Certificate

$ rpki-client -vvf rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/q9Q1SGWcuydu-NNbghL4OOjOt18.cer
File:                     q9Q1SGWcuydu-NNbghL4OOjOt18.cer (raw, json)
Hash identifier:          JdWFIaQQPBT6Q+i8ZObB2GWkZHBBa7wQq0coeloY6mg=
Subject key identifier:   AB:D4:35:48:65:9C:BB:27:6E:F8:D3:5B:82:12:F8:38:E8:CE:B7:5F
Authority key identifier: 0E:65:A4:F5:FD:36:B5:BD:68:EB:3C:92:34:08:97:8C:90:7A:A7:9F
Certificate issuer:       /CN=A90DC5BE/serialNumber=0E65A4F5FD36B5BD68EB3C923408978C907AA79F
Certificate serial:       01A15F
Authority info access:    rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
Manifest:                 rsync://rpki.apnic.net/member_repository/A9132B1E/8936CC04883211EA84861B70C4F9AE02/q9Q1SGWcuydu-NNbghL4OOjOt18.mft
caRepository:             rsync://rpki.apnic.net/member_repository/A9132B1E/8936CC04883211EA84861B70C4F9AE02/
Notify URL:               https://rrdp.apnic.net/notification.xml
Certificate not before:   Thu 04 May 2023 13:28:30 +0000
Certificate not after:    Mon 01 Jul 2024 00:00:00 +0000
Subordinate resources:    AS: 2706
                          AS: 9381
                          AS: 58441
                          AS: 136501
                          IP: 43.224.4.0/22
                          IP: 43.224.48.0/22
                          IP: 43.224.92.0/22
                          IP: 43.225.8.0/22
                          IP: 43.241.204.0/22
                          IP: 43.248.224.0/22
                          IP: 43.250.56.0/21
                          IP: 43.251.20.0 -- 43.251.27.255
                          IP: 43.251.132.0/22
                          IP: 43.251.140.0/22
                          IP: 43.251.196.0/22
                          IP: 45.120.0.0/22
                          IP: 59.152.192.0/18
                          IP: 101.78.128.0/17
                          IP: 103.6.140.0/22
                          IP: 103.17.72.0/22
                          IP: 103.19.236.0/22
                          IP: 103.26.120.0/22
                          IP: 103.31.16.0/23
                          IP: 103.225.20.0/22
                          IP: 103.226.92.0/22
                          IP: 103.227.192.0/22
                          IP: 103.228.180.0/22
                          IP: 103.232.88.0/22
                          IP: 103.234.140.0/22
                          IP: 103.240.64.0/22
                          IP: 103.241.164.0/22
                          IP: 103.244.156.0/22
                          IP: 103.246.160.0/22
                          IP: 103.247.156.0/22
                          IP: 103.249.32.0/22
                          IP: 103.250.52.0/22
                          IP: 103.252.76.0/22
                          IP: 103.253.8.0/22
                          IP: 103.253.236.0/22
                          IP: 103.253.248.0/22
                          IP: 103.254.116.0/22
                          IP: 115.160.128.0/18
                          IP: 116.92.0.0/24
                          IP: 116.92.2.0/24
                          IP: 116.92.10.0/24
                          IP: 116.92.14.0/24
                          IP: 116.92.128.0 -- 116.92.130.255
                          IP: 116.92.133.0/24
                          IP: 116.92.184.0 -- 116.92.247.255
                          IP: 175.45.0.0/18
                          IP: 202.14.67.0 -- 202.14.68.255
                          IP: 202.64.0.0 -- 202.64.24.255
                          IP: 202.64.26.0 -- 202.64.55.255
                          IP: 202.64.57.0 -- 202.64.62.255
                          IP: 202.64.66.0 -- 202.64.86.255
                          IP: 202.64.88.0 -- 202.64.99.255
                          IP: 202.64.101.0/24
                          IP: 202.64.104.0 -- 202.64.108.255
                          IP: 202.64.112.0 -- 202.64.120.255
                          IP: 202.64.122.0/24
                          IP: 202.64.124.0/22
                          IP: 202.64.129.0 -- 202.64.130.255
                          IP: 202.64.132.0 -- 202.64.136.255
                          IP: 202.64.138.0/24
                          IP: 202.64.140.0 -- 202.64.155.255
                          IP: 202.64.157.0 -- 202.64.173.255
                          IP: 202.64.175.0 -- 202.64.178.255
                          IP: 202.64.180.0 -- 202.64.191.255
                          IP: 202.64.193.0 -- 202.64.209.255
                          IP: 202.64.211.0 -- 202.64.233.255
                          IP: 202.64.235.0 -- 202.64.239.255
                          IP: 202.64.241.0 -- 202.64.255.255
                          IP: 202.69.65.0 -- 202.69.76.255
                          IP: 202.126.208.0/20
                          IP: 202.130.64.0/18
                          IP: 202.131.64.0/20
                          IP: 202.155.192.0/18
                          IP: 203.174.32.0/19
                          IP: 210.5.160.0/19
                          IP: 210.17.128.0 -- 210.17.160.255
                          IP: 210.17.162.0 -- 210.17.221.255
                          IP: 210.17.223.0 -- 210.17.255.255
                          IP: 218.253.64.0 -- 218.253.255.255
                          IP: 218.255.0.0/16
                          IP: 220.232.128.0/22
                          IP: 220.232.136.0 -- 220.232.155.255
                          IP: 220.232.160.0/23
                          IP: 220.232.166.0 -- 220.232.179.255
                          IP: 220.232.184.0 -- 220.232.203.255
                          IP: 220.232.207.0 -- 220.232.210.255
                          IP: 220.232.212.0 -- 220.232.241.255
                          IP: 220.232.244.0 -- 220.232.253.255
                          IP: 220.232.255.0/24
                          IP: 223.255.128.0/18
                          IP: 2407:8000::/31

Validation:               OK
Signature path:           rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 04 Apr 2024 18:03:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 106847 (0x1a15f)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A90DC5BE/serialNumber=0E65A4F5FD36B5BD68EB3C923408978C907AA79F
        Validity
            Not Before: May  4 13:28:30 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=A9132B1E/serialNumber=ABD43548659CBB276EF8D35B8212F838E8CEB75F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:ba:00:4e:9c:d0:67:d9:ed:ec:13:a5:7e:97:
                    84:2f:43:be:97:42:e8:d8:9e:3e:fd:09:c1:33:a8:
                    74:af:90:a2:4b:26:21:35:3a:03:a9:f9:f4:34:b7:
                    53:6c:24:57:ff:3c:71:11:70:6e:78:f1:aa:49:87:
                    67:2a:85:5c:82:b8:44:0e:55:5f:e9:0e:f1:93:be:
                    d3:c2:af:81:cf:0a:14:36:a8:80:f0:1d:c5:ab:de:
                    fc:fd:17:cb:f1:12:38:ea:09:af:ac:e9:12:85:29:
                    e4:1c:76:a3:1b:83:01:d4:c3:ac:0a:be:8b:dd:4f:
                    a8:fa:4a:59:b3:74:d3:be:b5:52:b8:1c:a4:58:e4:
                    c1:43:98:46:0c:ac:ab:54:98:89:66:0d:7f:d9:fb:
                    b2:6a:d1:44:6b:16:5a:72:f9:1d:a6:b4:fd:b2:9f:
                    be:b8:80:4c:54:f3:86:d4:c6:f5:00:fe:d5:32:b9:
                    9a:66:0f:28:be:bc:6b:7a:a1:df:06:0e:aa:7b:80:
                    4d:34:05:f7:e7:36:f7:e3:16:08:b6:2a:11:65:79:
                    d8:31:e7:40:1a:57:0b:ae:b4:72:af:1c:6b:1c:4c:
                    12:0a:20:d7:8d:f7:75:af:f5:03:11:3e:9e:2e:7b:
                    31:80:98:83:0d:5a:64:e1:a0:02:1d:33:d3:10:91:
                    18:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:D4:35:48:65:9C:BB:27:6E:F8:D3:5B:82:12:F8:38:E8:CE:B7:5F
            X509v3 Authority Key Identifier:
                keyid:0E:65:A4:F5:FD:36:B5:BD:68:EB:3C:92:34:08:97:8C:90:7A:A7:9F

            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                CA Repository - URI:rsync://rpki.apnic.net/member_repository/A9132B1E/8936CC04883211EA84861B70C4F9AE02/
                RPKI Manifest - URI:rsync://rpki.apnic.net/member_repository/A9132B1E/8936CC04883211EA84861B70C4F9AE02/q9Q1SGWcuydu-NNbghL4OOjOt18.mft
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  2706
                  9381
                  58441
                  136501

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.224.4.0/22
                  43.224.48.0/22
                  43.224.92.0/22
                  43.225.8.0/22
                  43.241.204.0/22
                  43.248.224.0/22
                  43.250.56.0/21
                  43.251.20.0-43.251.27.255
                  43.251.132.0/22
                  43.251.140.0/22
                  43.251.196.0/22
                  45.120.0.0/22
                  59.152.192.0/18
                  101.78.128.0/17
                  103.6.140.0/22
                  103.17.72.0/22
                  103.19.236.0/22
                  103.26.120.0/22
                  103.31.16.0/23
                  103.225.20.0/22
                  103.226.92.0/22
                  103.227.192.0/22
                  103.228.180.0/22
                  103.232.88.0/22
                  103.234.140.0/22
                  103.240.64.0/22
                  103.241.164.0/22
                  103.244.156.0/22
                  103.246.160.0/22
                  103.247.156.0/22
                  103.249.32.0/22
                  103.250.52.0/22
                  103.252.76.0/22
                  103.253.8.0/22
                  103.253.236.0/22
                  103.253.248.0/22
                  103.254.116.0/22
                  115.160.128.0/18
                  116.92.0.0/24
                  116.92.2.0/24
                  116.92.10.0/24
                  116.92.14.0/24
                  116.92.128.0-116.92.130.255
                  116.92.133.0/24
                  116.92.184.0-116.92.247.255
                  175.45.0.0/18
                  202.14.67.0-202.14.68.255
                  202.64.0.0-202.64.24.255
                  202.64.26.0-202.64.55.255
                  202.64.57.0-202.64.62.255
                  202.64.66.0-202.64.86.255
                  202.64.88.0-202.64.99.255
                  202.64.101.0/24
                  202.64.104.0-202.64.108.255
                  202.64.112.0-202.64.120.255
                  202.64.122.0/24
                  202.64.124.0/22
                  202.64.129.0-202.64.130.255
                  202.64.132.0-202.64.136.255
                  202.64.138.0/24
                  202.64.140.0-202.64.155.255
                  202.64.157.0-202.64.173.255
                  202.64.175.0-202.64.178.255
                  202.64.180.0-202.64.191.255
                  202.64.193.0-202.64.209.255
                  202.64.211.0-202.64.233.255
                  202.64.235.0-202.64.239.255
                  202.64.241.0-202.64.255.255
                  202.69.65.0-202.69.76.255
                  202.126.208.0/20
                  202.130.64.0/18
                  202.131.64.0/20
                  202.155.192.0/18
                  203.174.32.0/19
                  210.5.160.0/19
                  210.17.128.0-210.17.160.255
                  210.17.162.0-210.17.221.255
                  210.17.223.0-210.17.255.255
                  218.253.64.0-218.253.255.255
                  218.255.0.0/16
                  220.232.128.0/22
                  220.232.136.0-220.232.155.255
                  220.232.160.0/23
                  220.232.166.0-220.232.179.255
                  220.232.184.0-220.232.203.255
                  220.232.207.0-220.232.210.255
                  220.232.212.0-220.232.241.255
                  220.232.244.0-220.232.253.255
                  220.232.255.0/24
                  223.255.128.0/18
                IPv6:
                  2407:8000::/31

    Signature Algorithm: sha256WithRSAEncryption
         4d:f7:5a:9a:b6:3f:83:19:c4:76:bd:18:1f:00:9e:1e:d9:5e:
         3d:13:b7:15:1c:f2:aa:a5:26:c6:78:7b:47:e4:c4:ea:bd:93:
         b1:39:fb:c9:ba:f2:fe:19:d8:6a:b8:36:44:17:c2:1a:07:39:
         57:3b:36:fd:66:f4:e4:e5:90:9a:18:bc:0e:53:f8:56:af:9a:
         ac:eb:84:21:85:6e:3b:76:a4:c0:ae:ea:b1:19:3a:07:60:63:
         cb:4a:23:4b:18:8c:f8:cc:aa:c5:32:0e:ad:3d:70:af:5e:f2:
         9c:0b:a1:d9:63:ec:a1:b1:0f:59:87:de:96:91:23:7c:e6:80:
         6b:36:83:1e:4b:2f:fc:fb:fa:fe:4c:ad:ad:dd:5a:48:5f:f6:
         0e:cf:3f:a3:6e:5a:7e:aa:f7:51:ca:4b:8d:bb:a2:70:da:c1:
         d1:dd:f7:1f:3b:b6:2d:e2:af:76:13:40:88:69:c2:08:80:d0:
         c6:dc:73:54:5d:de:f9:3f:3b:36:29:17:ea:71:48:44:6d:4a:
         ed:98:2b:40:0d:ae:7e:9d:fe:95:12:64:26:d2:03:ef:9d:e4:
         2d:a2:5a:28:a1:da:b7:79:0d:72:20:21:88:59:0b:91:f8:2f:
         97:03:c7:c3:38:9a:a5:d4:96:4d:6e:f1:75:5e:ea:de:7c:b3:
         93:70:de:64
-----BEGIN CERTIFICATE-----
MIIJUTCCCDmgAwIBAgIDAaFfMA0GCSqGSIb3DQEBCwUAMEYxETAPBgNVBAMTCEE5
MERDNUJFMTEwLwYDVQQFEygwRTY1QTRGNUZEMzZCNUJENjhFQjNDOTIzNDA4OTc4
QzkwN0FBNzlGMB4XDTIzMDUwNDEzMjgzMFoXDTI0MDcwMTAwMDAwMFowRjERMA8G
A1UEAxMIQTkxMzJCMUUxMTAvBgNVBAUTKEFCRDQzNTQ4NjU5Q0JCMjc2RUY4RDM1
QjgyMTJGODM4RThDRUI3NUYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQC0ugBOnNBn2e3sE6V+l4QvQ76XQujYnj79CcEzqHSvkKJLJiE1OgOp+fQ0t1Ns
JFf/PHERcG548apJh2cqhVyCuEQOVV/pDvGTvtPCr4HPChQ2qIDwHcWr3vz9F8vx
EjjqCa+s6RKFKeQcdqMbgwHUw6wKvovdT6j6SlmzdNO+tVK4HKRY5MFDmEYMrKtU
mIlmDX/Z+7Jq0URrFlpy+R2mtP2yn764gExU84bUxvUA/tUyuZpmDyi+vGt6od8G
Dqp7gE00BffnNvfjFgi2KhFledgx50AaVwuutHKvHGscTBIKINeN93Wv9QMRPp4u
ezGAmIMNWmThoAIdM9MQkRhxAgMBAAGjggZGMIIGQjAdBgNVHQ4EFgQUq9Q1SGWc
uydu+NNbghL4OOjOt18wHwYDVR0jBBgwFoAUDmWk9f02tb1o6zySNAiXjJB6p58w
DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wcwYDVR0fBGwwajBooGag
ZIZicnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2
NjExRTJCQjQ2OEY3QzcyRkQxRkYyL0RtV2s5ZjAydGIxbzZ6eVNOQWlYakpCNnA1
OC5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvOTgwNjUyRTBCNzdFMTFFN0E5NkEzOTUyMUE0
RjRGQjQvRG1XazlmMDJ0YjFvNnp5U05BaVhqSkI2cDU4LmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwggEoBggrBgEFBQcBCwSCARowggEWMF8GCCsGAQUF
BzAFhlNyc3luYzovL3Jwa2kuYXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5
MTMyQjFFLzg5MzZDQzA0ODgzMjExRUE4NDg2MUI3MEM0RjlBRTAyLzB+BggrBgEF
BQcwCoZycnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9B
OTEzMkIxRS84OTM2Q0MwNDg4MzIxMUVBODQ4NjFCNzBDNEY5QUUwMi9xOVExU0dX
Y3V5ZHUtTk5iZ2hMNE9Pak90MTgubWZ0MDMGCCsGAQUFBzANhidodHRwczovL3Jy
ZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwJwYIKwYBBQUHAQgBAf8EGDAW
oBQwEgICCpICAiSlAgMA5EkCAwIVNTCCA0cGCCsGAQUFBwEHAQH/BIIDNjCCAzIw
ggMfBAIAATCCAxcDBAIr4AQDBAIr4DADBAIr4FwDBAIr4QgDBAIr8cwDBAIr+OAD
BAMr+jgwDAMEAiv7FAMEAiv7GAMEAiv7hAMEAiv7jAMEAiv7xAMEAi14AAMEBjuY
wAMEB2VOgAMEAmcGjAMEAmcRSAMEAmcT7AMEAmcaeAMEAWcfEAMEAmfhFAMEAmfi
XAMEAmfjwAMEAmfktAMEAmfoWAMEAmfqjAMEAmfwQAMEAmfxpAMEAmf0nAMEAmf2
oAMEAmf3nAMEAmf5IAMEAmf6NAMEAmf8TAMEAmf9CAMEAmf97AMEAmf9+AMEAmf+
dAMEBnOggAMEAHRcAAMEAHRcAgMEAHRcCgMEAHRcDjAMAwQHdFyAAwQAdFyCAwQA
dFyFMAwDBAN0XLgDBAN0XPADBAavLQAwDAMEAMoOQwMEAMoORDALAwMGykADBADK
QBgwDAMEAcpAGgMEA8pAMDAMAwQAykA5AwQAykA+MAwDBAHKQEIDBADKQFYwDAME
A8pAWAMEAspAYAMEAMpAZTAMAwQDykBoAwQAykBsMAwDBATKQHADBADKQHgDBADK
QHoDBALKQHwwDAMEAMpAgQMEAMpAgjAMAwQCykCEAwQAykCIAwQAykCKMAwDBALK
QIwDBALKQJgwDAMEAMpAnQMEAcpArDAMAwQAykCvAwQAykCyMAwDBALKQLQDBAbK
QIAwDAMEAMpAwQMEAcpA0DAMAwQAykDTAwQBykDoMAwDBADKQOsDBATKQOAwCwME
AMpA8QMDAMpAMAwDBADKRUEDBADKRUwDBATKftADBAbKgkADBATKg0ADBAbKm8AD
BAXLriADBAXSBaAwDAMEB9IRgAMEANIRoDAMAwQB0hGiAwQB0hHcMAsDBADSEd8D
AwHSEDALAwQG2v1AAwMB2vwDAwDa/wMEAtzogDAMAwQD3OiIAwQC3OiYAwQB3Oig
MAwDBAHc6KYDBALc6LAwDAMEA9zouAMEAtzoyDAMAwQA3OjPAwQA3OjSMAwDBALc
6NQDBAHc6PAwDAMEAtzo9AMEAdzo/AMEANzo/wMEBt//gDANBAIAAjAHAwUBJAeA
ADANBgkqhkiG9w0BAQsFAAOCAQEATfdamrY/gxnEdr0YHwCeHtlePRO3FRzyqqUm
xnh7R+TE6r2TsTn7ybry/hnYarg2RBfCGgc5Vzs2/Wb05OWQmhi8DlP4Vq+arOuE
IYVuO3akwK7qsRk6B2Bjy0ojSxiM+MyqxTIOrT1wr17ynAuh2WPsobEPWYfelpEj
fOaAazaDHksv/Pv6/kytrd1aSF/2Ds8/o25afqr3UcpLjbuicNrB0d33Hzu2LeKv
dhNAiGnCCIDQxtxzVF3e+T87NikX6nFIRG1K7ZgrQA2ufp3+lRJkJtID753kLaJa
KKHat3kNciAhiFkLkfgvlwPHwziapdSWTW7xdV7q3nyzk3DeZA==
-----END CERTIFICATE-----
Generated at Thu Mar 28 18:55:26 2024 by rpki-client on console-ams.rpki-client.org