Certificate

$ rpki-client -vvf rpkica.twnic.tw/rpki/TWNICCA/a67IQw4OULGejQLv5cDh7kzuo9Q.cer
File:                     a67IQw4OULGejQLv5cDh7kzuo9Q.cer (raw, json)
Hash identifier:          SalYlKU74/kk2AN4NRkW/J/+gTwjNaOQKXpVrpNfjs8=
Subject key identifier:   6B:AE:C8:43:0E:0E:50:B1:9E:8D:02:EF:E5:C0:E1:EE:4C:EE:A3:D4
Authority key identifier: A2:3A:7C:63:54:71:18:AA:E4:97:F0:3E:13:12:1C:96:AB:34:54:7E
Certificate issuer:       /CN=A91BDB290000/serialNumber=A23A7C63547118AAE497F03E13121C96AB34547E
Certificate serial:       1CB0
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ojp8Y1RxGKrkl_A-ExIclqs0VH4.cer
Manifest:                 rsync://rpkica.twnic.tw/rpki/TWNICCA/TAKI/a67IQw4OULGejQLv5cDh7kzuo9Q.mft
caRepository:             rsync://rpkica.twnic.tw/rpki/TWNICCA/TAKI/
Notify URL:               https://rrdp.twnic.tw/rrdp/notify.xml
Certificate not before:   Tue 29 Dec 2020 03:01:12 +0000
Certificate not after:    Wed 29 Sep 2021 09:51:23 +0000
Subordinate resources:    IP: 2405:cfc0::/32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 7344 (0x1cb0)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91BDB290000/serialNumber=A23A7C63547118AAE497F03E13121C96AB34547E
        Validity
            Not Before: Dec 29 03:01:12 2020 GMT
            Not After : Sep 29 09:51:23 2021 GMT
        Subject: CN=6BAEC8430E0E50B19E8D02EFE5C0E1EE4CEEA3D4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:4a:fb:63:f7:aa:e3:f4:ec:68:b4:70:07:5e:
                    0f:bc:0d:2e:8b:fd:7f:d1:cf:b8:0e:83:61:bc:40:
                    2e:cf:e1:56:8e:b3:0b:f2:84:e4:f7:7c:44:2f:fd:
                    e6:a7:70:9b:6c:56:eb:a9:5b:eb:12:66:7f:ab:72:
                    e6:90:0a:cc:be:29:40:89:b2:27:e3:0f:5b:7d:20:
                    5c:58:ae:ac:f1:ed:f5:08:88:5e:c4:df:60:1e:38:
                    85:29:ea:e0:e7:e2:93:be:c9:3e:92:dd:d6:fa:52:
                    b9:91:65:19:d2:bf:0c:8a:cf:60:1f:ec:56:6f:bc:
                    a0:ef:99:39:c3:76:51:46:7e:12:7e:c5:59:15:74:
                    75:e4:e7:8b:fd:b6:22:cb:75:6a:3b:c2:1c:e7:a6:
                    b2:c0:f7:67:ca:c1:33:fb:a4:28:9c:f4:f3:45:fd:
                    f4:d4:f5:7d:c9:14:bc:21:85:0a:db:3d:05:09:1b:
                    18:7e:2f:93:d9:fd:63:a2:fc:57:83:e2:c6:45:19:
                    27:e3:f0:f8:86:53:5f:9b:8d:b0:f8:0a:ce:01:09:
                    b7:48:09:a6:1b:ec:18:07:c4:d6:6d:15:66:b5:6e:
                    28:ad:06:ae:cb:b9:a2:04:77:fc:f5:7d:0e:06:cd:
                    97:f2:9d:e3:cb:72:a3:a5:5b:b5:95:df:2d:57:86:
                    0f:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:AE:C8:43:0E:0E:50:B1:9E:8D:02:EF:E5:C0:E1:EE:4C:EE:A3:D4
            X509v3 Authority Key Identifier:
                keyid:A2:3A:7C:63:54:71:18:AA:E4:97:F0:3E:13:12:1C:96:AB:34:54:7E

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/ojp8Y1RxGKrkl_A-ExIclqs0VH4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ojp8Y1RxGKrkl_A-ExIclqs0VH4.cer

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Subject Information Access:
                CA Repository - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/TAKI/
                RPKI Manifest - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/TAKI/a67IQw4OULGejQLv5cDh7kzuo9Q.mft
                RPKI Notify - URI:https://rrdp.twnic.tw/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv6:
                  2405:cfc0::/32

    Signature Algorithm: sha256WithRSAEncryption
         67:ba:91:37:06:04:1d:85:d0:99:07:16:47:48:c5:e5:ee:7d:
         1b:0e:77:bd:5b:95:7e:d9:b9:b0:cf:36:49:37:bf:22:cd:f9:
         ba:26:7c:a0:61:4a:31:33:6d:9b:d8:4a:64:3c:e3:f7:80:46:
         73:43:45:5d:e4:7c:65:69:d9:78:a6:ed:12:07:40:2f:a7:cc:
         f6:25:f9:f3:5b:9c:a2:ae:da:1a:e1:a2:22:4b:92:10:1a:e3:
         21:2f:fd:3f:45:00:d7:d4:77:1a:48:72:da:fc:04:4d:03:bd:
         d0:6c:33:b9:bd:58:d4:81:d9:6b:ec:e8:3e:9e:f7:c5:54:28:
         c3:b7:7d:79:25:87:90:3f:a6:ea:85:15:bf:45:40:ee:5c:be:
         61:51:16:5f:7f:54:df:1d:75:a2:5e:1d:64:4b:ea:7e:b8:50:
         82:28:41:0a:85:07:d2:68:ee:b3:8c:2e:7f:1f:d4:15:eb:82:
         a6:f1:5b:c8:1b:70:fb:15:53:64:a7:bf:79:cb:f3:35:1f:f9:
         ea:8e:3f:42:13:a1:dd:55:f3:56:a6:da:c5:ef:7f:db:d2:16:
         1d:e9:98:9d:8b:64:36:43:f7:c7:03:5d:7e:a1:b1:17:10:1a:
         a1:77:34:02:ad:5d:d3:9f:06:ad:4b:83:c8:ac:fe:38:8a:3c:
         9d:9f:2a:eb
-----BEGIN CERTIFICATE-----
MIIFSDCCBDCgAwIBAgICHLAwDQYJKoZIhvcNAQELBQAwSjEVMBMGA1UEAxMMQTkx
QkRCMjkwMDAwMTEwLwYDVQQFEyhBMjNBN0M2MzU0NzExOEFBRTQ5N0YwM0UxMzEy
MUM5NkFCMzQ1NDdFMB4XDTIwMTIyOTAzMDExMloXDTIxMDkyOTA5NTEyM1owMzEx
MC8GA1UEAxMoNkJBRUM4NDMwRTBFNTBCMTlFOEQwMkVGRTVDMEUxRUU0Q0VFQTNE
NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL9K+2P3quP07Gi0cAde
D7wNLov9f9HPuA6DYbxALs/hVo6zC/KE5Pd8RC/95qdwm2xW66lb6xJmf6ty5pAK
zL4pQImyJ+MPW30gXFiurPHt9QiIXsTfYB44hSnq4Ofik77JPpLd1vpSuZFlGdK/
DIrPYB/sVm+8oO+ZOcN2UUZ+En7FWRV0deTni/22Ist1ajvCHOemssD3Z8rBM/uk
KJz080X99NT1fckUvCGFCts9BQkbGH4vk9n9Y6L8V4PixkUZJ+Pw+IZTX5uNsPgK
zgEJt0gJphvsGAfE1m0VZrVuKK0Grsu5ogR3/PV9DgbNl/Kd48tyo6VbtZXfLVeG
D7UCAwEAAaOCAk0wggJJMB0GA1UdDgQWBBRrrshDDg5QsZ6NAu/lwOHuTO6j1DAf
BgNVHSMEGDAWgBSiOnxjVHEYquSX8D4TEhyWqzRUfjAYBgNVHSABAf8EDjAMMAoG
CCsGAQUFBw4CMFUGA1UdHwROMEwwSqBIoEaGRHJzeW5jOi8vcnBraWNhLnR3bmlj
LnR3L3Jwa2kvVFdOSUNDQS9vanA4WTFSeEdLcmtsX0EtRXhJY2xxczBWSDQuY3Js
MH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtpLmFwbmlj
Lm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3QzcyRkQxRkYy
L29qcDhZMVJ4R0tya2xfQS1FeEljbHFzMFZINC5jZXIwDwYDVR0TAQH/BAUwAwEB
/zAOBgNVHQ8BAf8EBAMCAQYwgdIGCCsGAQUFBwELBIHFMIHCMDYGCCsGAQUFBzAF
hipyc3luYzovL3Jwa2ljYS50d25pYy50dy9ycGtpL1RXTklDQ0EvVEFLSS8wVQYI
KwYBBQUHMAqGSXJzeW5jOi8vcnBraWNhLnR3bmljLnR3L3Jwa2kvVFdOSUNDQS9U
QUtJL2E2N0lRdzRPVUxHZWpRTHY1Y0RoN2t6dW85US5tZnQwMQYIKwYBBQUHMA2G
JWh0dHBzOi8vcnJkcC50d25pYy50dy9ycmRwL25vdGlmeS54bWwwIAYIKwYBBQUH
AQcBAf8EETAPMA0EAgACMAcDBQAkBc/AMA0GCSqGSIb3DQEBCwUAA4IBAQBnupE3
BgQdhdCZBxZHSMXl7n0bDne9W5V+2bmwzzZJN78izfm6JnygYUoxM22b2EpkPOP3
gEZzQ0Vd5Hxladl4pu0SB0Avp8z2JfnzW5yirtoa4aIiS5IQGuMhL/0/RQDX1Hca
SHLa/ARNA73QbDO5vVjUgdlr7Og+nvfFVCjDt315JYeQP6bqhRW/RUDuXL5hURZf
f1TfHXWiXh1kS+p+uFCCKEEKhQfSaO6zjC5/H9QV64Km8VvIG3D7FVNkp795y/M1
H/nqjj9CE6HdVfNWptrF73/b0hYd6Zidi2Q2Q/fHA11+obEXEBqhdzQCrV3Tnwat
S4PIrP44ijydnyrr
-----END CERTIFICATE-----
Generated at Thu Jun 6 20:00:52 2024 by rpki-client on console-ams.rpki-client.org