Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143018.roa
File:                     AS143018.roa (raw, json)
Hash identifier:          PHJXjTurMBFHhiPVegsgAFFaln1tRxoslVXlnR2LOmk=
Subject key identifier:   A7:93:EE:7F:19:B3:11:32:C1:3D:FE:D9:67:A0:42:52:8E:5D:4A:7C
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       6FD05797498008F67B1EF43A1CBB24F7E770D877
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143018.roa
Signing time:             Wed 04 Mar 2026 06:07:37 +0000
ROA not before:           Wed 04 Mar 2026 06:02:37 +0000
ROA not after:            Wed 03 Mar 2027 06:07:37 +0000
asID:                     143018
IP address blocks:        240a:a170::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6f:d0:57:97:49:80:08:f6:7b:1e:f4:3a:1c:bb:24:f7:e7:70:d8:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:02:37 2026 GMT
            Not After : Mar  3 06:07:37 2027 GMT
        Subject: CN=A793EE7F19B31132C13DFED967A042528E5D4A7C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:68:67:ec:19:d7:30:7f:82:9c:f4:84:e9:b3:
                    41:f0:db:46:05:fb:52:3b:3c:f7:60:0f:45:d6:eb:
                    b4:98:0a:f5:75:da:32:39:86:ab:69:fa:3e:83:ca:
                    eb:98:9d:b3:a0:5a:43:65:7d:d4:4d:7e:ac:0a:3e:
                    69:a1:4c:9e:d2:28:06:02:89:35:19:b1:6d:b4:1e:
                    fa:ee:4c:6c:6d:61:60:b5:23:9a:f2:bf:18:23:d4:
                    96:91:5f:a6:47:f1:af:c9:2a:55:67:fe:3f:67:4b:
                    fe:e1:bb:87:7e:5f:56:36:6f:11:2f:bb:d4:b3:50:
                    c2:3f:65:20:13:32:c0:6b:c8:8a:11:05:07:99:74:
                    4e:58:27:04:14:37:a0:91:50:fd:8f:a0:ed:ac:f3:
                    7e:aa:d0:99:6d:fe:8e:3b:99:a6:31:47:e8:94:1f:
                    32:f5:4d:9b:40:c7:20:0a:9f:a7:c3:0f:7d:f0:19:
                    0a:23:09:4b:fa:b2:fb:6d:13:f8:ea:96:5d:3b:83:
                    de:3b:37:98:47:3a:cd:b4:fa:24:77:6e:9e:6b:b8:
                    24:98:4a:49:29:4b:49:ac:2c:b9:a3:59:3b:64:a9:
                    0e:aa:7c:95:a0:e1:e9:12:f4:43:62:48:09:47:7c:
                    d6:34:d0:d3:bd:35:9b:50:ec:49:da:99:a1:c4:6f:
                    43:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:93:EE:7F:19:B3:11:32:C1:3D:FE:D9:67:A0:42:52:8E:5D:4A:7C
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143018.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a170::/32

    Signature Algorithm: sha256WithRSAEncryption
         b3:1b:b8:f4:21:79:d8:ef:9a:15:ef:e7:66:96:e6:3b:2d:a8:
         11:e5:ea:e0:c7:51:ac:0a:d4:b7:f9:b3:d9:8e:56:0d:cc:9b:
         37:99:f2:0f:cc:2d:90:ce:7d:9d:f4:b7:95:99:69:d4:d7:fa:
         03:af:88:0c:33:41:97:e4:67:f6:12:26:60:24:ff:81:97:15:
         5c:3d:1a:1c:bb:90:33:50:ba:92:2c:53:e9:b8:61:23:1c:54:
         14:2a:b3:62:9c:8d:d3:06:e3:34:0f:8d:55:40:71:e7:f1:d0:
         7d:51:58:95:70:6e:82:e9:e0:5b:88:f2:1b:52:d1:67:30:0b:
         b4:f1:cf:03:41:ef:d5:4a:c1:eb:5b:8c:9c:ae:79:14:07:0b:
         59:db:ec:35:eb:fa:ca:e8:fe:a9:40:63:64:d1:44:2f:5d:61:
         8b:8e:3a:f1:b4:b7:31:63:49:c8:3a:15:25:46:29:f3:eb:c5:
         db:a7:2a:a8:66:5c:0f:63:5e:9f:72:ec:88:b4:61:ff:74:39:
         e8:5b:a5:f0:92:49:6b:8c:3e:f2:ff:6d:8f:81:d4:66:39:a8:
         0c:6d:1d:58:82:55:30:d7:84:97:d4:4b:b4:d8:62:bc:84:e5:
         b0:8d:bb:bc:76:4d:c0:ae:8d:cb:11:1a:f9:a7:c2:f3:df:1d:
         a4:c3:fc:c3
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUb9BXl0mACPZ7HvQ6HLsk9+dw2HcwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDIzN1oX
DTI3MDMwMzA2MDczN1owMzExMC8GA1UEAxMoQTc5M0VFN0YxOUIzMTEzMkMxM0RG
RUQ5NjdBMDQyNTI4RTVENEE3QzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOVoZ+wZ1zB/gpz0hOmzQfDbRgX7Ujs892APRdbrtJgK9XXaMjmGq2n6PoPK
65ids6BaQ2V91E1+rAo+aaFMntIoBgKJNRmxbbQe+u5MbG1hYLUjmvK/GCPUlpFf
pkfxr8kqVWf+P2dL/uG7h35fVjZvES+71LNQwj9lIBMywGvIihEFB5l0TlgnBBQ3
oJFQ/Y+g7azzfqrQmW3+jjuZpjFH6JQfMvVNm0DHIAqfp8MPffAZCiMJS/qy+20T
+OqWXTuD3js3mEc6zbT6JHdunmu4JJhKSSlLSawsuaNZO2SpDqp8laDh6RL0Q2JI
CUd81jTQ0701m1DsSdqZocRvQ6MCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBSnk+5/
GbMRMsE9/tlnoEJSjl1KfDAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MzAxOC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
oXAwDQYJKoZIhvcNAQELBQADggEBALMbuPQhedjvmhXv52aW5jstqBHl6uDHUawK
1Lf5s9mOVg3MmzeZ8g/MLZDOfZ30t5WZadTX+gOviAwzQZfkZ/YSJmAk/4GXFVw9
Ghy7kDNQupIsU+m4YSMcVBQqs2KcjdMG4zQPjVVAcefx0H1RWJVwboLp4FuI8htS
0WcwC7TxzwNB79VKwetbjJyueRQHC1nb7DXr+sro/qlAY2TRRC9dYYuOOvG0tzFj
Scg6FSVGKfPrxdunKqhmXA9jXp9y7Ii0Yf90OehbpfCSSWuMPvL/bY+B1GY5qAxt
HViCVTDXhJfUS7TYYryE5bCNu7x2TcCujcsRGvmnwvPfHaTD/MM=
-----END CERTIFICATE-----