Certificate

$ rpki-client -vvf rpkica.twnic.tw/rpki/TWNICCA/gJL2FODvdTlQl-iWRpvIt7MZ2FI.cer
File:                     gJL2FODvdTlQl-iWRpvIt7MZ2FI.cer (raw, json)
Hash identifier:          21ukBkiOQ31b6NXgWCGo9n5j+YHWMbec7x3HvR4IzC8=
Subject key identifier:   80:92:F6:14:E0:EF:75:39:50:97:E8:96:46:9B:C8:B7:B3:19:D8:52
Authority key identifier: A2:3A:7C:63:54:71:18:AA:E4:97:F0:3E:13:12:1C:96:AB:34:54:7E
Certificate issuer:       /CN=A91BDB290000/serialNumber=A23A7C63547118AAE497F03E13121C96AB34547E
Certificate serial:       2A55
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ojp8Y1RxGKrkl_A-ExIclqs0VH4.cer
Manifest:                 rsync://rpkica.twnic.tw/rpki/TWNICCA/GCMM/gJL2FODvdTlQl-iWRpvIt7MZ2FI.mft
caRepository:             rsync://rpkica.twnic.tw/rpki/TWNICCA/GCMM/
Notify URL:               https://rrdp.twnic.tw/rrdp/notify.xml
Certificate not before:   Tue 31 Oct 2023 07:14:10 +0000
Certificate not after:    Sat 31 Aug 2024 03:10:53 +0000
Subordinate resources:    IP: 2403:b1c0::/32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 10837 (0x2a55)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91BDB290000/serialNumber=A23A7C63547118AAE497F03E13121C96AB34547E
        Validity
            Not Before: Oct 31 07:14:10 2023 GMT
            Not After : Aug 31 03:10:53 2024 GMT
        Subject: CN=8092F614E0EF75395097E896469BC8B7B319D852
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:79:eb:f0:75:33:2e:5b:aa:c1:42:4b:0e:e8:
                    ca:db:3e:66:4f:97:79:d8:0a:5e:e7:5d:f4:f0:16:
                    c9:d4:fe:02:e1:f2:22:50:ae:76:1f:c6:5a:09:27:
                    53:9b:ec:6a:94:37:f1:09:47:65:f9:cf:4c:06:5d:
                    c9:a5:4c:40:48:17:81:53:e5:55:85:1f:a3:b0:b6:
                    df:ef:c2:4e:77:bf:f0:a6:84:16:e2:57:0e:50:56:
                    1a:3d:55:d6:22:eb:27:dd:63:d9:1c:65:61:bd:ea:
                    20:6e:76:e0:26:3e:4a:83:6a:64:72:fe:71:4c:c9:
                    80:84:28:a6:49:c7:47:45:60:34:f1:a0:18:15:7b:
                    19:b4:95:f2:76:d9:92:11:89:61:d4:38:7c:ff:52:
                    fe:0e:9e:74:cd:6e:ce:71:08:78:0e:4a:8b:8f:78:
                    c8:f7:7c:c7:d3:9e:c0:b7:05:e9:35:d0:cb:e6:83:
                    59:dc:33:61:66:9b:c6:75:71:25:31:3e:f1:e4:4d:
                    b2:93:43:c8:f1:3e:99:c0:a8:73:a9:50:5f:a2:7b:
                    58:93:33:e1:d6:28:f2:93:a3:42:e4:5f:ee:f0:61:
                    07:87:6d:66:09:bf:97:29:56:ee:c3:01:89:5b:61:
                    4e:16:c5:10:73:6a:e4:c8:1e:77:a1:32:03:47:24:
                    3b:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:92:F6:14:E0:EF:75:39:50:97:E8:96:46:9B:C8:B7:B3:19:D8:52
            X509v3 Authority Key Identifier:
                keyid:A2:3A:7C:63:54:71:18:AA:E4:97:F0:3E:13:12:1C:96:AB:34:54:7E

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/ojp8Y1RxGKrkl_A-ExIclqs0VH4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ojp8Y1RxGKrkl_A-ExIclqs0VH4.cer

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Subject Information Access:
                CA Repository - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/GCMM/
                RPKI Manifest - URI:rsync://rpkica.twnic.tw/rpki/TWNICCA/GCMM/gJL2FODvdTlQl-iWRpvIt7MZ2FI.mft
                RPKI Notify - URI:https://rrdp.twnic.tw/rrdp/notify.xml

            sbgp-ipAddrBlock: critical
                IPv6:
                  2403:b1c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         52:8e:ab:4a:21:11:83:88:b4:41:aa:c7:3a:81:5a:51:aa:9d:
         7b:ed:d8:80:f1:ba:32:36:a0:0d:fe:ac:43:98:cd:a0:c3:59:
         08:66:cc:a2:45:15:8f:79:7d:da:a7:f0:ce:ef:1b:c9:e4:46:
         8d:a9:d3:25:86:7f:b3:4b:e9:95:e4:03:1e:f5:14:fd:ec:eb:
         35:a4:f3:a6:24:25:39:17:e2:66:2e:df:2a:9e:85:61:4b:c9:
         2a:b0:60:32:fb:c5:90:fe:da:91:32:e4:7c:c6:a4:ef:d6:71:
         77:93:e6:79:4b:87:8e:05:fd:86:d6:a2:f7:ca:e0:cd:bc:e4:
         ac:9e:92:bc:34:00:30:aa:08:df:98:0c:bd:48:15:c9:95:b9:
         36:73:ec:45:86:c6:29:8f:b4:df:9b:3d:de:1a:77:65:2e:d6:
         77:f6:08:c0:f1:38:ac:09:30:98:d1:b3:a7:5a:32:c1:b7:d2:
         42:a9:ae:80:2a:3e:9b:a5:a5:1a:36:68:20:1d:e7:51:31:25:
         50:7c:7c:6e:fb:5d:aa:31:29:0f:f7:73:93:98:26:0b:2b:eb:
         9e:9c:9f:7b:07:f4:64:e0:d9:f0:97:6e:1d:13:9c:78:a8:12:
         17:15:f5:3f:ee:00:87:09:aa:19:4a:13:15:89:b1:6a:67:a8:
         34:c0:8f:85
-----BEGIN CERTIFICATE-----
MIIFSDCCBDCgAwIBAgICKlUwDQYJKoZIhvcNAQELBQAwSjEVMBMGA1UEAxMMQTkx
QkRCMjkwMDAwMTEwLwYDVQQFEyhBMjNBN0M2MzU0NzExOEFBRTQ5N0YwM0UxMzEy
MUM5NkFCMzQ1NDdFMB4XDTIzMTAzMTA3MTQxMFoXDTI0MDgzMTAzMTA1M1owMzEx
MC8GA1UEAxMoODA5MkY2MTRFMEVGNzUzOTUwOTdFODk2NDY5QkM4QjdCMzE5RDg1
MjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJp56/B1My5bqsFCSw7o
yts+Zk+XedgKXudd9PAWydT+AuHyIlCudh/GWgknU5vsapQ38QlHZfnPTAZdyaVM
QEgXgVPlVYUfo7C23+/CTne/8KaEFuJXDlBWGj1V1iLrJ91j2RxlYb3qIG524CY+
SoNqZHL+cUzJgIQopknHR0VgNPGgGBV7GbSV8nbZkhGJYdQ4fP9S/g6edM1uznEI
eA5Ki494yPd8x9OewLcF6TXQy+aDWdwzYWabxnVxJTE+8eRNspNDyPE+mcCoc6lQ
X6J7WJMz4dYo8pOjQuRf7vBhB4dtZgm/lylW7sMBiVthThbFEHNq5Mged6EyA0ck
O40CAwEAAaOCAk0wggJJMB0GA1UdDgQWBBSAkvYU4O91OVCX6JZGm8i3sxnYUjAf
BgNVHSMEGDAWgBSiOnxjVHEYquSX8D4TEhyWqzRUfjAYBgNVHSABAf8EDjAMMAoG
CCsGAQUFBw4CMFUGA1UdHwROMEwwSqBIoEaGRHJzeW5jOi8vcnBraWNhLnR3bmlj
LnR3L3Jwa2kvVFdOSUNDQS9vanA4WTFSeEdLcmtsX0EtRXhJY2xxczBWSDQuY3Js
MH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtpLmFwbmlj
Lm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3QzcyRkQxRkYy
L29qcDhZMVJ4R0tya2xfQS1FeEljbHFzMFZINC5jZXIwDwYDVR0TAQH/BAUwAwEB
/zAOBgNVHQ8BAf8EBAMCAQYwgdIGCCsGAQUFBwELBIHFMIHCMDYGCCsGAQUFBzAF
hipyc3luYzovL3Jwa2ljYS50d25pYy50dy9ycGtpL1RXTklDQ0EvR0NNTS8wVQYI
KwYBBQUHMAqGSXJzeW5jOi8vcnBraWNhLnR3bmljLnR3L3Jwa2kvVFdOSUNDQS9H
Q01NL2dKTDJGT0R2ZFRsUWwtaVdScHZJdDdNWjJGSS5tZnQwMQYIKwYBBQUHMA2G
JWh0dHBzOi8vcnJkcC50d25pYy50dy9ycmRwL25vdGlmeS54bWwwIAYIKwYBBQUH
AQcBAf8EETAPMA0EAgACMAcDBQAkA7HAMA0GCSqGSIb3DQEBCwUAA4IBAQBSjqtK
IRGDiLRBqsc6gVpRqp177diA8boyNqAN/qxDmM2gw1kIZsyiRRWPeX3ap/DO7xvJ
5EaNqdMlhn+zS+mV5AMe9RT97Os1pPOmJCU5F+JmLt8qnoVhS8kqsGAy+8WQ/tqR
MuR8xqTv1nF3k+Z5S4eOBf2G1qL3yuDNvOSsnpK8NAAwqgjfmAy9SBXJlbk2c+xF
hsYpj7Tfmz3eGndlLtZ39gjA8TisCTCY0bOnWjLBt9JCqa6AKj6bpaUaNmggHedR
MSVQfHxu+12qMSkP93OTmCYLK+uenJ97B/Rk4Nnwl24dE5x4qBIXFfU/7gCHCaoZ
ShMVibFqZ6g0wI+F
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:05:07 2024 by rpki-client on console-fra.rpki-client.org