$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143358.roa File: AS143358.roa (raw, json) Hash identifier: C29yjLJppSS74ItLCGuYjj1Ekq5jLyTmUm/Y9/3OzFY= Subject key identifier: DC:B6:D2:A5:89:DE:ED:B9:AF:09:B0:4D:28:01:5A:9E:C9:EB:0E:12 Certificate issuer: /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA Certificate serial: 0FA673AD4E771858E7EB0413842BE142D66735B7 Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer Subject info access: rsync://rpki.cernet.net/repo/cernet/0/AS143358.roa Signing time: Wed 04 Mar 2026 06:07:40 +0000 ROA not before: Wed 04 Mar 2026 06:02:40 +0000 ROA not after: Wed 03 Mar 2027 06:07:40 +0000 asID: 143358 IP address blocks: 240a:a2c4::/32 maxlen: 32 Validation: OK Signature path: rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer Signature path expires: Sat 28 Mar 2026 22:54:33 +0000 Certificate: Data: Version: 3 (0x2) Serial Number: 0f:a6:73:ad:4e:77:18:58:e7:eb:04:13:84:2b:e1:42:d6:67:35:b7 Signature Algorithm: sha256WithRSAEncryption Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA Validity Not Before: Mar 4 06:02:40 2026 GMT Not After : Mar 3 06:07:40 2027 GMT Subject: CN=DCB6D2A589DEEDB9AF09B04D28015A9EC9EB0E12 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:c2:d2:c0:27:f2:d1:fc:e9:62:72:33:57:c8:d5: 73:24:8c:8b:a4:00:17:c7:b9:17:44:d1:ff:4c:a0: f5:45:59:4b:e8:4a:41:de:aa:f4:f4:bd:0c:f7:c8: 9e:aa:5f:d6:7f:d2:05:5d:99:9f:e6:4f:dd:38:13: c6:78:9f:c5:4a:ad:c9:7e:82:bd:d1:41:d4:dc:d7: 33:5c:56:5d:15:c1:9b:af:40:b4:12:26:21:b8:ac: 35:a9:90:cb:22:6d:e9:82:56:a8:48:6b:a2:6e:bf: 39:fa:28:cb:8d:fd:67:96:5b:23:98:93:29:95:b6: 0f:bf:c2:2a:9a:e6:3f:84:ee:3f:25:2d:4c:40:a7: d3:6a:a4:9a:8b:e1:b3:e8:ba:15:ab:72:b0:fc:16: 9b:19:64:1b:60:2b:05:89:de:4d:85:0f:7a:26:b2: 8a:f1:46:f2:0a:e6:d8:c5:60:74:a4:3b:1e:87:0c: 51:97:b1:11:36:bb:41:41:99:5f:20:c6:70:c6:3e: 5a:16:66:7f:51:37:cb:0f:ff:c3:71:72:be:be:76: 01:24:a0:7e:43:81:97:ec:17:57:a4:ca:e9:d6:58: 6b:2d:e7:b5:ef:71:c5:6b:b7:c2:80:89:dc:55:73: 4f:14:7e:30:61:c6:97:dc:79:fd:86:a0:61:84:75: 25:09 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: DC:B6:D2:A5:89:DE:ED:B9:AF:09:B0:4D:28:01:5A:9E:C9:EB:0E:12 X509v3 Authority Key Identifier: keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA X509v3 Key Usage: critical Digital Signature X509v3 CRL Distribution Points: Full Name: URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl Authority Information Access: CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer Subject Information Access: Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143358.roa X509v3 Certificate Policies: critical Policy: ipAddr-asNumber sbgp-ipAddrBlock: critical IPv6: 240a:a2c4::/32 Signature Algorithm: sha256WithRSAEncryption 9f:05:5d:48:9c:13:cc:e6:54:91:c7:0a:33:bb:aa:4a:44:14: 2e:7b:5c:9d:04:d4:92:8a:65:b5:1f:1b:d4:2d:f1:ef:03:7e: 93:92:46:54:ff:c5:26:2b:bb:db:22:77:22:b5:14:1e:3b:7a: c9:17:68:bb:8b:95:a7:92:ea:74:d2:e0:1a:77:73:bd:e3:52: 1b:c5:d3:1b:ad:e0:c9:42:d2:28:96:41:7b:1d:a8:aa:64:0e: 6a:99:e3:79:f7:07:c3:cf:83:ad:4a:ce:2f:30:fa:55:d4:3d: 8f:f7:66:a5:38:f7:89:95:3a:bb:f4:f4:9e:37:9e:ca:01:d8: 43:d4:c6:4c:c0:db:e3:d2:81:4c:68:f1:fc:a6:e2:2f:85:d0: 70:25:28:9d:58:25:ba:12:ca:51:31:6f:86:7d:b2:c3:b7:fe: e5:e3:1a:dd:7d:dc:f1:51:96:a8:9a:db:db:63:02:b1:f6:ed: 0d:aa:94:d6:54:ea:fe:08:5e:ca:08:f6:1f:24:47:44:37:94: 1e:49:ba:bb:cd:02:75:56:86:a0:67:c7:86:9c:f1:6c:ea:68: f8:51:c2:1b:ce:9b:28:1c:79:6c:d0:c9:db:b4:5c:c4:43:4c: fb:90:a7:a7:01:47:20:10:bf:84:6a:01:e4:4b:9d:f6:05:a8: a6:39:a3:32 -----BEGIN CERTIFICATE----- MIIE0jCCA7qgAwIBAgIUD6ZzrU53GFjn6wQThCvhQtZnNbcwDQYJKoZIhvcNAQEL BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4 NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDI0MFoX DTI3MDMwMzA2MDc0MFowMzExMC8GA1UEAxMoRENCNkQyQTU4OURFRURCOUFGMDlC MDREMjgwMTVBOUVDOUVCMEUxMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC ggEBAMLSwCfy0fzpYnIzV8jVcySMi6QAF8e5F0TR/0yg9UVZS+hKQd6q9PS9DPfI nqpf1n/SBV2Zn+ZP3TgTxnifxUqtyX6CvdFB1NzXM1xWXRXBm69AtBImIbisNamQ yyJt6YJWqEhrom6/Ofooy439Z5ZbI5iTKZW2D7/CKprmP4TuPyUtTECn02qkmovh s+i6FatysPwWmxlkG2ArBYneTYUPeiayivFG8grm2MVgdKQ7HocMUZexETa7QUGZ XyDGcMY+WhZmf1E3yw//w3Fyvr52ASSgfkOBl+wXV6TK6dZYay3nte9xxWu3woCJ 3FVzTxR+MGHGl9x5/YagYYR1JQkCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBTcttKl id7tua8JsE0oAVqeyesOEjAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2 MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MzM1OC5yb2EwGAYDVR0gAQH/ BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK osQwDQYJKoZIhvcNAQELBQADggEBAJ8FXUicE8zmVJHHCjO7qkpEFC57XJ0E1JKK ZbUfG9Qt8e8DfpOSRlT/xSYru9sidyK1FB47eskXaLuLlaeS6nTS4Bp3c73jUhvF 0xut4MlC0iiWQXsdqKpkDmqZ43n3B8PPg61Kzi8w+lXUPY/3ZqU494mVOrv09J43 nsoB2EPUxkzA2+PSgUxo8fym4i+F0HAlKJ1YJboSylExb4Z9ssO3/uXjGt193PFR lqia29tjArH27Q2qlNZU6v4IXsoI9h8kR0Q3lB5JurvNAnVWhqBnx4ac8WzqaPhR whvOmygceWzQydu0XMRDTPuQp6cBRyAQv4RqAeRLnfYFqKY5ozI= -----END CERTIFICATE-----Generated at Sat Mar 28 13:14:18 2026 by rpki-client