$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143509.roa File: AS143509.roa (raw, json) Hash identifier: Va0bAyDlb4JmRRYVOasMMU0vE57dEZnRaqRZmjJ3MNk= Subject key identifier: 33:CC:0D:54:A6:F6:BC:EF:7C:5C:D3:EE:24:75:B3:58:4D:23:6E:CA Certificate issuer: /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA Certificate serial: 2E8CC9217338D92F68A96FA05E99B009133C6CDE Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer Subject info access: rsync://rpki.cernet.net/repo/cernet/0/AS143509.roa Signing time: Wed 04 Mar 2026 06:13:17 +0000 ROA not before: Wed 04 Mar 2026 06:08:17 +0000 ROA not after: Wed 03 Mar 2027 06:13:17 +0000 asID: 143509 IP address blocks: 240a:a35b::/32 maxlen: 32 Validation: OK Signature path: rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer Signature path expires: Sat 28 Mar 2026 22:54:33 +0000 Certificate: Data: Version: 3 (0x2) Serial Number: 2e:8c:c9:21:73:38:d9:2f:68:a9:6f:a0:5e:99:b0:09:13:3c:6c:de Signature Algorithm: sha256WithRSAEncryption Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA Validity Not Before: Mar 4 06:08:17 2026 GMT Not After : Mar 3 06:13:17 2027 GMT Subject: CN=33CC0D54A6F6BCEF7C5CD3EE2475B3584D236ECA Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:c6:31:54:91:84:71:b2:d3:c8:ba:b0:cd:e0:1e: 56:59:be:92:ff:0a:52:d4:c7:17:ff:22:ce:c8:aa: aa:34:2a:3a:6c:8e:e2:df:82:c6:e4:c1:93:2d:b7: da:9a:96:22:6a:dc:75:d4:0b:64:1b:8f:72:ae:af: 90:1b:cb:11:17:f5:77:3f:d1:f0:19:4e:e4:f9:a3: 2e:b1:f6:b5:db:3e:0a:0f:69:c5:fe:a4:eb:40:b7: 42:a5:77:9e:d5:57:9c:17:c5:70:ac:91:b5:7f:0d: 00:0d:fa:de:58:f0:cf:31:c9:58:5b:26:2d:46:06: 8f:94:57:52:b4:b6:15:dd:5d:e1:e8:46:ed:fe:ca: 94:31:74:5a:23:9e:11:5b:2f:1d:ab:7d:ab:70:24: 15:f0:93:1f:81:c3:8f:88:f4:5f:8c:af:1d:c1:ef: 91:dc:d3:30:00:7a:bb:9c:bc:2e:c3:fa:9a:f2:6c: 26:68:24:d5:42:58:8b:6e:01:70:47:d7:06:c9:0c: b2:a1:2d:cb:dd:1d:9f:ad:0c:0d:b7:c9:0e:42:4a: 96:ae:1e:4d:c1:6d:2c:49:65:f4:03:88:a8:05:39: 9f:d7:0c:df:3c:73:fa:dc:6f:89:11:29:a7:01:4c: f0:d4:f6:5e:2e:d3:b6:c5:5d:a5:a4:a1:8f:a3:26: 37:73 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: 33:CC:0D:54:A6:F6:BC:EF:7C:5C:D3:EE:24:75:B3:58:4D:23:6E:CA X509v3 Authority Key Identifier: keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA X509v3 Key Usage: critical Digital Signature X509v3 CRL Distribution Points: Full Name: URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl Authority Information Access: CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer Subject Information Access: Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143509.roa X509v3 Certificate Policies: critical Policy: ipAddr-asNumber sbgp-ipAddrBlock: critical IPv6: 240a:a35b::/32 Signature Algorithm: sha256WithRSAEncryption a0:35:cc:f1:1e:57:91:85:e1:59:91:77:61:a7:cc:0a:c4:30: 74:9a:12:c2:f0:a9:55:cf:b4:86:36:ac:d7:37:c4:ef:92:15: 2e:a5:08:aa:36:b1:84:d1:8a:f3:a1:08:60:d6:aa:5f:4b:70: f6:45:ef:cf:9a:e6:3d:32:bd:62:ff:fb:4e:f7:d5:c8:fe:1a: 2a:ee:53:fe:ff:d7:af:ce:93:2e:b9:ec:a2:14:b8:b0:17:d0: 34:86:00:dc:2c:22:25:c9:21:68:4f:14:46:a0:44:2d:94:9d: da:fc:fd:83:82:d3:16:39:91:e3:9b:3a:e3:21:7d:1f:be:14: d6:8e:98:7e:29:38:58:3f:58:82:e4:00:14:ac:79:ce:a6:dc: 8d:ad:d4:1d:be:19:49:46:83:50:3e:72:f7:69:9b:2f:22:03: 74:64:b7:c6:db:9b:58:1a:f4:ea:df:67:c8:8c:4b:40:dd:75: 9e:a4:5f:29:a6:06:66:56:89:4e:12:6f:e3:8d:ca:19:9e:a4: 6b:b8:39:05:29:5f:94:79:5d:14:6a:b3:27:2b:11:c7:b0:34: 79:58:dc:75:96:53:c2:d6:d1:9f:13:f2:6b:c8:50:a9:da:aa: af:b8:f1:75:d3:f4:36:7d:4e:78:32:25:10:3f:86:9d:52:ed: 47:c8:57:12 -----BEGIN CERTIFICATE----- MIIE0jCCA7qgAwIBAgIULozJIXM42S9oqW+gXpmwCRM8bN4wDQYJKoZIhvcNAQEL BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4 NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDgxN1oX DTI3MDMwMzA2MTMxN1owMzExMC8GA1UEAxMoMzNDQzBENTRBNkY2QkNFRjdDNUNE M0VFMjQ3NUIzNTg0RDIzNkVDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC ggEBAMYxVJGEcbLTyLqwzeAeVlm+kv8KUtTHF/8izsiqqjQqOmyO4t+CxuTBky23 2pqWImrcddQLZBuPcq6vkBvLERf1dz/R8BlO5PmjLrH2tds+Cg9pxf6k60C3QqV3 ntVXnBfFcKyRtX8NAA363ljwzzHJWFsmLUYGj5RXUrS2Fd1d4ehG7f7KlDF0WiOe EVsvHat9q3AkFfCTH4HDj4j0X4yvHcHvkdzTMAB6u5y8LsP6mvJsJmgk1UJYi24B cEfXBskMsqEty90dn60MDbfJDkJKlq4eTcFtLEll9AOIqAU5n9cM3zxz+txviREp pwFM8NT2Xi7TtsVdpaShj6MmN3MCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQzzA1U pva873xc0+4kdbNYTSNuyjAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2 MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MzUwOS5yb2EwGAYDVR0gAQH/ BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK o1swDQYJKoZIhvcNAQELBQADggEBAKA1zPEeV5GF4VmRd2GnzArEMHSaEsLwqVXP tIY2rNc3xO+SFS6lCKo2sYTRivOhCGDWql9LcPZF78+a5j0yvWL/+0731cj+Giru U/7/16/Oky657KIUuLAX0DSGANwsIiXJIWhPFEagRC2Undr8/YOC0xY5keObOuMh fR++FNaOmH4pOFg/WILkABSsec6m3I2t1B2+GUlGg1A+cvdpmy8iA3Rkt8bbm1ga 9OrfZ8iMS0DddZ6kXymmBmZWiU4Sb+ONyhmepGu4OQUpX5R5XRRqsycrEcewNHlY 3HWWU8LW0Z8T8mvIUKnaqq+48XXT9DZ9TngyJRA/hp1S7UfIVxI= -----END CERTIFICATE-----Generated at Sat Mar 28 11:45:46 2026 by rpki-client