Certificate

$ rpki-client -vvf rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/RZ0rg0o7oIwKpnxuV4FGqLH-LC8.cer
File:                     RZ0rg0o7oIwKpnxuV4FGqLH-LC8.cer (raw, json)
Hash identifier:          BS3tZTleMcRPn7BYAtCZW2gW6g4o8pPOyGtHi97XSM4=
Subject key identifier:   45:9D:2B:83:4A:3B:A0:8C:0A:A6:7C:6E:57:81:46:A8:B1:FE:2C:2F
Authority key identifier: 0E:65:A4:F5:FD:36:B5:BD:68:EB:3C:92:34:08:97:8C:90:7A:A7:9F
Certificate issuer:       /CN=A90DC5BE/serialNumber=0E65A4F5FD36B5BD68EB3C923408978C907AA79F
Certificate serial:       022B42
Authority info access:    rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
Manifest:                 rsync://rsync.rpki.tianhai.link/repo/TianhaiRpki/3/459D2B834A3BA08C0AA67C6E578146A8B1FE2C2F.mft
caRepository:             rsync://rsync.rpki.tianhai.link/repo/TianhaiRpki/3/
Notify URL:               https://rrdp.rpki.tianhai.link/rrdp/notification.xml
Certificate not before:   Fri 24 Jan 2025 00:22:10 +0000
Certificate not after:    Wed 30 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 4842
                          AS: 24239
                          AS: 135671
                          AS: 135674
                          AS: 151464
                          IP: 103.150.172.0/23
                          IP: 2401:20::/32
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 142146 (0x22b42)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A90DC5BE/serialNumber=0E65A4F5FD36B5BD68EB3C923408978C907AA79F
        Validity
            Not Before: Jan 24 00:22:10 2025 GMT
            Not After : Jul 30 00:00:00 2025 GMT
        Subject: CN=A91F56750000/serialNumber=459D2B834A3BA08C0AA67C6E578146A8B1FE2C2F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:e4:5f:97:35:f8:52:b7:74:b4:a2:8e:89:8c:
                    8b:b1:4a:2c:c9:15:a4:ef:5b:d4:07:fc:fe:45:32:
                    32:8b:80:8c:41:8f:67:86:5f:1d:b7:a0:11:33:fc:
                    d8:5e:f4:4d:6b:a4:6d:96:4c:8c:e6:71:90:56:97:
                    51:c7:6a:bb:64:f8:6c:74:06:4e:b1:d5:d8:98:28:
                    5b:97:d9:8e:50:44:e4:39:63:78:e0:79:91:d8:f9:
                    62:ac:2b:18:cb:a8:73:58:54:d7:ea:88:11:d3:21:
                    29:4a:a8:55:bb:a9:01:36:39:29:49:b1:ad:c6:f0:
                    fb:7c:78:ab:04:27:4c:61:75:76:4b:e1:e7:be:dc:
                    08:27:25:3a:d6:51:ae:43:87:75:f4:77:21:e9:de:
                    16:6b:55:b3:0a:bf:7c:25:c8:5e:5c:43:c4:d0:a4:
                    41:40:7b:eb:db:92:32:78:73:a0:37:56:21:31:63:
                    9d:b3:5c:20:23:b1:aa:81:5f:67:0a:52:34:dc:ea:
                    6d:47:9d:17:ea:91:de:73:e9:39:f4:55:a7:f1:a0:
                    5d:8b:01:2b:e5:94:d9:2e:78:56:a7:b4:66:c2:2a:
                    24:fa:8b:12:5b:02:a2:a8:ce:08:62:6f:03:78:ca:
                    bf:c1:f9:55:bf:c3:10:dc:99:1f:a6:36:28:54:a7:
                    0f:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:9D:2B:83:4A:3B:A0:8C:0A:A6:7C:6E:57:81:46:A8:B1:FE:2C:2F
            X509v3 Authority Key Identifier:
                keyid:0E:65:A4:F5:FD:36:B5:BD:68:EB:3C:92:34:08:97:8C:90:7A:A7:9F

            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                CA Repository - URI:rsync://rsync.rpki.tianhai.link/repo/TianhaiRpki/3/
                RPKI Manifest - URI:rsync://rsync.rpki.tianhai.link/repo/TianhaiRpki/3/459D2B834A3BA08C0AA67C6E578146A8B1FE2C2F.mft
                RPKI Notify - URI:https://rrdp.rpki.tianhai.link/rrdp/notification.xml

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  4842
                  24239
                  135671
                  135674
                  151464

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.150.172.0/23
                IPv6:
                  2401:20::/32

    Signature Algorithm: sha256WithRSAEncryption
         aa:8b:71:4f:a3:43:08:71:af:f7:79:b8:6c:84:b1:a5:41:c5:
         56:86:44:4e:ca:a2:ff:86:7a:27:f6:23:8b:47:6a:c2:3b:07:
         56:7f:28:d6:51:05:56:09:8e:db:88:4f:51:00:f9:23:74:c1:
         25:cd:5d:c0:7c:9a:0b:70:a9:f6:33:88:f6:e9:c4:5f:8f:d7:
         31:3b:fc:3c:2f:10:96:19:b5:af:2c:d8:6e:19:4f:8d:e3:5b:
         aa:f0:58:2e:c7:d3:f1:ce:23:98:54:5e:9a:fd:19:09:f0:7f:
         2f:64:3d:09:f5:1c:2b:ec:c4:e8:18:e5:1d:8a:b3:11:7b:4d:
         b6:d1:8b:d8:d4:a9:de:c7:66:6d:11:c5:5f:a0:41:a1:4d:87:
         c6:86:dc:e1:04:fe:f8:01:fb:3d:b4:a6:35:8c:82:ad:f5:21:
         62:fb:21:35:52:e7:54:98:55:2d:17:36:7a:24:1b:49:06:0f:
         33:97:75:c7:40:12:d3:0b:a2:c4:bf:7c:19:3b:89:3e:28:4a:
         29:0d:b9:f8:11:d7:3c:72:8a:35:32:4c:05:30:c0:6a:b1:42:
         bb:96:63:6a:31:43:27:30:84:d5:ff:5a:6a:e8:c8:f6:92:45:
         c2:a1:1f:53:4c:f5:67:54:ff:f9:2b:c3:9a:0e:d8:10:54:40:
         89:ab:2a:88
-----BEGIN CERTIFICATE-----
MIIGFzCCBP+gAwIBAgIDAitCMA0GCSqGSIb3DQEBCwUAMEYxETAPBgNVBAMTCEE5
MERDNUJFMTEwLwYDVQQFEygwRTY1QTRGNUZEMzZCNUJENjhFQjNDOTIzNDA4OTc4
QzkwN0FBNzlGMB4XDTI1MDEyNDAwMjIxMFoXDTI1MDczMDAwMDAwMFowSjEVMBMG
A1UEAxMMQTkxRjU2NzUwMDAwMTEwLwYDVQQFEyg0NTlEMkI4MzRBM0JBMDhDMEFB
NjdDNkU1NzgxNDZBOEIxRkUyQzJGMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEA3uRflzX4Urd0tKKOiYyLsUosyRWk71vUB/z+RTIyi4CMQY9nhl8dt6AR
M/zYXvRNa6RtlkyM5nGQVpdRx2q7ZPhsdAZOsdXYmChbl9mOUETkOWN44HmR2Pli
rCsYy6hzWFTX6ogR0yEpSqhVu6kBNjkpSbGtxvD7fHirBCdMYXV2S+HnvtwIJyU6
1lGuQ4d19Hch6d4Wa1WzCr98JcheXEPE0KRBQHvr25IyeHOgN1YhMWOds1wgI7Gq
gV9nClI03OptR50X6pHec+k59FWn8aBdiwEr5ZTZLnhWp7Rmwiok+osSWwKiqM4I
Ym8DeMq/wflVv8MQ3JkfpjYoVKcPAQIDAQABo4IDCDCCAwQwHQYDVR0OBBYEFEWd
K4NKO6CMCqZ8bleBRqix/iwvMB8GA1UdIwQYMBaAFA5lpPX9NrW9aOs8kjQIl4yQ
eqefMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MHMGA1UdHwRsMGow
aKBmoGSGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1
ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9EbVdrOWYwMnRiMW82enlTTkFpWGpK
QjZwNTguY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9y
cGtpLmFwbmljLm5ldC9yZXBvc2l0b3J5Lzk4MDY1MkUwQjc3RTExRTdBOTZBMzk1
MjFBNEY0RkI0L0RtV2s5ZjAydGIxbzZ6eVNOQWlYakpCNnA1OC5jZXIwSgYDVR0g
AQH/BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5h
cG5pYy5uZXQvUlBLSS9DUFMucGRmMIIBAAYIKwYBBQUHAQsEgfMwgfAwPwYIKwYB
BQUHMAWGM3JzeW5jOi8vcnN5bmMucnBraS50aWFuaGFpLmxpbmsvcmVwby9UaWFu
aGFpUnBraS8zLzBrBggrBgEFBQcwCoZfcnN5bmM6Ly9yc3luYy5ycGtpLnRpYW5o
YWkubGluay9yZXBvL1RpYW5oYWlScGtpLzMvNDU5RDJCODM0QTNCQTA4QzBBQTY3
QzZFNTc4MTQ2QThCMUZFMkMyRi5tZnQwQAYIKwYBBQUHMA2GNGh0dHBzOi8vcnJk
cC5ycGtpLnRpYW5oYWkubGluay9ycmRwL25vdGlmaWNhdGlvbi54bWwwLAYIKwYB
BQUHAQgBAf8EHTAboBkwFwICEuoCAl6vAgMCEfcCAwIR+gIDAk+oMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQBZ5asMA0EAgACMAcDBQAkAQAgMA0GCSqGSIb3
DQEBCwUAA4IBAQCqi3FPo0MIca/3ebhshLGlQcVWhkROyqL/hnon9iOLR2rCOwdW
fyjWUQVWCY7biE9RAPkjdMElzV3AfJoLcKn2M4j26cRfj9cxO/w8LxCWGbWvLNhu
GU+N41uq8Fgux9PxziOYVF6a/RkJ8H8vZD0J9Rwr7MToGOUdirMRe0220YvY1Kne
x2ZtEcVfoEGhTYfGhtzhBP74Afs9tKY1jIKt9SFi+yE1UudUmFUtFzZ6JBtJBg8z
l3XHQBLTC6LEv3wZO4k+KEopDbn4Edc8coo1MkwFMMBqsUK7lmNqMUMnMITV/1pq
6Mj2kkXCoR9TTPVnVP/5K8OaDtgQVECJqyqI
-----END CERTIFICATE-----