$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143965.roa File: AS143965.roa (raw, json) Hash identifier: G9cbCU8fW7aZQ1eGtRwun1+79Kaf0KzFjxGYh8xrYdg= Subject key identifier: D5:13:7C:0C:3F:AE:71:05:8F:81:70:0D:D1:CF:23:D1:A2:F7:85:D4 Certificate issuer: /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA Certificate serial: 3E8DD552AE7C475F15FA203989A773DADF2EB23E Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer Subject info access: rsync://rpki.cernet.net/repo/cernet/0/AS143965.roa Signing time: Wed 04 Mar 2026 06:13:40 +0000 ROA not before: Wed 04 Mar 2026 06:08:40 +0000 ROA not after: Wed 03 Mar 2027 06:13:40 +0000 asID: 143965 IP address blocks: 240a:a523::/32 maxlen: 32 Validation: OK Signature path: rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer Signature path expires: Sat 28 Mar 2026 22:54:33 +0000 Certificate: Data: Version: 3 (0x2) Serial Number: 3e:8d:d5:52:ae:7c:47:5f:15:fa:20:39:89:a7:73:da:df:2e:b2:3e Signature Algorithm: sha256WithRSAEncryption Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA Validity Not Before: Mar 4 06:08:40 2026 GMT Not After : Mar 3 06:13:40 2027 GMT Subject: CN=D5137C0C3FAE71058F81700DD1CF23D1A2F785D4 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:cc:b5:8d:a0:c8:cb:4c:d9:23:50:af:1b:5f:d4: f7:7d:15:d2:65:78:a3:03:ec:b6:2c:80:8e:85:87: 93:0b:a6:45:28:ba:78:9d:33:3a:73:ad:72:1d:46: cc:0a:4b:ef:c1:71:c1:78:54:7e:47:83:c8:b8:14: cd:8a:47:4a:f9:20:21:1e:cb:8d:40:cb:42:ac:57: b1:6f:f7:36:21:b8:80:ab:6a:27:11:ed:fe:0a:ef: bd:d8:bd:3f:10:30:37:40:6e:2a:01:58:1f:62:0a: cc:1b:dd:82:dd:9b:e1:c4:ba:ca:c7:d6:8e:e5:9c: c9:f2:7a:19:85:ed:37:95:f9:6e:a2:56:ee:fb:57: 3a:be:3b:9b:b1:be:a8:c2:47:dd:76:a7:6f:7b:dc: 3d:bc:5f:a9:52:d5:c0:14:d2:7d:34:d2:2a:ae:bc: 76:cc:f6:5f:6d:33:2d:7b:ea:16:57:01:96:9f:c5: 30:c5:ae:1a:2b:7c:67:58:c6:98:85:a0:63:fd:bd: 87:a4:a1:89:5c:4a:20:14:f3:f9:73:9a:86:c3:12: 6d:63:26:c5:ec:97:16:51:33:fd:b5:a6:d9:c2:b9: 7d:c8:60:71:24:80:c2:ed:c8:fe:25:d6:9a:7b:5f: 5e:44:bb:6b:c3:77:52:78:24:d4:8c:56:b9:32:34: 64:c7 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: D5:13:7C:0C:3F:AE:71:05:8F:81:70:0D:D1:CF:23:D1:A2:F7:85:D4 X509v3 Authority Key Identifier: keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA X509v3 Key Usage: critical Digital Signature X509v3 CRL Distribution Points: Full Name: URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl Authority Information Access: CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer Subject Information Access: Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143965.roa X509v3 Certificate Policies: critical Policy: ipAddr-asNumber sbgp-ipAddrBlock: critical IPv6: 240a:a523::/32 Signature Algorithm: sha256WithRSAEncryption 6d:d2:bb:62:e2:79:d0:04:6c:7d:70:c5:25:e8:d0:97:b1:d5: e9:45:ac:21:f4:56:5d:af:12:d6:f0:f1:a5:89:4e:98:0c:9c: 91:02:59:7b:62:5c:16:24:33:e5:3e:a2:a4:3d:06:bc:cd:d0: 3d:d7:44:7f:59:60:26:56:40:92:bc:ee:88:2d:a5:c6:e6:14: a4:db:d1:22:84:4a:8a:5a:45:37:c8:95:f4:6a:67:80:9c:b5: 41:7d:40:3d:be:e0:77:39:a8:a4:26:27:a6:dc:55:82:f3:67: 6d:1d:b6:34:07:3b:7c:a4:3f:9d:40:9e:64:6a:b0:c6:3e:17: bf:5e:fc:32:ca:9c:f9:e8:6d:ec:29:15:69:c2:61:20:fc:84: c9:62:70:a0:de:10:7a:be:2d:7a:9a:7d:49:b6:68:15:4b:77: 9e:79:e5:39:5e:47:79:cb:c6:1e:11:6a:e6:50:89:f5:08:4d: ed:50:75:9a:56:e6:05:b6:5f:b9:33:c2:16:41:34:64:da:ed: d6:9d:d6:36:5f:42:a0:64:c7:2f:bc:2f:42:bc:09:91:ff:1c: 7e:a2:42:b7:42:b7:01:79:3b:b0:a2:e4:3a:b2:75:8b:4d:86: 64:3f:42:35:c3:b2:6b:72:d2:7c:c8:34:96:cb:c9:f2:ed:e8: 1d:69:79:30 -----BEGIN CERTIFICATE----- MIIE0jCCA7qgAwIBAgIUPo3VUq58R18V+iA5iadz2t8usj4wDQYJKoZIhvcNAQEL BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4 NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDg0MFoX DTI3MDMwMzA2MTM0MFowMzExMC8GA1UEAxMoRDUxMzdDMEMzRkFFNzEwNThGODE3 MDBERDFDRjIzRDFBMkY3ODVENDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC ggEBAMy1jaDIy0zZI1CvG1/U930V0mV4owPstiyAjoWHkwumRSi6eJ0zOnOtch1G zApL78FxwXhUfkeDyLgUzYpHSvkgIR7LjUDLQqxXsW/3NiG4gKtqJxHt/grvvdi9 PxAwN0BuKgFYH2IKzBvdgt2b4cS6ysfWjuWcyfJ6GYXtN5X5bqJW7vtXOr47m7G+ qMJH3Xanb3vcPbxfqVLVwBTSfTTSKq68dsz2X20zLXvqFlcBlp/FMMWuGit8Z1jG mIWgY/29h6ShiVxKIBTz+XOahsMSbWMmxeyXFlEz/bWm2cK5fchgcSSAwu3I/iXW mntfXkS7a8N3Ungk1IxWuTI0ZMcCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBTVE3wM P65xBY+BcA3RzyPRoveF1DAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2 MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0Mzk2NS5yb2EwGAYDVR0gAQH/ BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK pSMwDQYJKoZIhvcNAQELBQADggEBAG3Su2LiedAEbH1wxSXo0Jex1elFrCH0Vl2v Etbw8aWJTpgMnJECWXtiXBYkM+U+oqQ9BrzN0D3XRH9ZYCZWQJK87ogtpcbmFKTb 0SKESopaRTfIlfRqZ4CctUF9QD2+4Hc5qKQmJ6bcVYLzZ20dtjQHO3ykP51AnmRq sMY+F79e/DLKnPnobewpFWnCYSD8hMlicKDeEHq+LXqafUm2aBVLd5555TleR3nL xh4RauZQifUITe1QdZpW5gW2X7kzwhZBNGTa7dad1jZfQqBkxy+8L0K8CZH/HH6i QrdCtwF5O7Ci5DqydYtNhmQ/QjXDsmty0nzINJbLyfLt6B1peTA= -----END CERTIFICATE-----Generated at Sat Mar 28 14:30:44 2026 by rpki-client