Certificate

$ rpki-client -vvf rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/vRa1ZDKuX0MCXE2hE0U39wTrQJY.cer
File:                     vRa1ZDKuX0MCXE2hE0U39wTrQJY.cer (raw, json)
Hash identifier:          IlmOqIWcG8dIxQBbg+7+14w3tKQqcS0Wjwbs6qOHzKo=
Subject key identifier:   BD:16:B5:64:32:AE:5F:43:02:5C:4D:A1:13:45:37:F7:04:EB:40:96
Authority key identifier: 0E:65:A4:F5:FD:36:B5:BD:68:EB:3C:92:34:08:97:8C:90:7A:A7:9F
Certificate issuer:       /CN=A90DC5BE/serialNumber=0E65A4F5FD36B5BD68EB3C923408978C907AA79F
Certificate serial:       01DEF5
Authority info access:    rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
Manifest:                 rsync://rpki.apnic.net/member_repository/A91FEB89/96D3BA5C24ED11EDB8676118C4F9AE02/vRa1ZDKuX0MCXE2hE0U39wTrQJY.mft
caRepository:             rsync://rpki.apnic.net/member_repository/A91FEB89/96D3BA5C24ED11EDB8676118C4F9AE02/
Notify URL:               https://rrdp.apnic.net/notification.xml
Certificate not before:   Wed 14 Feb 2024 22:21:48 +0000
Certificate not after:    Thu 01 May 2025 00:00:00 +0000
Subordinate resources:    AS: 38063
                          AS: 136244
                          IP: 103.84.176.0/23
                          IP: 2001:df0:bf00::/48

Validation:               OK
Signature path:           rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 04 Apr 2024 18:26:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 122613 (0x1def5)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A90DC5BE/serialNumber=0E65A4F5FD36B5BD68EB3C923408978C907AA79F
        Validity
            Not Before: Feb 14 22:21:48 2024 GMT
            Not After : May  1 00:00:00 2025 GMT
        Subject: CN=A91FEB89/serialNumber=BD16B56432AE5F43025C4DA1134537F704EB4096
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:1c:0a:9f:fd:64:da:b7:91:ee:39:b3:a3:b0:
                    5d:a4:66:c9:79:0d:f8:90:36:b5:76:7a:8d:99:96:
                    85:d2:79:2b:e8:22:dc:85:5d:10:bb:bd:e1:19:21:
                    3e:00:a5:56:b4:07:9b:c5:72:60:6e:59:a7:a8:85:
                    b8:a3:63:91:e4:e0:98:7e:88:38:55:ea:37:21:70:
                    4c:17:4c:e6:4b:25:b6:e1:b3:ce:06:07:6f:02:d2:
                    8b:f6:29:70:0a:5d:74:16:f4:26:51:34:e5:3a:47:
                    3a:29:62:a9:3f:03:30:aa:b2:9a:d1:1d:63:38:3a:
                    d7:96:3c:4a:d9:a6:a1:5c:5d:78:23:bd:5c:b3:40:
                    25:74:a5:ac:ba:98:75:05:f2:81:85:d8:44:bc:d4:
                    2b:95:2c:a7:77:2a:9b:a5:ed:07:a5:df:b8:bb:4c:
                    37:9d:a9:76:ce:56:ac:b0:ef:0d:55:72:4c:89:39:
                    65:21:85:73:93:d0:c6:55:90:8c:46:ae:15:c4:81:
                    c1:e6:67:02:36:4b:c3:a4:8d:bf:08:8b:ae:48:a2:
                    1e:e7:8b:6f:b1:45:5a:90:d7:50:18:db:cd:12:6d:
                    a4:dc:5f:56:bf:98:e5:8f:44:db:a6:3b:71:5d:74:
                    68:c6:8d:24:2e:da:89:35:c6:c6:f3:ea:40:24:9d:
                    5b:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:16:B5:64:32:AE:5F:43:02:5C:4D:A1:13:45:37:F7:04:EB:40:96
            X509v3 Authority Key Identifier:
                keyid:0E:65:A4:F5:FD:36:B5:BD:68:EB:3C:92:34:08:97:8C:90:7A:A7:9F

            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                CA Repository - URI:rsync://rpki.apnic.net/member_repository/A91FEB89/96D3BA5C24ED11EDB8676118C4F9AE02/
                RPKI Manifest - URI:rsync://rpki.apnic.net/member_repository/A91FEB89/96D3BA5C24ED11EDB8676118C4F9AE02/vRa1ZDKuX0MCXE2hE0U39wTrQJY.mft
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  38063
                  136244

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.84.176.0/23
                IPv6:
                  2001:df0:bf00::/48

    Signature Algorithm: sha256WithRSAEncryption
         20:99:6c:03:3a:3a:79:ca:19:e9:d0:cb:bf:e8:e6:3a:ba:dc:
         bb:f0:4d:4f:59:6b:23:96:e9:19:8a:cf:8a:ad:6e:bd:dc:9d:
         73:ab:bc:02:f9:5a:85:d7:ea:e2:3a:39:ad:26:ff:ff:c1:62:
         1d:18:cb:49:9a:da:1d:79:aa:5f:c8:87:fb:05:9f:de:33:20:
         bb:0f:29:b3:c9:e2:a7:87:59:41:81:55:e7:03:e2:75:5c:aa:
         ef:73:66:b0:f0:32:00:bc:a8:cd:9b:11:53:08:55:f6:b8:02:
         72:86:93:5e:21:e8:dd:1b:4d:e6:5b:81:0b:df:a4:c7:01:cf:
         1e:d7:59:81:fb:52:b0:38:be:af:57:01:75:ef:5f:15:d2:2b:
         5e:5c:72:ed:ab:41:f6:cb:c9:8d:2b:0e:cf:01:9d:cf:a1:b2:
         4f:73:3e:1d:0b:27:0d:30:84:1c:bc:67:6d:f2:a0:10:2a:66:
         66:41:81:3c:5f:d5:bf:96:76:b2:b5:67:2a:ce:31:ed:1b:e6:
         c8:4b:3d:3d:ee:8b:e8:36:3f:39:e0:ef:b5:14:95:9d:71:e7:
         89:b9:ad:ae:ff:65:f1:d8:f3:e0:02:16:71:c2:41:d4:fb:35:
         9e:9b:97:4b:ac:e3:bb:8a:83:5a:b5:28:17:37:f9:eb:ae:73:
         6d:9b:3f:ec
-----BEGIN CERTIFICATE-----
MIIGMDCCBRigAwIBAgIDAd71MA0GCSqGSIb3DQEBCwUAMEYxETAPBgNVBAMTCEE5
MERDNUJFMTEwLwYDVQQFEygwRTY1QTRGNUZEMzZCNUJENjhFQjNDOTIzNDA4OTc4
QzkwN0FBNzlGMB4XDTI0MDIxNDIyMjE0OFoXDTI1MDUwMTAwMDAwMFowRjERMA8G
A1UEAxMIQTkxRkVCODkxMTAvBgNVBAUTKEJEMTZCNTY0MzJBRTVGNDMwMjVDNERB
MTEzNDUzN0Y3MDRFQjQwOTYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDfHAqf/WTat5HuObOjsF2kZsl5DfiQNrV2eo2ZloXSeSvoItyFXRC7veEZIT4A
pVa0B5vFcmBuWaeohbijY5Hk4Jh+iDhV6jchcEwXTOZLJbbhs84GB28C0ov2KXAK
XXQW9CZRNOU6RzopYqk/AzCqsprRHWM4OteWPErZpqFcXXgjvVyzQCV0pay6mHUF
8oGF2ES81CuVLKd3Kpul7Qel37i7TDedqXbOVqyw7w1VckyJOWUhhXOT0MZVkIxG
rhXEgcHmZwI2S8Okjb8Ii65Ioh7ni2+xRVqQ11AY280SbaTcX1a/mOWPRNumO3Fd
dGjGjSQu2ok1xsbz6kAknVspAgMBAAGjggMlMIIDITAdBgNVHQ4EFgQUvRa1ZDKu
X0MCXE2hE0U39wTrQJYwHwYDVR0jBBgwFoAUDmWk9f02tb1o6zySNAiXjJB6p58w
DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wcwYDVR0fBGwwajBooGag
ZIZicnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2
NjExRTJCQjQ2OEY3QzcyRkQxRkYyL0RtV2s5ZjAydGIxbzZ6eVNOQWlYakpCNnA1
OC5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvOTgwNjUyRTBCNzdFMTFFN0E5NkEzOTUyMUE0
RjRGQjQvRG1XazlmMDJ0YjFvNnp5U05BaVhqSkI2cDU4LmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwggEoBggrBgEFBQcBCwSCARowggEWMF8GCCsGAQUF
BzAFhlNyc3luYzovL3Jwa2kuYXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5
MUZFQjg5Lzk2RDNCQTVDMjRFRDExRURCODY3NjExOEM0RjlBRTAyLzB+BggrBgEF
BQcwCoZycnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9B
OTFGRUI4OS85NkQzQkE1QzI0RUQxMUVEQjg2NzYxMThDNEY5QUUwMi92UmExWkRL
dVgwTUNYRTJoRTBVMzl3VHJRSlkubWZ0MDMGCCsGAQUFBzANhidodHRwczovL3Jy
ZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQgBAf8EEDAO
oAwwCgIDAJSvAgMCFDQwMAYIKwYBBQUHAQcBAf8EITAfMAwEAgABMAYDBAFnVLAw
DwQCAAIwCQMHACABDfC/ADANBgkqhkiG9w0BAQsFAAOCAQEAIJlsAzo6ecoZ6dDL
v+jmOrrcu/BNT1lrI5bpGYrPiq1uvdydc6u8Avlahdfq4jo5rSb//8FiHRjLSZra
HXmqX8iH+wWf3jMguw8ps8nip4dZQYFV5wPidVyq73NmsPAyALyozZsRUwhV9rgC
coaTXiHo3RtN5luBC9+kxwHPHtdZgftSsDi+r1cBde9fFdIrXlxy7atB9svJjSsO
zwGdz6GyT3M+HQsnDTCEHLxnbfKgECpmZkGBPF/Vv5Z2srVnKs4x7RvmyEs9Pe6L
6DY/OeDvtRSVnXHnibmtrv9l8djz4AIWccJB1Ps1npuXS6zju4qDWrUoFzf5665z
bZs/7A==
-----END CERTIFICATE-----
Generated at Thu Mar 28 19:45:15 2024 by rpki-client on console-fra.rpki-client.org