Certificate

$ rpki-client -vvf rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/rg8OntSmcG6S4Qt4m6wsYlpWUVY.cer
File:                     rg8OntSmcG6S4Qt4m6wsYlpWUVY.cer (raw, json)
Hash identifier:          hQYMtmNWNP/cf7dcmhWqklxU1iGZkiZkS16lNivVmsU=
Subject key identifier:   AE:0F:0E:9E:D4:A6:70:6E:92:E1:0B:78:9B:AC:2C:62:5A:56:51:56
Authority key identifier: 0E:65:A4:F5:FD:36:B5:BD:68:EB:3C:92:34:08:97:8C:90:7A:A7:9F
Certificate issuer:       /CN=A90DC5BE/serialNumber=0E65A4F5FD36B5BD68EB3C923408978C907AA79F
Certificate serial:       01C790
Authority info access:    rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
Manifest:                 rsync://rpki.apnic.net/member_repository/A917138D/4F6E9318F3ED11EAA4A1D64DC4F9AE02/rg8OntSmcG6S4Qt4m6wsYlpWUVY.mft
caRepository:             rsync://rpki.apnic.net/member_repository/A917138D/4F6E9318F3ED11EAA4A1D64DC4F9AE02/
Notify URL:               https://rrdp.apnic.net/notification.xml
Certificate not before:   Tue 31 Oct 2023 20:15:30 +0000
Certificate not after:    Mon 30 Dec 2024 00:00:00 +0000
Subordinate resources:    AS: 17458
                          IP: 202.44.112.0/22
                          IP: 203.83.48.0/21
                          IP: 2401:a440::/32

Validation:               OK
Signature path:           rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 04 Apr 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 116624 (0x1c790)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A90DC5BE/serialNumber=0E65A4F5FD36B5BD68EB3C923408978C907AA79F
        Validity
            Not Before: Oct 31 20:15:30 2023 GMT
            Not After : Dec 30 00:00:00 2024 GMT
        Subject: CN=A917138D/serialNumber=AE0F0E9ED4A6706E92E10B789BAC2C625A565156
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:aa:3d:3e:0c:3e:95:af:f9:04:d5:7e:a2:f6:
                    92:fc:17:ae:62:8f:ea:45:92:58:f1:3b:f2:2d:5c:
                    a8:c4:a0:e8:31:5e:5e:d1:ae:6e:ca:b7:bd:48:86:
                    a4:26:2d:96:d8:43:3b:82:7d:23:62:6c:a0:5f:03:
                    ae:bf:ff:4c:2c:6c:9c:ff:f8:c9:f4:bf:8e:d6:a5:
                    1c:a7:15:4b:73:c8:1e:d3:a2:24:ac:c8:e7:b5:21:
                    1b:fc:97:4d:66:ee:00:a0:e8:11:59:ab:f5:84:f2:
                    de:58:51:64:57:af:68:53:95:5c:6b:be:26:f2:51:
                    2a:cd:30:18:81:6b:c2:de:e1:76:f5:05:7b:d1:07:
                    e4:ed:9f:fa:e2:44:1f:7e:dd:57:a3:fc:7b:3b:f3:
                    29:fb:8b:80:81:d7:8b:39:6e:19:35:d8:d7:2d:4d:
                    05:c9:c8:99:62:2f:e1:a6:e3:ab:cd:b9:02:77:33:
                    21:7e:cd:1f:3f:6e:06:47:98:49:bf:32:98:d0:33:
                    22:83:f0:ab:f3:59:7a:e4:19:c3:f1:14:47:9f:08:
                    cd:5a:05:7a:78:b6:a9:1c:ec:63:24:4b:18:9b:83:
                    86:f8:6a:15:fb:40:23:70:f7:c6:2f:90:a6:5d:7e:
                    96:60:b0:3e:20:34:85:0a:eb:9c:49:e4:94:aa:f3:
                    ae:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:0F:0E:9E:D4:A6:70:6E:92:E1:0B:78:9B:AC:2C:62:5A:56:51:56
            X509v3 Authority Key Identifier:
                keyid:0E:65:A4:F5:FD:36:B5:BD:68:EB:3C:92:34:08:97:8C:90:7A:A7:9F

            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                CA Repository - URI:rsync://rpki.apnic.net/member_repository/A917138D/4F6E9318F3ED11EAA4A1D64DC4F9AE02/
                RPKI Manifest - URI:rsync://rpki.apnic.net/member_repository/A917138D/4F6E9318F3ED11EAA4A1D64DC4F9AE02/rg8OntSmcG6S4Qt4m6wsYlpWUVY.mft
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  17458

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.44.112.0/22
                  203.83.48.0/21
                IPv6:
                  2401:a440::/32

    Signature Algorithm: sha256WithRSAEncryption
         15:d1:45:d8:eb:bd:b9:f4:ee:e7:f8:72:b1:83:47:9a:a7:7a:
         86:4b:c5:5c:a6:33:b1:dd:45:7e:ad:fd:b8:f8:42:32:87:20:
         79:b4:6e:2b:1c:27:9d:a5:8c:0b:ca:86:10:bd:3b:cc:74:36:
         42:e7:09:e5:17:ac:72:18:f1:dd:5b:dc:37:c2:0e:c2:00:bb:
         9d:a9:71:7d:f4:9b:4a:4c:d9:05:4e:3d:ab:0e:76:0b:5e:c6:
         96:93:f7:c1:3b:a2:91:07:61:9b:c9:52:bb:e9:e3:00:ba:73:
         fd:be:d0:d4:82:eb:8d:69:cc:c6:90:fb:4f:e2:81:42:dd:0c:
         5a:d3:06:d0:20:2e:6a:88:e8:6e:0d:d9:45:34:dc:b8:6a:a6:
         f0:e1:6e:ec:ce:e1:41:2d:9f:c7:eb:0f:54:c1:a9:ae:46:10:
         eb:b5:71:87:69:7c:71:3c:f4:73:70:b0:34:5d:dd:14:9b:ef:
         08:de:0f:f9:28:b5:8d:99:66:e7:dd:f8:1c:bf:00:a3:ac:c5:
         49:d0:d3:01:1e:22:1c:77:44:e6:37:67:1d:62:3e:1e:0a:d2:
         4e:a1:cb:de:15:8b:4a:77:49:4b:cd:00:ee:90:ee:0a:51:51:
         5c:5b:9c:80:c5:cb:70:56:26:ba:cf:3b:f0:11:a7:72:92:da:
         5a:8a:c2:78
-----BEGIN CERTIFICATE-----
MIIGLjCCBRagAwIBAgIDAceQMA0GCSqGSIb3DQEBCwUAMEYxETAPBgNVBAMTCEE5
MERDNUJFMTEwLwYDVQQFEygwRTY1QTRGNUZEMzZCNUJENjhFQjNDOTIzNDA4OTc4
QzkwN0FBNzlGMB4XDTIzMTAzMTIwMTUzMFoXDTI0MTIzMDAwMDAwMFowRjERMA8G
A1UEAxMIQTkxNzEzOEQxMTAvBgNVBAUTKEFFMEYwRTlFRDRBNjcwNkU5MkUxMEI3
ODlCQUMyQzYyNUE1NjUxNTYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDPqj0+DD6Vr/kE1X6i9pL8F65ij+pFkljxO/ItXKjEoOgxXl7Rrm7Kt71IhqQm
LZbYQzuCfSNibKBfA66//0wsbJz/+Mn0v47WpRynFUtzyB7ToiSsyOe1IRv8l01m
7gCg6BFZq/WE8t5YUWRXr2hTlVxrvibyUSrNMBiBa8Le4Xb1BXvRB+Ttn/riRB9+
3Vej/Hs78yn7i4CB14s5bhk12NctTQXJyJliL+Gm46vNuQJ3MyF+zR8/bgZHmEm/
MpjQMyKD8KvzWXrkGcPxFEefCM1aBXp4tqkc7GMkSxibg4b4ahX7QCNw98YvkKZd
fpZgsD4gNIUK65xJ5JSq865zAgMBAAGjggMjMIIDHzAdBgNVHQ4EFgQUrg8OntSm
cG6S4Qt4m6wsYlpWUVYwHwYDVR0jBBgwFoAUDmWk9f02tb1o6zySNAiXjJB6p58w
DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wcwYDVR0fBGwwajBooGag
ZIZicnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2
NjExRTJCQjQ2OEY3QzcyRkQxRkYyL0RtV2s5ZjAydGIxbzZ6eVNOQWlYakpCNnA1
OC5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvOTgwNjUyRTBCNzdFMTFFN0E5NkEzOTUyMUE0
RjRGQjQvRG1XazlmMDJ0YjFvNnp5U05BaVhqSkI2cDU4LmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwggEoBggrBgEFBQcBCwSCARowggEWMF8GCCsGAQUF
BzAFhlNyc3luYzovL3Jwa2kuYXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5
MTcxMzhELzRGNkU5MzE4RjNFRDExRUFBNEExRDY0REM0RjlBRTAyLzB+BggrBgEF
BQcwCoZycnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9B
OTE3MTM4RC80RjZFOTMxOEYzRUQxMUVBQTRBMUQ2NERDNEY5QUUwMi9yZzhPbnRT
bWNHNlM0UXQ0bTZ3c1lscFdVVlkubWZ0MDMGCCsGAQUFBzANhidodHRwczovL3Jy
ZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwGQYIKwYBBQUHAQgBAf8ECjAI
oAYwBAICRDIwNAYIKwYBBQUHAQcBAf8EJTAjMBIEAgABMAwDBALKLHADBAPLUzAw
DQQCAAIwBwMFACQBpEAwDQYJKoZIhvcNAQELBQADggEBABXRRdjrvbn07uf4crGD
R5qneoZLxVymM7HdRX6t/bj4QjKHIHm0biscJ52ljAvKhhC9O8x0NkLnCeUXrHIY
8d1b3DfCDsIAu52pcX30m0pM2QVOPasOdgtexpaT98E7opEHYZvJUrvp4wC6c/2+
0NSC641pzMaQ+0/igULdDFrTBtAgLmqI6G4N2UU03LhqpvDhbuzO4UEtn8frD1TB
qa5GEOu1cYdpfHE89HNwsDRd3RSb7wjeD/kotY2ZZufd+By/AKOsxUnQ0wEeIhx3
ROY3Zx1iPh4K0k6hy94Vi0p3SUvNAO6Q7gpRUVxbnIDFy3BWJrrPO/ARp3KS2lqK
wng=
-----END CERTIFICATE-----
Generated at Fri Mar 29 00:01:01 2024 by rpki-client on console-fra.rpki-client.org