$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143125.roa File: AS143125.roa (raw, json) Hash identifier: 7a/LL9jXVznRygx+isQQjYRWFARVrySS7yPADWpheok= Subject key identifier: D9:B5:BB:5F:5E:38:31:50:B8:94:17:23:43:94:15:5B:7D:8A:CA:2B Certificate issuer: /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA Certificate serial: 35D827384AE2EC7B311924831927D97556E04B27 Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer Subject info access: rsync://rpki.cernet.net/repo/cernet/0/AS143125.roa Signing time: Wed 04 Mar 2026 06:07:38 +0000 ROA not before: Wed 04 Mar 2026 06:02:38 +0000 ROA not after: Wed 03 Mar 2027 06:07:38 +0000 asID: 143125 IP address blocks: 240a:a1db::/32 maxlen: 32 Validation: OK Signature path: rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer Signature path expires: Sat 28 Mar 2026 22:54:33 +0000 Certificate: Data: Version: 3 (0x2) Serial Number: 35:d8:27:38:4a:e2:ec:7b:31:19:24:83:19:27:d9:75:56:e0:4b:27 Signature Algorithm: sha256WithRSAEncryption Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA Validity Not Before: Mar 4 06:02:38 2026 GMT Not After : Mar 3 06:07:38 2027 GMT Subject: CN=D9B5BB5F5E383150B89417234394155B7D8ACA2B Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:a2:c2:00:58:d2:69:4d:fc:b5:e9:ec:20:f2:7c: a5:82:cd:9a:8f:80:1d:cd:9a:d7:5c:42:b4:de:ec: 90:0b:a9:cd:47:eb:aa:a4:31:30:d6:a2:1c:44:58: 8b:18:e5:7d:dd:bf:8a:f4:f6:29:32:07:7f:ec:d7: e9:f2:c5:6d:43:37:fd:3c:00:36:10:fe:59:89:ac: 78:86:6d:71:ab:b7:5e:72:6f:c5:d2:2d:0b:df:df: da:8e:27:7f:43:29:7d:cf:7b:82:6f:e8:68:00:92: 64:fa:e2:c2:fa:a1:5b:c9:08:1b:55:c1:d3:ba:10: 87:16:aa:62:3d:d7:4e:d0:d4:8a:34:e9:1f:60:cc: 77:f4:a9:a7:a5:6b:29:b7:df:62:ec:64:57:c3:3b: 0a:d1:7a:6a:5d:89:0a:32:61:ec:07:d7:b1:2e:e4: c2:31:c2:8f:19:89:c8:13:98:79:e7:53:d7:f3:21: 66:54:d3:a6:e5:fe:e8:39:46:b1:20:df:72:d9:dc: 67:ae:dc:21:c5:af:5b:56:59:03:07:1c:c5:f8:bc: a6:4f:aa:4f:92:9b:0d:5b:d9:35:42:9a:40:bb:3a: de:24:f4:6b:b5:61:07:80:46:f4:66:7c:fc:55:97: ac:45:66:8c:a6:13:b3:5b:3b:14:ca:d8:30:9b:1e: c9:ad Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: D9:B5:BB:5F:5E:38:31:50:B8:94:17:23:43:94:15:5B:7D:8A:CA:2B X509v3 Authority Key Identifier: keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA X509v3 Key Usage: critical Digital Signature X509v3 CRL Distribution Points: Full Name: URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl Authority Information Access: CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer Subject Information Access: Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143125.roa X509v3 Certificate Policies: critical Policy: ipAddr-asNumber sbgp-ipAddrBlock: critical IPv6: 240a:a1db::/32 Signature Algorithm: sha256WithRSAEncryption 06:49:7d:40:99:f3:8f:2d:b2:e2:68:36:78:05:a9:c2:f3:a3: 03:c1:14:b1:37:0c:33:4e:74:9b:24:ae:c0:0e:6f:dd:6e:50: f1:5f:db:76:89:ef:de:5a:52:3f:29:4f:21:46:f5:21:ec:6f: ff:65:b0:0a:ff:43:d7:93:67:46:f3:bb:56:20:16:24:dc:cf: 10:64:e2:c8:16:c5:ef:c0:3c:59:e2:4f:96:28:3e:1b:1f:ae: 04:8a:b8:80:c6:04:b0:55:d8:2d:6b:ec:95:15:f8:39:10:2c: af:f8:d6:3b:ff:fa:6a:76:b3:be:6b:3a:40:e8:27:b0:97:cb: 20:b4:43:44:f1:9d:20:a6:a8:a0:83:16:68:fd:ba:08:60:d9: d9:5e:88:54:62:4b:db:a0:0b:40:fa:3d:b4:4e:ac:a3:3f:37: 7e:b0:d5:ab:74:de:45:db:6a:96:2a:b2:e2:b6:73:9a:8e:1f: 67:80:7f:50:24:28:81:fc:60:13:65:20:e9:11:fb:bd:39:59: ce:0b:12:a5:ee:18:b9:2e:79:77:f1:f4:d4:29:d8:ec:98:df: 55:a2:47:69:7e:51:bb:25:78:f9:70:bd:1d:ad:30:a2:01:56: 41:9d:3c:cf:82:8f:bd:4d:4a:7b:f5:ed:9e:1a:2c:d2:f8:99: cc:8f:e8:9f -----BEGIN CERTIFICATE----- MIIE0jCCA7qgAwIBAgIUNdgnOEri7HsxGSSDGSfZdVbgSycwDQYJKoZIhvcNAQEL BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4 NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDIzOFoX DTI3MDMwMzA2MDczOFowMzExMC8GA1UEAxMoRDlCNUJCNUY1RTM4MzE1MEI4OTQx NzIzNDM5NDE1NUI3RDhBQ0EyQjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC ggEBAKLCAFjSaU38tensIPJ8pYLNmo+AHc2a11xCtN7skAupzUfrqqQxMNaiHERY ixjlfd2/ivT2KTIHf+zX6fLFbUM3/TwANhD+WYmseIZtcau3XnJvxdItC9/f2o4n f0Mpfc97gm/oaACSZPriwvqhW8kIG1XB07oQhxaqYj3XTtDUijTpH2DMd/Spp6Vr KbffYuxkV8M7CtF6al2JCjJh7AfXsS7kwjHCjxmJyBOYeedT1/MhZlTTpuX+6DlG sSDfctncZ67cIcWvW1ZZAwccxfi8pk+qT5KbDVvZNUKaQLs63iT0a7VhB4BG9GZ8 /FWXrEVmjKYTs1s7FMrYMJseya0CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBTZtbtf XjgxULiUFyNDlBVbfYrKKzAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2 MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MzEyNS5yb2EwGAYDVR0gAQH/ BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK odswDQYJKoZIhvcNAQELBQADggEBAAZJfUCZ848tsuJoNngFqcLzowPBFLE3DDNO dJskrsAOb91uUPFf23aJ795aUj8pTyFG9SHsb/9lsAr/Q9eTZ0bzu1YgFiTczxBk 4sgWxe/APFniT5YoPhsfrgSKuIDGBLBV2C1r7JUV+DkQLK/41jv/+mp2s75rOkDo J7CXyyC0Q0TxnSCmqKCDFmj9ughg2dleiFRiS9ugC0D6PbROrKM/N36w1at03kXb apYqsuK2c5qOH2eAf1AkKIH8YBNlIOkR+705Wc4LEqXuGLkueXfx9NQp2OyY31Wi R2l+UbslePlwvR2tMKIBVkGdPM+Cj71NSnv17Z4aLNL4mcyP6J8= -----END CERTIFICATE-----Generated at Sat Mar 28 14:31:32 2026 by rpki-client