$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143898.roa File: AS143898.roa (raw, json) Hash identifier: OPIxBCRQVEW60cwETXrVpdDT+w6SPe2HOQ/Pq5Bzss4= Subject key identifier: BA:DD:ED:F6:56:2C:39:BB:50:EA:08:F7:31:E4:C9:D0:02:0A:D0:96 Certificate issuer: /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA Certificate serial: 0FAE0CA7C67901825C0BED06F18B6DF894D8D0DB Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer Subject info access: rsync://rpki.cernet.net/repo/cernet/0/AS143898.roa Signing time: Wed 04 Mar 2026 06:13:36 +0000 ROA not before: Wed 04 Mar 2026 06:08:36 +0000 ROA not after: Wed 03 Mar 2027 06:13:36 +0000 asID: 143898 IP address blocks: 240a:a4e0::/32 maxlen: 32 Validation: OK Signature path: rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer Signature path expires: Sat 28 Mar 2026 22:54:33 +0000 Certificate: Data: Version: 3 (0x2) Serial Number: 0f:ae:0c:a7:c6:79:01:82:5c:0b:ed:06:f1:8b:6d:f8:94:d8:d0:db Signature Algorithm: sha256WithRSAEncryption Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA Validity Not Before: Mar 4 06:08:36 2026 GMT Not After : Mar 3 06:13:36 2027 GMT Subject: CN=BADDEDF6562C39BB50EA08F731E4C9D0020AD096 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:a1:f3:84:7d:de:7c:ab:b4:7f:cd:4a:37:06:19: ff:c2:f3:a2:0f:78:91:84:2d:cd:53:78:17:3d:0d: 1e:75:85:d6:a2:4c:ba:8f:fc:e7:d9:cb:f2:c4:e5: 46:58:17:a5:f5:0b:29:7a:32:e2:3f:ab:03:3f:03: 19:78:f0:4a:ec:99:3d:58:01:cc:23:08:1d:7f:40: 66:3e:55:76:30:71:e5:2b:40:a7:f5:07:6a:8b:17: 91:36:34:a5:ea:b6:3f:b4:22:7f:cc:d9:29:0c:e5: 9c:f3:47:98:8a:13:f5:69:fc:6b:b6:f6:fe:f3:29: 2b:37:f1:76:88:92:22:e6:12:99:f6:4a:98:67:37: d6:fd:b1:2b:94:e9:2e:09:23:8a:78:64:79:f2:7a: 85:b9:4b:ba:bb:cb:e3:bc:d6:29:a6:6b:8b:2d:b0: 54:49:69:bb:54:b2:06:d5:e8:78:6b:05:05:6e:3f: cf:d8:70:f7:50:6d:89:41:09:9f:92:0d:b5:ba:70: a2:aa:47:fb:dd:18:db:b4:a3:4b:fb:21:37:6d:57: 94:86:7c:2c:9b:1f:68:40:10:3f:7f:f3:34:ae:5e: 6c:2c:b5:53:45:32:47:fb:65:21:90:61:a9:49:9d: d9:73:d1:89:30:06:1c:07:50:1c:4c:89:98:8d:c5: 56:4f Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: BA:DD:ED:F6:56:2C:39:BB:50:EA:08:F7:31:E4:C9:D0:02:0A:D0:96 X509v3 Authority Key Identifier: keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA X509v3 Key Usage: critical Digital Signature X509v3 CRL Distribution Points: Full Name: URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl Authority Information Access: CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer Subject Information Access: Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143898.roa X509v3 Certificate Policies: critical Policy: ipAddr-asNumber sbgp-ipAddrBlock: critical IPv6: 240a:a4e0::/32 Signature Algorithm: sha256WithRSAEncryption bf:e2:82:50:e1:37:3d:e6:63:cc:91:6b:b8:8d:82:2f:95:25: 29:72:39:9f:6a:58:ec:e3:2c:bd:06:cf:b9:70:66:27:eb:d7: 71:23:06:5a:cd:6c:f3:1a:78:51:76:b3:29:6b:5a:9d:e9:c4: 52:c8:57:a0:59:b4:0f:4b:42:0d:4e:a5:54:c4:f3:d0:76:52: 9e:d3:20:3f:51:a7:b1:5b:5c:48:5e:5a:a4:69:f4:4c:05:db: 43:ff:4d:9d:e8:50:6b:eb:d5:c1:78:44:0e:21:6a:61:c2:8d: f8:6b:62:9a:ce:62:d0:3d:38:25:d0:b5:cc:98:32:03:39:5a: 57:d4:08:b7:fd:4f:b4:e5:2b:55:a2:1a:11:4c:9e:d8:a6:d8: 0d:77:73:32:24:26:91:d5:81:8e:85:63:46:6d:30:37:cf:cd: 6d:1e:8f:8f:c0:54:1a:b4:49:67:b0:e2:a8:1e:64:78:69:f7: 1d:f7:5d:93:4d:59:8f:aa:37:76:50:80:7a:85:20:96:d2:f7: a5:75:c3:7d:6d:8c:f5:ce:ed:c9:4d:bf:c2:d1:f4:50:4a:5c: 61:9a:13:df:65:49:94:04:60:96:dd:a2:97:4f:0a:43:1d:11: 5c:b0:cd:a1:b1:4b:d7:72:2a:a7:24:56:72:75:9c:b1:03:8f: 81:2e:1c:14 -----BEGIN CERTIFICATE----- MIIE0jCCA7qgAwIBAgIUD64Mp8Z5AYJcC+0G8Ytt+JTY0NswDQYJKoZIhvcNAQEL BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4 NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDgzNloX DTI3MDMwMzA2MTMzNlowMzExMC8GA1UEAxMoQkFEREVERjY1NjJDMzlCQjUwRUEw OEY3MzFFNEM5RDAwMjBBRDA5NjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC ggEBAKHzhH3efKu0f81KNwYZ/8Lzog94kYQtzVN4Fz0NHnWF1qJMuo/859nL8sTl RlgXpfULKXoy4j+rAz8DGXjwSuyZPVgBzCMIHX9AZj5VdjBx5StAp/UHaosXkTY0 peq2P7Qif8zZKQzlnPNHmIoT9Wn8a7b2/vMpKzfxdoiSIuYSmfZKmGc31v2xK5Tp LgkjinhkefJ6hblLurvL47zWKaZriy2wVElpu1SyBtXoeGsFBW4/z9hw91BtiUEJ n5INtbpwoqpH+90Y27SjS/shN21XlIZ8LJsfaEAQP3/zNK5ebCy1U0UyR/tlIZBh qUmd2XPRiTAGHAdQHEyJmI3FVk8CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBS63e32 Viw5u1DqCPcx5MnQAgrQljAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2 MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0Mzg5OC5yb2EwGAYDVR0gAQH/ BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK pOAwDQYJKoZIhvcNAQELBQADggEBAL/iglDhNz3mY8yRa7iNgi+VJSlyOZ9qWOzj LL0Gz7lwZifr13EjBlrNbPMaeFF2sylrWp3pxFLIV6BZtA9LQg1OpVTE89B2Up7T ID9Rp7FbXEheWqRp9EwF20P/TZ3oUGvr1cF4RA4hamHCjfhrYprOYtA9OCXQtcyY MgM5WlfUCLf9T7TlK1WiGhFMntim2A13czIkJpHVgY6FY0ZtMDfPzW0ej4/AVBq0 SWew4qgeZHhp9x33XZNNWY+qN3ZQgHqFIJbS96V1w31tjPXO7clNv8LR9FBKXGGa E99lSZQEYJbdopdPCkMdEVywzaGxS9dyKqckVnJ1nLEDj4EuHBQ= -----END CERTIFICATE-----Generated at Sat Mar 28 11:44:49 2026 by rpki-client