Certificate

$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/axBeYoldLTIOdbe7eYHvE3olKUc.cer
File:                     axBeYoldLTIOdbe7eYHvE3olKUc.cer (raw, json)
Hash identifier:          2L47fury0s4881FbBN8njleRb2MMKe54crX9dTiim5o=
Subject key identifier:   6B:10:5E:62:89:5D:2D:32:0E:75:B7:BB:79:81:EF:13:7A:25:29:47
Authority key identifier: 04:16:29:B6:A9:EA:B7:CB:13:24:EA:39:78:F0:37:96:F8:89:B5:40
Certificate issuer:       /CN=A9162E3D0000/serialNumber=041629B6A9EAB7CB1324EA3978F03796F889B540
Certificate serial:       77F4
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BBYptqnqt8sTJOo5ePA3lviJtUA.cer
Manifest:                 rsync://rpki.cnnic.cn/rpki/A9162E3D0000/423/axBeYoldLTIOdbe7eYHvE3olKUc.mft
caRepository:             rsync://rpki.cnnic.cn/rpki/A9162E3D0000/423/
Notify URL:               https://rpki.cnnic.cn/rrdp/notify.xml
Certificate not before:   Thu 27 May 2021 05:06:51 +0000
Certificate not after:    Fri 27 May 2022 04:59:52 +0000
Subordinate resources:    AS: 59008
                          IP: 101.254.0.0/16
                          IP: 103.52.40.0/22
                          IP: 119.80.240.0/22
                          IP: 119.90.0.0/17
                          IP: 124.68.64.0/18
                          IP: 211.147.208.0/20
                          IP: 211.157.96.0/19
                          IP: 218.244.160.0/19
                          IP: 218.246.32.0/19
                          IP: 220.154.0.0/16
                          IP: 221.122.0.0/15
                          IP: 2400:b700::/32

Validation:               Failed, CRL has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 30708 (0x77f4)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9162E3D0000/serialNumber=041629B6A9EAB7CB1324EA3978F03796F889B540
        Validity
            Not Before: May 27 05:06:51 2021 GMT
            Not After : May 27 04:59:52 2022 GMT
        Subject: CN=6B105E62895D2D320E75B7BB7981EF137A252947
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:61:c5:46:72:e3:21:9e:f2:1d:23:d0:8b:a1:
                    84:3b:3c:f3:83:14:4c:b0:1b:d0:5b:61:6d:62:1c:
                    72:59:68:ce:10:73:e5:f0:13:04:2f:19:63:7c:d5:
                    fd:b7:6d:86:de:4e:06:e3:60:05:ad:0c:8b:70:69:
                    12:ca:61:44:c3:65:64:05:08:9d:a2:14:54:28:6b:
                    f3:b6:92:e7:11:53:ee:e7:ea:5b:31:d0:a2:65:d7:
                    b6:27:5b:6a:10:21:47:d6:d1:02:3e:a8:30:aa:9d:
                    3f:50:1c:52:d9:f0:30:99:49:c1:b6:55:56:c7:0c:
                    3a:af:92:29:29:19:05:5f:ca:9e:38:78:96:e9:b4:
                    56:3b:06:3e:15:9e:68:d4:0a:17:d2:f1:e8:f2:b2:
                    ba:9c:23:16:d4:1e:f6:60:9a:a4:eb:c3:72:3f:c7:
                    84:7f:83:d6:a7:89:e4:d5:00:0e:7d:c5:66:b6:a2:
                    95:6a:4e:ee:00:e3:bd:b2:2c:31:02:04:b6:73:bc:
                    f6:f9:bd:ac:28:ec:90:c6:58:eb:46:7b:d3:5e:e8:
                    19:9c:18:3b:28:6d:eb:16:c7:6d:e1:00:d2:c1:79:
                    b4:63:86:85:7d:7b:55:e3:9e:0d:7f:27:f1:6b:e3:
                    98:b3:a9:56:d3:ac:40:96:9b:91:c6:93:e7:bd:4e:
                    38:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:10:5E:62:89:5D:2D:32:0E:75:B7:BB:79:81:EF:13:7A:25:29:47
            X509v3 Authority Key Identifier:
                keyid:04:16:29:B6:A9:EA:B7:CB:13:24:EA:39:78:F0:37:96:F8:89:B5:40

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BBYptqnqt8sTJOo5ePA3lviJtUA.cer

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Subject Information Access:
                CA Repository - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/423/
                RPKI Manifest - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/423/axBeYoldLTIOdbe7eYHvE3olKUc.mft
                RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  59008

            sbgp-ipAddrBlock: critical
                IPv4:
                  101.254.0.0/16
                  103.52.40.0/22
                  119.80.240.0/22
                  119.90.0.0/17
                  124.68.64.0/18
                  211.147.208.0/20
                  211.157.96.0/19
                  218.244.160.0/19
                  218.246.32.0/19
                  220.154.0.0/16
                  221.122.0.0/15
                IPv6:
                  2400:b700::/32

    Signature Algorithm: sha256WithRSAEncryption
         94:b4:5b:f5:c9:21:b9:4e:4a:d4:3a:4e:1c:63:c1:22:10:9e:
         9e:ab:fb:eb:30:17:07:4f:20:b1:75:8c:0d:5e:73:73:73:29:
         8d:4c:79:2e:5c:0f:72:82:e9:bc:3e:98:14:df:e3:ea:c8:5b:
         29:c6:77:5f:ca:21:1a:e0:50:9f:d1:80:e1:1a:80:2f:a3:bc:
         62:3a:cf:cb:b1:b5:ec:3a:f5:4f:74:72:59:23:24:9d:81:f8:
         eb:66:1b:af:7c:78:10:9b:93:74:cd:04:88:ae:ea:61:f8:fe:
         3e:9e:d4:9f:25:71:0d:5c:c7:ce:3c:bc:f1:3c:6b:14:02:a0:
         7d:bc:1d:dd:ec:bd:2d:c1:fc:36:56:9d:fa:98:d4:df:e8:24:
         2f:bb:ba:3b:0f:2c:8e:dd:4b:55:33:1a:f0:f9:db:45:d7:17:
         23:0e:25:30:8b:7e:66:cc:2f:ae:84:99:ad:ba:15:91:73:78:
         66:57:4f:99:6f:0f:6e:80:05:90:30:15:42:58:b0:6a:dc:a5:
         b9:6f:2d:08:e4:c2:e2:f7:0a:91:ab:96:e5:c9:17:28:64:98:
         7c:d8:e5:67:1d:0a:76:e0:e8:48:51:6e:2c:fe:99:97:02:79:
         6e:e3:0f:0f:0c:e7:f9:c0:07:e7:88:ac:8e:fa:b1:ea:df:20:
         6b:02:79:ff
-----BEGIN CERTIFICATE-----
MIIFsjCCBJqgAwIBAgICd/QwDQYJKoZIhvcNAQELBQAwSjEVMBMGA1UEAxMMQTkx
NjJFM0QwMDAwMTEwLwYDVQQFEygwNDE2MjlCNkE5RUFCN0NCMTMyNEVBMzk3OEYw
Mzc5NkY4ODlCNTQwMB4XDTIxMDUyNzA1MDY1MVoXDTIyMDUyNzA0NTk1MlowMzEx
MC8GA1UEAxMoNkIxMDVFNjI4OTVEMkQzMjBFNzVCN0JCNzk4MUVGMTM3QTI1Mjk0
NzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN1hxUZy4yGe8h0j0Iuh
hDs884MUTLAb0FthbWIccllozhBz5fATBC8ZY3zV/bdtht5OBuNgBa0Mi3BpEsph
RMNlZAUInaIUVChr87aS5xFT7ufqWzHQomXXtidbahAhR9bRAj6oMKqdP1AcUtnw
MJlJwbZVVscMOq+SKSkZBV/Knjh4lum0VjsGPhWeaNQKF9Lx6PKyupwjFtQe9mCa
pOvDcj/HhH+D1qeJ5NUADn3FZrailWpO7gDjvbIsMQIEtnO89vm9rCjskMZY60Z7
017oGZwYOyht6xbHbeEA0sF5tGOGhX17VeOeDX8n8WvjmLOpVtOsQJabkcaT571O
ODUCAwEAAaOCArcwggKzMB0GA1UdDgQWBBRrEF5iiV0tMg51t7t5ge8TeiUpRzAf
BgNVHSMEGDAWgBQEFim2qeq3yxMk6jl48DeW+Im1QDAYBgNVHSABAf8EDjAMMAoG
CCsGAQUFBw4CMFgGA1UdHwRRME8wTaBLoEmGR3JzeW5jOi8vcnBraS5jbm5pYy5j
bi9ycGtpL0E5MTYyRTNEMDAwMC9CQllwdHFucXQ4c1RKT281ZVBBM2x2aUp0VUEu
Y3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtpLmFw
bmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3QzcyRkQx
RkYyL0JCWXB0cW5xdDhzVEpPbzVlUEEzbHZpSnRVQS5jZXIwDwYDVR0TAQH/BAUw
AwEB/zAOBgNVHQ8BAf8EBAMCAQYwgdYGCCsGAQUFBwELBIHJMIHGMDgGCCsGAQUF
BzAFhixyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNDIz
LzBXBggrBgEFBQcwCoZLcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzQyMy9heEJlWW9sZExUSU9kYmU3ZVlIdkUzb2xLVWMubWZ0MDEGCCsG
AQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMuY24vcnJkcC9ub3RpZnkueG1sMBoG
CCsGAQUFBwEIAQH/BAswCaAHMAUCAwDmgDBnBggrBgEFBQcBBwEB/wRYMFYwRQQC
AAEwPwMDAGX+AwQCZzQoAwQCd1DwAwQHd1oAAwQGfERAAwQE05PQAwQF051gAwQF
2vSgAwQF2vYgAwMA3JoDAwHdejANBAIAAjAHAwUAJAC3ADANBgkqhkiG9w0BAQsF
AAOCAQEAlLRb9ckhuU5K1DpOHGPBIhCenqv76zAXB08gsXWMDV5zc3MpjUx5LlwP
coLpvD6YFN/j6shbKcZ3X8ohGuBQn9GA4RqAL6O8YjrPy7G17Dr1T3RyWSMknYH4
62Ybr3x4EJuTdM0EiK7qYfj+Pp7UnyVxDVzHzjy88TxrFAKgfbwd3ey9LcH8Nlad
+pjU3+gkL7u6Ow8sjt1LVTMa8PnbRdcXIw4lMIt+ZswvroSZrboVkXN4ZldPmW8P
boAFkDAVQliwatyluW8tCOTC4vcKkauW5ckXKGSYfNjlZx0KduDoSFFuLP6ZlwJ5
buMPDwzn+cAH54isjvqx6t8gawJ5/w==
-----END CERTIFICATE-----