$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143620.roa File: AS143620.roa (raw, json) Hash identifier: CI/dbrw8UdlZxkympqGFG5NkH5gYENAHrbGTwfXboKc= Subject key identifier: B8:69:3C:61:C0:EF:8C:90:BB:1A:B8:E4:CA:6F:EE:CC:59:5D:1D:B0 Certificate issuer: /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA Certificate serial: 31D50BB5B2C86D92067E508FECAD9537BD4521F9 Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer Subject info access: rsync://rpki.cernet.net/repo/cernet/0/AS143620.roa Signing time: Wed 04 Mar 2026 06:14:53 +0000 ROA not before: Wed 04 Mar 2026 06:09:53 +0000 ROA not after: Wed 03 Mar 2027 06:14:53 +0000 asID: 143620 IP address blocks: 240a:a3ca::/32 maxlen: 32 Validation: OK Signature path: rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer Signature path expires: Sat 28 Mar 2026 22:54:33 +0000 Certificate: Data: Version: 3 (0x2) Serial Number: 31:d5:0b:b5:b2:c8:6d:92:06:7e:50:8f:ec:ad:95:37:bd:45:21:f9 Signature Algorithm: sha256WithRSAEncryption Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA Validity Not Before: Mar 4 06:09:53 2026 GMT Not After : Mar 3 06:14:53 2027 GMT Subject: CN=B8693C61C0EF8C90BB1AB8E4CA6FEECC595D1DB0 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:93:2b:02:3e:bb:fa:ba:15:0d:ff:d1:a5:ca:be: 09:1f:ab:5b:06:38:cf:38:fb:83:9f:7f:16:70:cb: 7a:c8:d5:94:76:4f:6a:2f:cb:98:2a:c4:ec:78:71: 6c:40:48:7c:c0:32:ee:14:fb:3b:8e:a1:d3:cc:01: a4:0f:41:40:c4:37:b2:18:c4:1d:e6:0b:5f:cd:8f: db:35:68:3b:7a:3e:92:fc:b4:bd:a6:86:7d:79:32: 3c:7b:4f:6e:50:1c:65:d0:fc:1c:ae:19:79:bb:fa: d0:71:58:0c:e2:8a:48:39:80:2a:70:3f:70:8e:c2: 85:a0:ef:fc:20:33:e8:af:f7:75:58:7a:a0:92:73: 99:61:25:9b:d2:40:48:f3:af:e7:0c:dc:15:c9:74: 52:a2:9b:25:c3:74:96:3d:72:f4:19:96:57:8d:15: b6:53:57:ff:fb:ff:7c:bd:7b:e1:b0:83:1c:de:0a: 36:11:7a:56:91:c4:e6:02:01:0e:aa:a0:1e:a4:d5: 79:e5:dd:17:a2:15:7f:6c:18:e2:4b:4c:aa:aa:18: e8:23:d6:84:b8:40:cf:c4:90:75:c0:81:8e:c6:bc: dc:4f:b8:00:1a:d4:69:12:4c:80:ad:6c:4d:32:2d: 5e:68:cf:2c:94:d1:37:c3:9f:77:c3:5a:68:bd:fd: 42:3b Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: B8:69:3C:61:C0:EF:8C:90:BB:1A:B8:E4:CA:6F:EE:CC:59:5D:1D:B0 X509v3 Authority Key Identifier: keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA X509v3 Key Usage: critical Digital Signature X509v3 CRL Distribution Points: Full Name: URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl Authority Information Access: CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer Subject Information Access: Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143620.roa X509v3 Certificate Policies: critical Policy: ipAddr-asNumber sbgp-ipAddrBlock: critical IPv6: 240a:a3ca::/32 Signature Algorithm: sha256WithRSAEncryption 07:24:8e:ed:b2:78:48:44:3b:22:01:14:5b:4d:01:8e:7b:e1: 68:22:51:9c:b9:be:92:88:30:a1:cd:77:31:dd:a8:6c:35:34: af:ab:17:89:53:63:bd:fa:5f:95:d1:bf:ec:77:0b:b1:69:a9: ca:5b:45:2d:97:92:21:d6:af:59:0d:04:d0:24:54:cd:c1:5f: 15:24:e5:fe:a6:4f:40:c5:71:ff:e1:19:81:80:73:ea:46:fc: 6e:8a:a5:14:36:1f:21:02:18:12:32:48:63:62:5e:e5:7b:79: 6a:06:72:c9:b1:2c:a2:53:4d:0f:e0:a5:f7:f1:4a:b0:f1:22: 2c:07:97:3e:a8:7b:2a:9a:51:77:2a:3b:d4:06:bc:78:98:1c: be:95:e9:5a:48:79:d8:59:3b:bc:16:74:06:6d:24:77:09:ce: 15:14:40:21:28:6a:26:dc:a4:6c:c4:4a:66:0b:5a:85:86:42: c0:f7:fb:56:0f:b1:09:ba:b4:c8:a2:45:f4:0e:e2:e6:11:d5: 97:8b:1d:db:eb:5c:b4:06:27:4a:4c:7f:7f:9b:ca:15:93:8e: 1c:77:a4:e5:52:81:2e:d5:b1:89:69:3b:a9:ec:7b:b7:0b:71: 43:52:41:8f:44:4c:f0:3b:af:43:bc:0c:1a:d2:07:95:7c:f3: 7a:6b:4e:59 -----BEGIN CERTIFICATE----- MIIE0jCCA7qgAwIBAgIUMdULtbLIbZIGflCP7K2VN71FIfkwDQYJKoZIhvcNAQEL BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4 NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDk1M1oX DTI3MDMwMzA2MTQ1M1owMzExMC8GA1UEAxMoQjg2OTNDNjFDMEVGOEM5MEJCMUFC OEU0Q0E2RkVFQ0M1OTVEMURCMDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC ggEBAJMrAj67+roVDf/Rpcq+CR+rWwY4zzj7g59/FnDLesjVlHZPai/LmCrE7Hhx bEBIfMAy7hT7O46h08wBpA9BQMQ3shjEHeYLX82P2zVoO3o+kvy0vaaGfXkyPHtP blAcZdD8HK4Zebv60HFYDOKKSDmAKnA/cI7ChaDv/CAz6K/3dVh6oJJzmWElm9JA SPOv5wzcFcl0UqKbJcN0lj1y9BmWV40VtlNX//v/fL174bCDHN4KNhF6VpHE5gIB DqqgHqTVeeXdF6IVf2wY4ktMqqoY6CPWhLhAz8SQdcCBjsa83E+4ABrUaRJMgK1s TTItXmjPLJTRN8Ofd8NaaL39QjsCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBS4aTxh wO+MkLsauOTKb+7MWV0dsDAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2 MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MzYyMC5yb2EwGAYDVR0gAQH/ BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK o8owDQYJKoZIhvcNAQELBQADggEBAAckju2yeEhEOyIBFFtNAY574WgiUZy5vpKI MKHNdzHdqGw1NK+rF4lTY736X5XRv+x3C7FpqcpbRS2XkiHWr1kNBNAkVM3BXxUk 5f6mT0DFcf/hGYGAc+pG/G6KpRQ2HyECGBIySGNiXuV7eWoGcsmxLKJTTQ/gpffx SrDxIiwHlz6oeyqaUXcqO9QGvHiYHL6V6VpIedhZO7wWdAZtJHcJzhUUQCEoaibc pGzESmYLWoWGQsD3+1YPsQm6tMiiRfQO4uYR1ZeLHdvrXLQGJ0pMf3+byhWTjhx3 pOVSgS7VsYlpO6nse7cLcUNSQY9ETPA7r0O8DBrSB5V883prTlk= -----END CERTIFICATE-----Generated at Sat Mar 28 11:42:29 2026 by rpki-client