Certificate

$ rpki-client -vvf rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/xOTw2gEK9YY3zFlihHHpmLckPFI.cer
File:                     xOTw2gEK9YY3zFlihHHpmLckPFI.cer (raw, json)
Hash identifier:          sscc6K64NxM8tASNzAN6uTm3JHym3OMWEzWOkEjsEmY=
Subject key identifier:   C4:E4:F0:DA:01:0A:F5:86:37:CC:59:62:84:71:E9:98:B7:24:3C:52
Authority key identifier: 0E:65:A4:F5:FD:36:B5:BD:68:EB:3C:92:34:08:97:8C:90:7A:A7:9F
Certificate issuer:       /CN=A90DC5BE/serialNumber=0E65A4F5FD36B5BD68EB3C923408978C907AA79F
Certificate serial:       01D6A1
Authority info access:    rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
Manifest:                 rsync://rpki.apnic.net/member_repository/A91D83D0/0A16208AAFBC11EAA961CB86C4F9AE02/xOTw2gEK9YY3zFlihHHpmLckPFI.mft
caRepository:             rsync://rpki.apnic.net/member_repository/A91D83D0/0A16208AAFBC11EAA961CB86C4F9AE02/
Notify URL:               https://rrdp.apnic.net/notification.xml
Certificate not before:   Thu 04 Jan 2024 04:08:59 +0000
Certificate not after:    Wed 29 May 2024 00:00:00 +0000
Subordinate resources:    AS: 133882
                          IP: 43.255.152.0/22
                          IP: 103.1.172.0/22
                          IP: 103.35.91.0/24
                          IP: 103.44.220.0/24
                          IP: 103.87.189.0 -- 103.87.191.255
                          IP: 118.139.160.0/19
                          IP: 182.50.128.0/19
                          IP: 202.3.13.0/24
                          IP: 203.124.96.0/19
                          IP: 2001:df1:9c00::/48
                          IP: 2403:bc80::/32
                          IP: 2407:1c00::/32

Validation:               OK
Signature path:           rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 05 Apr 2024 04:49:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 120481 (0x1d6a1)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A90DC5BE/serialNumber=0E65A4F5FD36B5BD68EB3C923408978C907AA79F
        Validity
            Not Before: Jan  4 04:08:59 2024 GMT
            Not After : May 29 00:00:00 2024 GMT
        Subject: CN=A91D83D0/serialNumber=C4E4F0DA010AF58637CC59628471E998B7243C52
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:2b:d2:ef:73:ca:0c:40:cd:a1:fa:21:fc:cd:
                    47:2f:e3:67:3c:ac:f4:f7:c9:f2:62:10:d8:bc:24:
                    bc:07:84:e5:1a:3b:cd:b7:80:67:78:20:96:59:11:
                    a2:ae:1e:8f:8a:d9:ba:7f:e1:81:d6:e4:ab:c5:ce:
                    dd:b5:bf:09:64:d2:6b:0d:22:d1:74:66:59:2f:30:
                    46:70:f5:ab:91:76:4f:9c:e0:49:21:58:3c:55:aa:
                    3e:28:1a:9b:60:93:2f:79:8a:cf:44:ad:e9:b8:95:
                    41:22:1f:d6:bb:00:59:ae:d3:d5:72:0c:a9:0c:e0:
                    0c:3b:fc:72:9e:07:8f:31:41:a6:20:d2:f6:01:64:
                    07:5c:a9:be:0e:e9:30:d5:9d:20:2a:03:60:89:3b:
                    6c:55:5c:b1:49:61:c1:a3:b6:9d:b5:90:a7:9e:03:
                    dc:d7:1d:77:24:4c:72:15:b9:59:bc:6d:56:2a:80:
                    5a:b6:4d:7a:c6:13:78:65:5d:a5:a1:fa:53:c4:b4:
                    39:16:bd:20:2b:f8:1a:f3:40:f8:1e:f2:b5:ef:8c:
                    00:12:a5:ad:bc:0f:69:18:45:58:ba:97:27:ff:ef:
                    82:9e:5f:e1:4b:e7:50:70:71:d4:c4:b8:bd:0b:5f:
                    5a:f1:08:20:86:8c:9d:ae:5f:fd:d3:e0:7c:61:39:
                    83:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:E4:F0:DA:01:0A:F5:86:37:CC:59:62:84:71:E9:98:B7:24:3C:52
            X509v3 Authority Key Identifier:
                keyid:0E:65:A4:F5:FD:36:B5:BD:68:EB:3C:92:34:08:97:8C:90:7A:A7:9F

            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                CA Repository - URI:rsync://rpki.apnic.net/member_repository/A91D83D0/0A16208AAFBC11EAA961CB86C4F9AE02/
                RPKI Manifest - URI:rsync://rpki.apnic.net/member_repository/A91D83D0/0A16208AAFBC11EAA961CB86C4F9AE02/xOTw2gEK9YY3zFlihHHpmLckPFI.mft
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  133882

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.255.152.0/22
                  103.1.172.0/22
                  103.35.91.0/24
                  103.44.220.0/24
                  103.87.189.0-103.87.191.255
                  118.139.160.0/19
                  182.50.128.0/19
                  202.3.13.0/24
                  203.124.96.0/19
                IPv6:
                  2001:df1:9c00::/48
                  2403:bc80::/32
                  2407:1c00::/32

    Signature Algorithm: sha256WithRSAEncryption
         43:96:7a:eb:3b:29:41:c8:67:8d:3d:67:88:48:f7:c8:11:ac:
         24:21:f3:7a:4b:16:8f:96:69:00:c8:a3:25:9c:01:d9:d7:60:
         65:56:bc:54:e4:6e:c4:7b:d3:6f:70:9e:ea:4b:69:96:49:62:
         ba:1e:bb:e5:a1:d2:d0:6e:74:b6:a8:61:ea:78:bc:5a:0f:66:
         a5:83:89:6a:15:8c:ad:e6:fb:0b:20:bb:63:5c:33:e5:aa:a9:
         5f:e4:96:1b:9e:64:ac:12:9c:c0:e5:3a:f3:f7:77:9c:ce:cc:
         dc:5f:58:6f:4e:b6:05:db:c8:09:c8:92:c6:d1:5c:66:e7:ae:
         3f:5c:29:89:e3:7d:dc:d9:89:a9:92:3c:41:d3:95:65:f7:5c:
         07:ab:cc:99:34:12:da:89:c0:50:03:27:5b:25:f0:ef:a0:56:
         c2:84:b0:4f:12:07:12:ec:4e:d6:28:76:63:b2:00:e6:c6:4e:
         3e:b9:0a:c8:fd:0a:f0:11:9b:cf:fe:ba:cc:0e:a1:3b:0a:23:
         3a:32:e2:4c:97:32:50:22:49:32:b0:29:6a:78:32:34:d9:d9:
         4c:e4:0f:fb:e9:c7:97:ba:95:d5:87:4a:71:ca:8f:9a:2b:af:
         84:ca:54:c0:c1:b3:39:69:1b:c8:82:9d:5b:60:bf:78:0d:d0:
         1e:0d:57:1b
-----BEGIN CERTIFICATE-----
MIIGcTCCBVmgAwIBAgIDAdahMA0GCSqGSIb3DQEBCwUAMEYxETAPBgNVBAMTCEE5
MERDNUJFMTEwLwYDVQQFEygwRTY1QTRGNUZEMzZCNUJENjhFQjNDOTIzNDA4OTc4
QzkwN0FBNzlGMB4XDTI0MDEwNDA0MDg1OVoXDTI0MDUyOTAwMDAwMFowRjERMA8G
A1UEAxMIQTkxRDgzRDAxMTAvBgNVBAUTKEM0RTRGMERBMDEwQUY1ODYzN0NDNTk2
Mjg0NzFFOTk4QjcyNDNDNTIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDCK9Lvc8oMQM2h+iH8zUcv42c8rPT3yfJiENi8JLwHhOUaO823gGd4IJZZEaKu
Ho+K2bp/4YHW5KvFzt21vwlk0msNItF0ZlkvMEZw9auRdk+c4EkhWDxVqj4oGptg
ky95is9Erem4lUEiH9a7AFmu09VyDKkM4Aw7/HKeB48xQaYg0vYBZAdcqb4O6TDV
nSAqA2CJO2xVXLFJYcGjtp21kKeeA9zXHXckTHIVuVm8bVYqgFq2TXrGE3hlXaWh
+lPEtDkWvSAr+BrzQPge8rXvjAASpa28D2kYRVi6lyf/74KeX+FL51BwcdTEuL0L
X1rxCCCGjJ2uX/3T4HxhOYOpAgMBAAGjggNmMIIDYjAdBgNVHQ4EFgQUxOTw2gEK
9YY3zFlihHHpmLckPFIwHwYDVR0jBBgwFoAUDmWk9f02tb1o6zySNAiXjJB6p58w
DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wcwYDVR0fBGwwajBooGag
ZIZicnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2
NjExRTJCQjQ2OEY3QzcyRkQxRkYyL0RtV2s5ZjAydGIxbzZ6eVNOQWlYakpCNnA1
OC5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvOTgwNjUyRTBCNzdFMTFFN0E5NkEzOTUyMUE0
RjRGQjQvRG1XazlmMDJ0YjFvNnp5U05BaVhqSkI2cDU4LmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwggEoBggrBgEFBQcBCwSCARowggEWMF8GCCsGAQUF
BzAFhlNyc3luYzovL3Jwa2kuYXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5
MUQ4M0QwLzBBMTYyMDhBQUZCQzExRUFBOTYxQ0I4NkM0RjlBRTAyLzB+BggrBgEF
BQcwCoZycnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9B
OTFEODNEMC8wQTE2MjA4QUFGQkMxMUVBQTk2MUNCODZDNEY5QUUwMi94T1R3MmdF
SzlZWTN6RmxpaEhIcG1MY2tQRkkubWZ0MDMGCCsGAQUFBzANhidodHRwczovL3Jy
ZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwGgYIKwYBBQUHAQgBAf8ECzAJ
oAcwBQIDAgr6MHYGCCsGAQUFBwEHAQH/BGcwZTBEBAIAATA+AwQCK/+YAwQCZwGs
AwQAZyNbAwQAZyzcMAwDBABnV70DBAZnV4ADBAV2i6ADBAW2MoADBADKAw0DBAXL
fGAwHQQCAAIwFwMHACABDfGcAAMFACQDvIADBQAkBxwAMA0GCSqGSIb3DQEBCwUA
A4IBAQBDlnrrOylByGeNPWeISPfIEawkIfN6SxaPlmkAyKMlnAHZ12BlVrxU5G7E
e9NvcJ7qS2mWSWK6HrvlodLQbnS2qGHqeLxaD2alg4lqFYyt5vsLILtjXDPlqqlf
5JYbnmSsEpzA5Trz93eczszcX1hvTrYF28gJyJLG0Vxm564/XCmJ433c2YmpkjxB
05Vl91wHq8yZNBLaicBQAydbJfDvoFbChLBPEgcS7E7WKHZjsgDmxk4+uQrI/Qrw
EZvP/rrMDqE7CiM6MuJMlzJQIkkysClqeDI02dlM5A/76ceXupXVh0pxyo+aK6+E
ylTAwbM5aRvIgp1bYL94DdAeDVcb
-----END CERTIFICATE-----
Generated at Fri Mar 29 05:47:33 2024 by rpki-client on console-ams.rpki-client.org