Certificate

$ rpki-client -vvf rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/kIhKP1esRvpjpxvZk-TorXiBh68.cer
File:                     kIhKP1esRvpjpxvZk-TorXiBh68.cer (raw, json)
Hash identifier:          NffIURjvT/OEHnpNz/zT+LMl3UFofLWvkjvqPOoB0m4=
Subject key identifier:   90:88:4A:3F:57:AC:46:FA:63:A7:1B:D9:93:E4:E8:AD:78:81:87:AF
Authority key identifier: 0E:65:A4:F5:FD:36:B5:BD:68:EB:3C:92:34:08:97:8C:90:7A:A7:9F
Certificate issuer:       /CN=A90DC5BE/serialNumber=0E65A4F5FD36B5BD68EB3C923408978C907AA79F
Certificate serial:       01C102
Authority info access:    rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
Manifest:                 rsync://rpki.akrn.net/repo/AKRN/0/90884A3F57AC46FA63A71BD993E4E8AD788187AF.mft
caRepository:             rsync://rpki.akrn.net/repo/AKRN/0/
Notify URL:               https://rpki.akrn.net/rrdp/notification.xml
Certificate not before:   Sun 01 Oct 2023 06:40:10 +0000
Certificate not after:    Sun 01 Dec 2024 00:00:00 +0000
Subordinate resources:    AS: 38136
                          AS: 139299
                          AS: 139734
                          IP: 103.172.40.0/23
                          IP: 2407:cdc0::/32

Validation:               OK
Signature path:           rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 04 Apr 2024 20:48:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 114946 (0x1c102)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A90DC5BE/serialNumber=0E65A4F5FD36B5BD68EB3C923408978C907AA79F
        Validity
            Not Before: Oct  1 06:40:10 2023 GMT
            Not After : Dec  1 00:00:00 2024 GMT
        Subject: CN=A916C75D0000/serialNumber=90884A3F57AC46FA63A71BD993E4E8AD788187AF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:70:47:1b:7d:97:7d:a0:1e:f1:3b:ab:bd:46:
                    65:d8:2d:39:f3:d1:79:9e:64:73:49:4c:1e:94:3b:
                    e6:64:bf:52:8f:75:1e:33:71:3f:2e:4f:c8:7f:d9:
                    f2:bc:b6:fa:d9:5c:3a:b2:da:5d:17:9e:23:cb:16:
                    b3:bc:0a:d6:cc:72:ed:2a:f7:1c:cc:6e:63:84:ec:
                    a5:30:70:a7:ef:24:3d:0b:00:6d:01:87:ec:27:c7:
                    dd:19:99:1d:2c:9d:80:1b:e6:c4:65:71:ea:ad:a8:
                    32:b2:4e:57:45:6a:2b:b6:a2:d1:58:cb:eb:e7:dd:
                    c7:63:37:be:bb:db:82:ad:90:76:14:66:2d:43:e9:
                    6d:5a:76:ca:74:94:1f:ca:ce:a3:c2:6d:d4:10:f1:
                    72:24:b7:23:c9:b4:1d:47:d9:52:ca:a9:f2:5d:28:
                    ef:d6:ae:f9:fe:ef:e8:33:ab:4d:75:fc:8f:c6:f6:
                    af:71:ff:e6:0d:be:bc:bf:69:f6:dd:08:81:7e:5e:
                    e0:b6:2f:26:76:82:bc:2c:d1:93:bd:b5:94:e1:2e:
                    0f:d0:ca:8a:ed:18:cf:4b:68:7c:f0:5c:0d:29:e2:
                    44:16:0e:35:6b:19:5c:09:3e:d3:e1:c1:47:d8:11:
                    0a:55:68:43:1b:d7:e5:33:1f:7d:a0:ee:f3:78:c9:
                    e4:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:88:4A:3F:57:AC:46:FA:63:A7:1B:D9:93:E4:E8:AD:78:81:87:AF
            X509v3 Authority Key Identifier:
                keyid:0E:65:A4:F5:FD:36:B5:BD:68:EB:3C:92:34:08:97:8C:90:7A:A7:9F

            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                CA Repository - URI:rsync://rpki.akrn.net/repo/AKRN/0/
                RPKI Manifest - URI:rsync://rpki.akrn.net/repo/AKRN/0/90884A3F57AC46FA63A71BD993E4E8AD788187AF.mft
                RPKI Notify - URI:https://rpki.akrn.net/rrdp/notification.xml

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  38136
                  139299
                  139734

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.172.40.0/23
                IPv6:
                  2407:cdc0::/32

    Signature Algorithm: sha256WithRSAEncryption
         4d:1e:55:c1:b6:a2:8e:a8:39:f7:44:87:8e:6e:d4:26:fc:28:
         e1:97:58:24:f6:14:7f:4e:d8:06:1a:e1:db:47:7f:9b:01:21:
         f5:8d:c8:f0:05:39:1a:df:cc:a3:37:0b:61:02:96:d2:37:95:
         42:0a:60:50:ea:af:59:ce:fd:e3:58:2c:c7:8d:c2:79:f4:44:
         74:dc:0b:cf:7e:f2:8f:ce:f4:ab:5f:82:df:91:d4:3c:48:02:
         49:85:d8:b3:f4:d9:99:cb:11:b3:af:78:cb:7a:3b:3e:16:d1:
         ce:1e:01:ac:32:7d:3c:25:19:42:72:df:e1:4e:a5:3a:6d:05:
         51:f5:43:4f:4a:92:72:f7:0d:25:3f:ae:69:18:53:1a:55:5f:
         fc:a7:c6:a3:e0:91:01:6f:ff:bd:53:e5:95:e1:da:1f:d7:94:
         3a:f6:f5:4f:f8:e9:84:25:da:38:10:e0:f6:a8:d9:d0:f0:bc:
         f3:8c:da:05:3f:a7:cb:ad:61:7a:21:99:77:58:81:f6:67:d1:
         7f:08:38:be:87:6d:59:55:12:4d:01:d4:47:2a:d0:91:81:5a:
         d3:29:24:0a:66:7c:83:3b:7f:97:b2:ae:c6:17:9d:fc:14:5d:
         89:fd:c9:22:99:33:48:6c:1f:8e:06:41:a2:47:1e:db:71:33:
         aa:8a:ba:60
-----BEGIN CERTIFICATE-----
MIIF4zCCBMugAwIBAgIDAcECMA0GCSqGSIb3DQEBCwUAMEYxETAPBgNVBAMTCEE5
MERDNUJFMTEwLwYDVQQFEygwRTY1QTRGNUZEMzZCNUJENjhFQjNDOTIzNDA4OTc4
QzkwN0FBNzlGMB4XDTIzMTAwMTA2NDAxMFoXDTI0MTIwMTAwMDAwMFowSjEVMBMG
A1UEAxMMQTkxNkM3NUQwMDAwMTEwLwYDVQQFEyg5MDg4NEEzRjU3QUM0NkZBNjNB
NzFCRDk5M0U0RThBRDc4ODE4N0FGMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAqHBHG32XfaAe8TurvUZl2C0589F5nmRzSUwelDvmZL9Sj3UeM3E/Lk/I
f9nyvLb62Vw6stpdF54jyxazvArWzHLtKvcczG5jhOylMHCn7yQ9CwBtAYfsJ8fd
GZkdLJ2AG+bEZXHqragysk5XRWortqLRWMvr593HYze+u9uCrZB2FGYtQ+ltWnbK
dJQfys6jwm3UEPFyJLcjybQdR9lSyqnyXSjv1q75/u/oM6tNdfyPxvavcf/mDb68
v2n23QiBfl7gti8mdoK8LNGTvbWU4S4P0MqK7RjPS2h88FwNKeJEFg41axlcCT7T
4cFH2BEKVWhDG9flMx99oO7zeMnkVwIDAQABo4IC1DCCAtAwHQYDVR0OBBYEFJCI
Sj9XrEb6Y6cb2ZPk6K14gYevMB8GA1UdIwQYMBaAFA5lpPX9NrW9aOs8kjQIl4yQ
eqefMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MHMGA1UdHwRsMGow
aKBmoGSGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1
ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9EbVdrOWYwMnRiMW82enlTTkFpWGpK
QjZwNTguY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9y
cGtpLmFwbmljLm5ldC9yZXBvc2l0b3J5Lzk4MDY1MkUwQjc3RTExRTdBOTZBMzk1
MjFBNEY0RkI0L0RtV2s5ZjAydGIxbzZ6eVNOQWlYakpCNnA1OC5jZXIwSgYDVR0g
AQH/BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5h
cG5pYy5uZXQvUlBLSS9DUFMucGRmMIHVBggrBgEFBQcBCwSByDCBxTAuBggrBgEF
BQcwBYYicnN5bmM6Ly9ycGtpLmFrcm4ubmV0L3JlcG8vQUtSTi8wLzBaBggrBgEF
BQcwCoZOcnN5bmM6Ly9ycGtpLmFrcm4ubmV0L3JlcG8vQUtSTi8wLzkwODg0QTNG
NTdBQzQ2RkE2M0E3MUJEOTkzRTRFOEFENzg4MTg3QUYubWZ0MDcGCCsGAQUFBzAN
hitodHRwczovL3Jwa2kuYWtybi5uZXQvcnJkcC9ub3RpZmljYXRpb24ueG1sMCQG
CCsGAQUFBwEIAQH/BBUwE6ARMA8CAwCU+AIDAiAjAgMCIdYwLgYIKwYBBQUHAQcB
Af8EHzAdMAwEAgABMAYDBAFnrCgwDQQCAAIwBwMFACQHzcAwDQYJKoZIhvcNAQEL
BQADggEBAE0eVcG2oo6oOfdEh45u1Cb8KOGXWCT2FH9O2AYa4dtHf5sBIfWNyPAF
ORrfzKM3C2ECltI3lUIKYFDqr1nO/eNYLMeNwnn0RHTcC89+8o/O9Ktfgt+R1DxI
AkmF2LP02ZnLEbOveMt6Oz4W0c4eAawyfTwlGUJy3+FOpTptBVH1Q09KknL3DSU/
rmkYUxpVX/ynxqPgkQFv/71T5ZXh2h/XlDr29U/46YQl2jgQ4Pao2dDwvPOM2gU/
p8utYXohmXdYgfZn0X8IOL6HbVlVEk0B1Ecq0JGBWtMpJApmfIM7f5eyrsYXnfwU
XYn9ySKZM0hsH44GQaJHHttxM6qKumA=
-----END CERTIFICATE-----
Generated at Thu Mar 28 21:37:33 2024 by rpki-client on console-ams.rpki-client.org