$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143986.roa File: AS143986.roa (raw, json) Hash identifier: DXt1OOySLoemQZEHTtFZA6V0U6WXQe9tcocHEaSTwPA= Subject key identifier: D7:A3:FE:B5:47:8C:A8:D6:8F:A8:1D:02:21:99:A9:2C:F2:3F:E3:4B Certificate issuer: /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA Certificate serial: 13A8E77B8D9C26B494FF2204F4493A040CA34109 Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer Subject info access: rsync://rpki.cernet.net/repo/cernet/0/AS143986.roa Signing time: Wed 04 Mar 2026 06:13:02 +0000 ROA not before: Wed 04 Mar 2026 06:08:02 +0000 ROA not after: Wed 03 Mar 2027 06:13:02 +0000 asID: 143986 IP address blocks: 240a:a538::/32 maxlen: 32 Validation: OK Signature path: rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer Signature path expires: Sat 28 Mar 2026 22:54:33 +0000 Certificate: Data: Version: 3 (0x2) Serial Number: 13:a8:e7:7b:8d:9c:26:b4:94:ff:22:04:f4:49:3a:04:0c:a3:41:09 Signature Algorithm: sha256WithRSAEncryption Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA Validity Not Before: Mar 4 06:08:02 2026 GMT Not After : Mar 3 06:13:02 2027 GMT Subject: CN=D7A3FEB5478CA8D68FA81D022199A92CF23FE34B Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:bc:fb:d7:41:a2:75:16:4d:23:b0:0c:74:75:f2: d4:a7:ff:a2:d9:6a:0a:91:98:b4:b6:c9:83:8f:89: 57:39:27:88:8d:fa:b7:82:03:0f:51:99:08:77:34: 94:c1:6b:0c:c8:5c:52:21:1f:8d:2e:1f:41:19:15: 3a:f8:a2:6c:b0:94:6f:39:8c:67:ab:ad:12:65:3e: 27:4a:ff:8c:d5:b9:ca:14:2e:cd:71:13:70:f7:7e: 13:c2:65:7d:36:f3:e0:7d:43:8f:0d:0a:62:c7:97: 9f:66:e4:f0:0c:ea:4c:48:ac:3e:de:b9:fb:9c:64: 2b:e4:50:31:ab:39:97:69:0c:c0:a9:07:7c:ac:b7: e8:2e:ce:c6:be:62:b3:ab:6c:be:6a:bb:82:a2:34: 6f:2b:c1:26:7b:5d:97:5b:10:ef:fd:6f:04:f4:1d: 98:16:47:bc:9c:68:87:ca:5a:52:ec:4b:49:27:cf: 6f:fa:15:9f:d9:69:73:9a:b4:76:35:e2:a0:1c:d3: 8f:36:43:08:0e:50:a3:53:6e:f4:f7:df:53:c3:da: 4b:fe:f0:3a:34:0b:79:ef:86:f8:23:b6:95:18:80: 2e:28:89:6b:2f:a9:c9:89:76:5a:60:81:ba:b9:57: 67:7a:88:f6:75:c1:50:c1:c4:25:2c:2b:a9:d4:b7: 87:0b Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: D7:A3:FE:B5:47:8C:A8:D6:8F:A8:1D:02:21:99:A9:2C:F2:3F:E3:4B X509v3 Authority Key Identifier: keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA X509v3 Key Usage: critical Digital Signature X509v3 CRL Distribution Points: Full Name: URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl Authority Information Access: CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer Subject Information Access: Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143986.roa X509v3 Certificate Policies: critical Policy: ipAddr-asNumber sbgp-ipAddrBlock: critical IPv6: 240a:a538::/32 Signature Algorithm: sha256WithRSAEncryption 36:02:22:83:2f:74:fd:b7:e0:e9:01:c2:63:e4:99:b8:c6:35: 08:99:82:bf:44:f2:3a:6f:54:d8:ef:02:56:17:e6:07:d8:6c: 0e:89:c7:29:26:29:01:d0:6b:42:56:68:dd:0a:c5:a2:1a:4e: bf:35:c6:81:47:81:1f:9d:8f:d4:18:ed:fb:8f:e9:2f:a1:a4: 73:c3:f7:a3:4b:3f:8a:56:70:93:08:94:2e:c5:44:2f:13:74: 9b:ed:90:e8:40:1a:7d:2d:a9:7a:f8:dc:ec:ba:dd:cc:df:66: 7a:c2:69:54:f5:c8:07:cf:0c:56:75:d4:5c:a5:7e:eb:ba:ad: b1:6d:b2:02:86:c8:97:fe:8f:0e:d0:36:d3:bb:1b:c4:3d:c5: c4:58:66:e5:67:7d:13:d6:bc:29:62:f5:ae:ac:db:89:e6:8d: 7a:ca:ab:b3:25:2f:7e:1c:81:35:75:f5:c1:e5:c5:26:f6:30: a5:46:1d:53:f0:b7:44:9d:bd:5f:23:a2:80:3a:50:da:b0:9a: 19:83:c9:f5:f7:9d:cd:16:bf:e4:4d:87:55:49:d7:f5:d2:06: 94:ce:ef:d9:4b:6f:e4:9d:cc:f7:8c:ea:f8:d3:bc:e1:b2:48: b2:f3:8f:60:9d:60:eb:0b:2b:b8:f4:58:a9:d4:c2:52:e4:b0: 29:fe:ed:ad -----BEGIN CERTIFICATE----- MIIE0jCCA7qgAwIBAgIUE6jne42cJrSU/yIE9Ek6BAyjQQkwDQYJKoZIhvcNAQEL BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4 NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDgwMloX DTI3MDMwMzA2MTMwMlowMzExMC8GA1UEAxMoRDdBM0ZFQjU0NzhDQThENjhGQTgx RDAyMjE5OUE5MkNGMjNGRTM0QjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC ggEBALz710GidRZNI7AMdHXy1Kf/otlqCpGYtLbJg4+JVzkniI36t4IDD1GZCHc0 lMFrDMhcUiEfjS4fQRkVOviibLCUbzmMZ6utEmU+J0r/jNW5yhQuzXETcPd+E8Jl fTbz4H1Djw0KYseXn2bk8AzqTEisPt65+5xkK+RQMas5l2kMwKkHfKy36C7Oxr5i s6tsvmq7gqI0byvBJntdl1sQ7/1vBPQdmBZHvJxoh8paUuxLSSfPb/oVn9lpc5q0 djXioBzTjzZDCA5Qo1Nu9PffU8PaS/7wOjQLee+G+CO2lRiALiiJay+pyYl2WmCB urlXZ3qI9nXBUMHEJSwrqdS3hwsCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBTXo/61 R4yo1o+oHQIhmaks8j/jSzAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2 MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0Mzk4Ni5yb2EwGAYDVR0gAQH/ BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK pTgwDQYJKoZIhvcNAQELBQADggEBADYCIoMvdP234OkBwmPkmbjGNQiZgr9E8jpv VNjvAlYX5gfYbA6JxykmKQHQa0JWaN0KxaIaTr81xoFHgR+dj9QY7fuP6S+hpHPD 96NLP4pWcJMIlC7FRC8TdJvtkOhAGn0tqXr43Oy63czfZnrCaVT1yAfPDFZ11Fyl fuu6rbFtsgKGyJf+jw7QNtO7G8Q9xcRYZuVnfRPWvCli9a6s24nmjXrKq7MlL34c gTV19cHlxSb2MKVGHVPwt0SdvV8jooA6UNqwmhmDyfX3nc0Wv+RNh1VJ1/XSBpTO 79lLb+SdzPeM6vjTvOGySLLzj2CdYOsLK7j0WKnUwlLksCn+7a0= -----END CERTIFICATE-----Generated at Sat Mar 28 11:41:45 2026 by rpki-client