMDJ0YjFvNnp5U05BaVhqSkI2cDU4LmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwggEoBggrBgEFBQcBCwSCARowggEWMF8GCCsGAQUF
BzAFhlNyc3luYzovL3Jwa2kuYXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5
MTY0RkQyL0I5NEI0RjdDMEMzNjExRUI4NTIzMzEyMUM0RjlBRTAyLzB+BggrBgEF
BQcwCoZycnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9B
OTE2NEZEMi9COTRCNEY3QzBDMzYxMUVCODUyMzMxMjFDNEY5QUUwMi9rM2hwSFZx
RHpBSnJqUjhqS0FZQWczRy0zQVEubWZ0MDMGCCsGAQUFBzANhidodHRwczovL3Jy
ZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwKwYIKwYBBQUHAQcBAf8EHDAa
MBgEAgABMBIDBABnCTMDBABnUaIDBABnw48wDQYJKoZIhvcNAQELBQADggEBAMCx
zSA/pIMGsKwaqphjRukwjPsRKzSCe4g5hKeaLKJNLYRiiE/VfUio4upKsxLK8voN
/VUvSJjiRoiiGU8ih5mAH/10bZBd7UkYTeeYN9zyAVDi7NBnAQaQ+0uUX91CIOCB
M8HNNNWHtwNzm5d0EUIqubrEQQDp2503cKLS6Y15Bz3rg+mOEBcDriA0GUnAISSN
LaTLqvMi7/jJpSoahE5N4BLwLU5gx6QFdP7aeVPVhmlxFjtroLfjmQ9XNl675tJd
hcB/eWXj20uq2UwX/xxQFwUU568mnkn9Di7ssYzm5sl1Az7Dvqdqi16hmUl6xT5G
9XRiLTfM0opwYpWGpGQ=
-----END CERTIFICATE-----
Generated at Fri Mar 29 06:02:35 2024 by rpki-client on console-fra.rpki-client.org