Certificate

$ rpki-client -vvf rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/z2tVCi8MZCvc1Ni-pQOEmy1FD5g.cer
File:                     z2tVCi8MZCvc1Ni-pQOEmy1FD5g.cer (raw, json)
Hash identifier:          9VUzPgZeFXgGnk1DfYrfKgiKAiWK4r926Svh8nHAuP0=
Subject key identifier:   CF:6B:55:0A:2F:0C:64:2B:DC:D4:D8:BE:A5:03:84:9B:2D:45:0F:98
Authority key identifier: 0E:65:A4:F5:FD:36:B5:BD:68:EB:3C:92:34:08:97:8C:90:7A:A7:9F
Certificate issuer:       /CN=A90DC5BE/serialNumber=0E65A4F5FD36B5BD68EB3C923408978C907AA79F
Certificate serial:       01DDF4
Authority info access:    rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
Manifest:                 rsync://rpki.apnic.net/member_repository/A913B018/39B47F4AC5F611EEBE0B7960C4F9AE02/z2tVCi8MZCvc1Ni-pQOEmy1FD5g.mft
caRepository:             rsync://rpki.apnic.net/member_repository/A913B018/39B47F4AC5F611EEBE0B7960C4F9AE02/
Notify URL:               https://rrdp.apnic.net/notification.xml
Certificate not before:   Wed 07 Feb 2024 20:19:48 +0000
Certificate not after:    Mon 31 Mar 2025 00:00:00 +0000
Subordinate resources:    AS: 152297
                          IP: 2401:70a0::/32

Validation:               OK
Signature path:           rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 30 Nov 2024 02:50:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 122356 (0x1ddf4)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A90DC5BE/serialNumber=0E65A4F5FD36B5BD68EB3C923408978C907AA79F
        Validity
            Not Before: Feb  7 20:19:48 2024 GMT
            Not After : Mar 31 00:00:00 2025 GMT
        Subject: CN=A913B018/serialNumber=CF6B550A2F0C642BDCD4D8BEA503849B2D450F98
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:3c:06:27:81:fc:23:64:80:3f:80:2f:de:ab:
                    96:bc:6b:e1:20:8b:7f:bf:61:3d:00:63:18:90:a7:
                    7d:4e:05:8b:0c:2f:a8:e5:e6:23:95:e1:3e:fd:21:
                    1a:5c:73:5b:68:f4:bd:f4:26:09:20:81:16:7e:f5:
                    38:63:5f:00:de:18:15:b0:4f:05:90:4d:34:89:de:
                    1e:40:13:59:67:04:f6:e2:21:09:62:ec:0b:4a:91:
                    6b:24:00:ac:38:8b:48:14:1b:80:87:d9:28:9f:c6:
                    64:a2:fe:1f:9d:93:82:45:3e:e9:76:48:2e:4a:13:
                    d3:d2:5d:ff:87:9a:57:65:06:41:55:25:b1:3d:f1:
                    f5:93:83:1b:ce:c9:0e:5b:1b:ef:17:59:06:52:b8:
                    1b:b8:8d:00:ef:30:0e:62:26:f6:db:10:fb:b2:00:
                    02:1a:e1:aa:93:3b:21:eb:89:1b:b3:d5:90:98:51:
                    c4:f3:ec:e8:f8:69:0b:fc:76:4a:54:c8:df:ac:4c:
                    fa:a9:32:ee:05:41:3b:8a:8c:73:c5:14:ab:2c:cc:
                    51:52:1b:74:f8:ce:a0:4e:19:e1:e6:58:0e:fc:66:
                    c0:9c:2a:65:44:af:d4:4c:09:55:c0:07:43:b9:a4:
                    ce:48:45:42:b5:6d:58:dc:1a:83:ab:8a:b1:fd:2e:
                    69:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:6B:55:0A:2F:0C:64:2B:DC:D4:D8:BE:A5:03:84:9B:2D:45:0F:98
            X509v3 Authority Key Identifier:
                keyid:0E:65:A4:F5:FD:36:B5:BD:68:EB:3C:92:34:08:97:8C:90:7A:A7:9F

            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                CA Repository - URI:rsync://rpki.apnic.net/member_repository/A913B018/39B47F4AC5F611EEBE0B7960C4F9AE02/
                RPKI Manifest - URI:rsync://rpki.apnic.net/member_repository/A913B018/39B47F4AC5F611EEBE0B7960C4F9AE02/z2tVCi8MZCvc1Ni-pQOEmy1FD5g.mft
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  152297

            sbgp-ipAddrBlock: critical
                IPv6:
                  2401:70a0::/32

    Signature Algorithm: sha256WithRSAEncryption
         a7:ae:b6:e4:d8:4c:cc:da:b3:44:a3:1e:1a:99:55:14:39:34:
         5e:98:d2:02:79:44:2e:0f:bc:75:29:18:c3:48:32:6c:94:78:
         9a:4b:a1:dd:19:a5:01:d5:33:29:07:02:aa:6b:d8:f9:36:dc:
         1f:cf:91:18:b8:f8:54:5d:45:d3:56:4d:aa:c8:25:33:72:2a:
         87:93:a9:4a:98:02:8f:aa:e1:c4:65:94:0e:07:e9:e8:68:13:
         f8:72:cb:86:bd:61:d7:4d:e4:1b:f5:0e:d9:4b:82:1f:7a:7e:
         ca:eb:57:b1:83:ab:ea:61:ce:eb:ac:eb:b4:4d:aa:0c:fd:78:
         e7:01:da:98:0b:09:55:f1:f1:d8:4b:b3:e9:f1:b8:fc:89:46:
         10:7b:55:48:af:1a:08:bf:69:12:18:bd:ed:df:8d:74:14:1d:
         d8:60:af:8e:be:66:07:9c:c5:4c:69:f6:ee:46:7f:89:8a:a9:
         93:54:41:e6:6b:80:fc:ee:ad:8a:fd:56:6e:b1:2c:39:2f:63:
         e2:bd:44:a2:9e:89:a7:b7:ca:27:a0:f5:ed:ef:36:4f:74:2c:
         b4:23:9f:e0:a7:45:85:b1:46:f5:3e:63:4a:60:99:54:f2:4f:
         38:89:87:8c:bb:b6:a5:d1:90:9a:73:66:39:6e:3d:5f:30:4e:
         28:d5:49:30
-----BEGIN CERTIFICATE-----
MIIGGzCCBQOgAwIBAgIDAd30MA0GCSqGSIb3DQEBCwUAMEYxETAPBgNVBAMTCEE5
MERDNUJFMTEwLwYDVQQFEygwRTY1QTRGNUZEMzZCNUJENjhFQjNDOTIzNDA4OTc4
QzkwN0FBNzlGMB4XDTI0MDIwNzIwMTk0OFoXDTI1MDMzMTAwMDAwMFowRjERMA8G
A1UEAxMIQTkxM0IwMTgxMTAvBgNVBAUTKENGNkI1NTBBMkYwQzY0MkJEQ0Q0RDhC
RUE1MDM4NDlCMkQ0NTBGOTgwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQCmPAYngfwjZIA/gC/eq5a8a+Egi3+/YT0AYxiQp31OBYsML6jl5iOV4T79IRpc
c1to9L30JgkggRZ+9ThjXwDeGBWwTwWQTTSJ3h5AE1lnBPbiIQli7AtKkWskAKw4
i0gUG4CH2SifxmSi/h+dk4JFPul2SC5KE9PSXf+HmldlBkFVJbE98fWTgxvOyQ5b
G+8XWQZSuBu4jQDvMA5iJvbbEPuyAAIa4aqTOyHriRuz1ZCYUcTz7Oj4aQv8dkpU
yN+sTPqpMu4FQTuKjHPFFKsszFFSG3T4zqBOGeHmWA78ZsCcKmVEr9RMCVXAB0O5
pM5IRUK1bVjcGoOrirH9LmkPAgMBAAGjggMQMIIDDDAdBgNVHQ4EFgQUz2tVCi8M
ZCvc1Ni+pQOEmy1FD5gwHwYDVR0jBBgwFoAUDmWk9f02tb1o6zySNAiXjJB6p58w
DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wcwYDVR0fBGwwajBooGag
ZIZicnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2
NjExRTJCQjQ2OEY3QzcyRkQxRkYyL0RtV2s5ZjAydGIxbzZ6eVNOQWlYakpCNnA1
OC5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvOTgwNjUyRTBCNzdFMTFFN0E5NkEzOTUyMUE0
RjRGQjQvRG1XazlmMDJ0YjFvNnp5U05BaVhqSkI2cDU4LmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwggEoBggrBgEFBQcBCwSCARowggEWMF8GCCsGAQUF
BzAFhlNyc3luYzovL3Jwa2kuYXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5
MTNCMDE4LzM5QjQ3RjRBQzVGNjExRUVCRTBCNzk2MEM0RjlBRTAyLzB+BggrBgEF
BQcwCoZycnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9B
OTEzQjAxOC8zOUI0N0Y0QUM1RjYxMUVFQkUwQjc5NjBDNEY5QUUwMi96MnRWQ2k4
TVpDdmMxTmktcFFPRW15MUZENWcubWZ0MDMGCCsGAQUFBzANhidodHRwczovL3Jy
ZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwGgYIKwYBBQUHAQgBAf8ECzAJ
oAcwBQIDAlLpMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAJAFwoDANBgkq
hkiG9w0BAQsFAAOCAQEAp6625NhMzNqzRKMeGplVFDk0XpjSAnlELg+8dSkYw0gy
bJR4mkuh3RmlAdUzKQcCqmvY+TbcH8+RGLj4VF1F01ZNqsglM3Iqh5OpSpgCj6rh
xGWUDgfp6GgT+HLLhr1h103kG/UO2UuCH3p+yutXsYOr6mHO66zrtE2qDP145wHa
mAsJVfHx2Euz6fG4/IlGEHtVSK8aCL9pEhi97d+NdBQd2GCvjr5mB5zFTGn27kZ/
iYqpk1RB5muA/O6tiv1WbrEsOS9j4r1Eop6Jp7fKJ6D17e82T3QstCOf4KdFhbFG
9T5jSmCZVPJPOImHjLu2pdGQmnNmOW49XzBOKNVJMA==
-----END CERTIFICATE-----
Generated at Sat Nov 23 04:00:14 2024 by rpki-client on console-ams.rpki-client.org