$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143121.roa File: AS143121.roa (raw, json) Hash identifier: 0Nh5uOqcIDnBCs17K6ExMYqn6QdI3KrX77hiZPJ+mzY= Subject key identifier: 0A:56:DA:E8:97:FB:54:69:20:EA:BC:CF:E2:F4:7D:D7:68:51:E6:4A Certificate issuer: /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA Certificate serial: 6CED61EDB6B41A17A80E5E91618D7D9D5C2F8113 Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer Subject info access: rsync://rpki.cernet.net/repo/cernet/0/AS143121.roa Signing time: Wed 04 Mar 2026 06:05:31 +0000 ROA not before: Wed 04 Mar 2026 06:00:31 +0000 ROA not after: Wed 03 Mar 2027 06:05:31 +0000 asID: 143121 IP address blocks: 240a:a1d7::/32 maxlen: 32 Validation: OK Signature path: rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer Signature path expires: Sat 28 Mar 2026 22:54:33 +0000 Certificate: Data: Version: 3 (0x2) Serial Number: 6c:ed:61:ed:b6:b4:1a:17:a8:0e:5e:91:61:8d:7d:9d:5c:2f:81:13 Signature Algorithm: sha256WithRSAEncryption Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA Validity Not Before: Mar 4 06:00:31 2026 GMT Not After : Mar 3 06:05:31 2027 GMT Subject: CN=0A56DAE897FB546920EABCCFE2F47DD76851E64A Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:be:fd:43:ba:cd:07:ed:8a:78:8f:01:4f:e8:ad: b2:56:40:d0:9f:93:d0:a0:c4:26:5a:8e:47:3b:b1: 77:b8:f0:c0:2b:cb:99:7d:08:d6:ec:7a:d4:ec:22: 21:25:50:fe:ee:18:ed:88:e7:1e:a5:b3:eb:2c:1a: 01:1f:ce:f7:d3:65:92:81:ef:83:59:53:02:98:ad: 23:c8:26:9c:e3:58:6d:44:4a:68:1c:30:14:8f:80: e2:f2:33:cb:87:1f:ff:76:17:c6:d4:0d:99:80:73: bf:98:07:47:70:04:9d:26:0e:54:d9:17:2b:e6:e5: c3:4f:4d:31:07:e7:ba:d7:f8:a8:b6:d6:e8:16:5c: ca:75:8c:30:fd:88:08:96:68:9e:cb:02:de:94:d4: 0f:b1:e5:1c:9c:df:a9:bb:f9:3f:0f:98:af:95:93: 9d:d9:e7:fd:0e:eb:54:e4:8a:3d:99:0b:c4:c3:dd: 7e:b0:12:6d:b3:36:a1:9c:d9:66:37:a6:3f:36:64: c8:d1:c3:a6:d2:ab:9c:b2:b6:23:19:d2:c9:9e:00: 85:53:be:99:2e:07:24:1a:35:49:d0:9a:bd:a5:f6: 15:28:1c:ec:fc:8e:42:f8:7a:17:95:76:9c:15:58: c3:f1:16:fe:49:69:6b:2f:c0:bb:0c:ce:a6:42:80: 38:dd Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: 0A:56:DA:E8:97:FB:54:69:20:EA:BC:CF:E2:F4:7D:D7:68:51:E6:4A X509v3 Authority Key Identifier: keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA X509v3 Key Usage: critical Digital Signature X509v3 CRL Distribution Points: Full Name: URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl Authority Information Access: CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer Subject Information Access: Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143121.roa X509v3 Certificate Policies: critical Policy: ipAddr-asNumber sbgp-ipAddrBlock: critical IPv6: 240a:a1d7::/32 Signature Algorithm: sha256WithRSAEncryption 32:55:da:47:b9:a3:92:c1:e4:fa:0f:be:38:42:e9:00:49:16: d0:36:6e:5f:01:84:ab:28:50:2f:6e:ab:f4:cd:c9:ed:20:9b: 67:76:9a:7c:7f:b3:e9:71:7c:0a:40:ac:b4:b2:7f:3a:7d:59: 14:49:0b:c0:62:8a:8c:4b:49:b2:2c:16:33:13:39:32:cb:87: ed:07:27:13:26:47:5b:bc:4d:01:82:78:a9:d5:16:ce:e1:e2: 64:d1:4b:58:4b:e3:94:6a:12:de:a9:a8:36:8d:d6:7d:cb:34: fd:60:86:d4:07:12:84:c4:7e:83:bc:85:de:b4:ed:fe:86:8b: 1e:32:ed:09:e1:08:f4:da:c2:eb:4b:17:98:70:6a:67:9b:6c: 7d:df:62:68:44:d8:87:3e:5b:88:6a:d8:09:9d:64:85:77:8c: 47:3c:75:88:83:2b:8b:61:32:b0:23:c7:7d:08:e3:14:32:32: 88:40:58:c4:fd:fe:de:48:4c:b7:99:33:e5:b8:11:1b:54:db: 7b:e9:14:c5:3d:cf:e4:39:f8:38:f1:7b:0a:92:58:93:4c:3b: 50:8c:f5:9f:0a:f9:31:64:3b:0f:bb:85:6c:c4:78:87:9d:40: 53:8b:84:e1:d3:b9:e0:ad:47:e2:e9:34:61:97:3e:e0:ce:3d: a1:82:ff:a9 -----BEGIN CERTIFICATE----- MIIE0jCCA7qgAwIBAgIUbO1h7ba0GheoDl6RYY19nVwvgRMwDQYJKoZIhvcNAQEL BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4 NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDAzMVoX DTI3MDMwMzA2MDUzMVowMzExMC8GA1UEAxMoMEE1NkRBRTg5N0ZCNTQ2OTIwRUFC Q0NGRTJGNDdERDc2ODUxRTY0QTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC ggEBAL79Q7rNB+2KeI8BT+itslZA0J+T0KDEJlqORzuxd7jwwCvLmX0I1ux61Owi ISVQ/u4Y7YjnHqWz6ywaAR/O99NlkoHvg1lTApitI8gmnONYbURKaBwwFI+A4vIz y4cf/3YXxtQNmYBzv5gHR3AEnSYOVNkXK+blw09NMQfnutf4qLbW6BZcynWMMP2I CJZonssC3pTUD7HlHJzfqbv5Pw+Yr5WTndnn/Q7rVOSKPZkLxMPdfrASbbM2oZzZ ZjemPzZkyNHDptKrnLK2IxnSyZ4AhVO+mS4HJBo1SdCavaX2FSgc7PyOQvh6F5V2 nBVYw/EW/klpay/AuwzOpkKAON0CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQKVtro l/tUaSDqvM/i9H3XaFHmSjAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2 MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MzEyMS5yb2EwGAYDVR0gAQH/ BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK odcwDQYJKoZIhvcNAQELBQADggEBADJV2ke5o5LB5PoPvjhC6QBJFtA2bl8BhKso UC9uq/TNye0gm2d2mnx/s+lxfApArLSyfzp9WRRJC8BiioxLSbIsFjMTOTLLh+0H JxMmR1u8TQGCeKnVFs7h4mTRS1hL45RqEt6pqDaN1n3LNP1ghtQHEoTEfoO8hd60 7f6Gix4y7QnhCPTawutLF5hwamebbH3fYmhE2Ic+W4hq2AmdZIV3jEc8dYiDK4th MrAjx30I4xQyMohAWMT9/t5ITLeZM+W4ERtU23vpFMU9z+Q5+DjxewqSWJNMO1CM 9Z8K+TFkOw+7hWzEeIedQFOLhOHTueCtR+LpNGGXPuDOPaGC/6k= -----END CERTIFICATE-----Generated at Sat Mar 28 11:43:40 2026 by rpki-client