Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143028.roa
File:                     AS143028.roa (raw, json)
Hash identifier:          f3KK9MhHPqGGHa3EQsQrfUMScktCWWBwQQC//zopBdg=
Subject key identifier:   3E:C4:F2:C1:96:C1:F8:32:0C:12:27:2F:BB:B3:4A:24:56:61:6F:77
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       7DBAF43C626CC1A63C19D8983CEAAC489E706539
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143028.roa
Signing time:             Wed 04 Mar 2026 06:06:06 +0000
ROA not before:           Wed 04 Mar 2026 06:01:06 +0000
ROA not after:            Wed 03 Mar 2027 06:06:06 +0000
asID:                     143028
IP address blocks:        240a:a17a::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:ba:f4:3c:62:6c:c1:a6:3c:19:d8:98:3c:ea:ac:48:9e:70:65:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:01:06 2026 GMT
            Not After : Mar  3 06:06:06 2027 GMT
        Subject: CN=3EC4F2C196C1F8320C12272FBBB34A2456616F77
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:af:a5:84:86:47:fe:3f:02:7c:56:15:96:5e:
                    ed:11:1b:67:8c:53:32:d3:a6:57:8f:58:e8:8c:f8:
                    87:c8:da:b8:f0:fd:85:0e:fa:8b:6b:2f:d7:14:6e:
                    8c:48:5e:fe:d7:4a:97:f0:8a:f0:29:d6:02:9a:31:
                    d2:04:9e:67:6a:a3:21:b7:91:c3:5b:8a:e3:22:9d:
                    40:4d:af:4c:45:81:d1:f8:36:ca:30:e8:63:70:2a:
                    85:d9:b4:65:a1:b9:c2:75:6e:42:07:ff:f1:22:46:
                    48:d2:2d:fe:2c:16:e1:ae:73:5e:2b:85:fd:b4:a1:
                    b4:f1:06:db:8c:6d:b9:a8:b5:58:11:35:31:3c:05:
                    6d:4d:58:bb:72:11:4d:4f:0f:5a:88:b7:2b:04:fb:
                    6f:0e:9a:ac:2c:3a:71:81:0f:c4:43:b8:10:c6:34:
                    ca:f2:9d:05:d0:27:66:f9:f8:c7:fd:b5:a8:34:8b:
                    5e:6f:53:0a:e4:5f:13:78:16:78:7c:c9:3f:92:5d:
                    16:c9:b5:7b:61:92:27:6f:1d:3c:15:40:80:4c:1f:
                    79:1b:4a:54:df:c1:5a:34:80:28:53:6c:24:63:20:
                    ac:01:9f:70:74:9a:b9:17:47:1f:f8:13:35:6a:65:
                    32:2f:bc:11:e1:7a:58:af:ef:9c:36:89:c7:46:9a:
                    e7:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:C4:F2:C1:96:C1:F8:32:0C:12:27:2F:BB:B3:4A:24:56:61:6F:77
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143028.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a17a::/32

    Signature Algorithm: sha256WithRSAEncryption
         b3:9b:97:00:e7:b8:30:ae:c6:2b:b3:bc:f1:5b:93:ab:e4:b2:
         95:00:14:e8:2c:76:9d:c0:9e:b3:74:23:11:53:6c:56:e1:d8:
         f0:39:ce:99:5d:47:cc:d4:e7:c4:43:87:80:5b:f7:72:c7:ca:
         98:0b:75:34:28:cf:c1:b6:18:5f:2e:00:94:91:f2:af:b1:16:
         6b:57:66:4f:4f:64:2f:7c:ae:b1:b5:ad:e5:a7:ed:73:3a:ac:
         5b:44:97:40:c6:d6:c6:f4:3c:ed:15:d8:71:0d:55:42:cd:42:
         52:a8:fe:41:21:a4:25:9e:51:d5:25:27:57:73:0f:79:2b:0a:
         a3:9d:4d:46:91:2d:72:28:55:1a:e3:d2:67:bc:ff:e7:c6:c2:
         2a:31:95:76:de:bb:01:f5:be:a6:c0:fa:79:94:f3:d8:31:e2:
         da:99:94:0f:72:d9:44:42:e1:87:06:7e:e3:f8:a7:78:23:30:
         cc:aa:91:61:e9:fd:49:98:93:fa:99:67:3d:05:16:0e:3c:01:
         56:ad:c3:14:3b:b0:32:fd:29:97:a3:37:86:55:b2:c1:b2:48:
         06:9d:3d:da:ab:98:13:d7:e3:9e:ba:5c:9a:1d:2e:d1:da:7d:
         9d:cd:36:c3:1e:fe:43:44:09:02:c9:d0:95:79:a8:b9:d0:f7:
         38:07:70:92
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUfbr0PGJswaY8GdiYPOqsSJ5wZTkwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDEwNloX
DTI3MDMwMzA2MDYwNlowMzExMC8GA1UEAxMoM0VDNEYyQzE5NkMxRjgzMjBDMTIy
NzJGQkJCMzRBMjQ1NjYxNkY3NzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKmvpYSGR/4/AnxWFZZe7REbZ4xTMtOmV49Y6Iz4h8jauPD9hQ76i2sv1xRu
jEhe/tdKl/CK8CnWApox0gSeZ2qjIbeRw1uK4yKdQE2vTEWB0fg2yjDoY3Aqhdm0
ZaG5wnVuQgf/8SJGSNIt/iwW4a5zXiuF/bShtPEG24xtuai1WBE1MTwFbU1Yu3IR
TU8PWoi3KwT7bw6arCw6cYEPxEO4EMY0yvKdBdAnZvn4x/21qDSLXm9TCuRfE3gW
eHzJP5JdFsm1e2GSJ28dPBVAgEwfeRtKVN/BWjSAKFNsJGMgrAGfcHSauRdHH/gT
NWplMi+8EeF6WK/vnDaJx0aa560CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQ+xPLB
lsH4MgwSJy+7s0okVmFvdzAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MzAyOC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
oXowDQYJKoZIhvcNAQELBQADggEBALOblwDnuDCuxiuzvPFbk6vkspUAFOgsdp3A
nrN0IxFTbFbh2PA5zpldR8zU58RDh4Bb93LHypgLdTQoz8G2GF8uAJSR8q+xFmtX
Zk9PZC98rrG1reWn7XM6rFtEl0DG1sb0PO0V2HENVULNQlKo/kEhpCWeUdUlJ1dz
D3krCqOdTUaRLXIoVRrj0me8/+fGwioxlXbeuwH1vqbA+nmU89gx4tqZlA9y2URC
4YcGfuP4p3gjMMyqkWHp/UmYk/qZZz0FFg48AVatwxQ7sDL9KZejN4ZVssGySAad
PdqrmBPX4566XJodLtHafZ3NNsMe/kNECQLJ0JV5qLnQ9zgHcJI=
-----END CERTIFICATE-----