Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143029.roa
File:                     AS143029.roa (raw, json)
Hash identifier:          00qLMVFnFPq+SesFe2DFKw3TB/12u2tCwpdFCA88XrQ=
Subject key identifier:   C5:EC:2A:31:D2:99:BF:31:EE:93:8C:F2:ED:9C:F7:E6:ED:39:D7:C9
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       44DF42860016617F5E3331279F5065244990D4A1
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143029.roa
Signing time:             Wed 04 Mar 2026 06:07:51 +0000
ROA not before:           Wed 04 Mar 2026 06:02:51 +0000
ROA not after:            Wed 03 Mar 2027 06:07:51 +0000
asID:                     143029
IP address blocks:        240a:a17b::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:df:42:86:00:16:61:7f:5e:33:31:27:9f:50:65:24:49:90:d4:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:02:51 2026 GMT
            Not After : Mar  3 06:07:51 2027 GMT
        Subject: CN=C5EC2A31D299BF31EE938CF2ED9CF7E6ED39D7C9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:e3:5a:15:0e:14:c2:dd:fb:af:dc:a9:98:4e:
                    7a:0f:94:f6:69:7d:f1:8b:07:69:fb:7b:80:b3:c2:
                    60:ef:86:de:bc:f5:33:37:3d:8b:db:d0:11:9c:ed:
                    1e:70:19:fa:7c:e7:63:a8:27:ce:30:a4:b8:95:34:
                    16:cc:69:7c:1e:f5:7a:6c:05:d7:02:bd:0f:f2:06:
                    c5:49:f9:01:25:eb:21:fd:e8:4d:3b:92:86:b4:61:
                    3d:b1:8d:9b:7b:b4:59:ad:e4:18:e8:33:67:1d:65:
                    36:d3:93:af:a0:4a:e3:9c:79:ef:fa:bb:0e:5f:b9:
                    c8:93:90:9c:d6:0e:ca:4a:75:fd:b9:76:51:82:ad:
                    a8:c5:4e:00:24:49:c4:18:ef:18:28:b0:e0:d8:4b:
                    89:7d:47:5b:78:2e:f9:49:ac:f1:a5:65:0c:70:be:
                    01:4b:ed:a0:74:01:a0:17:cc:6b:de:52:64:21:ad:
                    c3:36:fd:fc:1f:7c:12:5f:2f:d5:fd:bd:30:8b:22:
                    65:df:f4:09:94:20:93:31:ce:66:29:17:0b:8f:b6:
                    4d:68:17:88:ad:cc:ba:70:b2:45:92:ea:9f:c4:b9:
                    68:d1:8f:e6:f1:c1:1d:38:bb:15:c3:86:de:1e:dc:
                    12:6e:7c:e6:88:af:c1:2d:85:56:f7:75:ac:d2:50:
                    fc:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:EC:2A:31:D2:99:BF:31:EE:93:8C:F2:ED:9C:F7:E6:ED:39:D7:C9
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143029.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a17b::/32

    Signature Algorithm: sha256WithRSAEncryption
         32:c0:6d:7c:c7:15:58:cb:18:08:e4:3b:5f:bb:ae:0e:6c:c9:
         cd:b9:86:62:97:71:51:30:c1:ff:80:0d:60:37:38:b9:d9:67:
         25:1d:f8:3a:ea:4e:e1:4e:ca:3a:9b:8e:eb:33:78:fa:eb:e4:
         d9:41:77:a3:d9:52:6f:06:94:77:80:59:db:5d:08:56:5b:50:
         1f:32:10:fd:98:db:72:b6:7b:af:89:63:ad:40:14:b0:ba:72:
         3c:3e:af:47:5d:b7:d9:d2:1a:67:de:b7:c6:a0:c4:66:7b:87:
         ff:d4:6c:0d:8a:1a:f5:dd:b2:42:9f:44:93:68:4b:75:72:54:
         b2:53:19:74:e9:89:d3:29:2d:38:19:8f:6c:27:43:2a:18:10:
         24:c1:3e:8b:97:52:1a:9f:b6:b2:2b:7d:4f:92:66:7d:c8:84:
         d7:91:d2:ae:25:e6:32:fa:80:96:2d:53:af:5e:35:d1:42:1a:
         f4:26:cb:54:55:f0:a4:58:1f:47:de:b8:e5:06:3d:e6:74:cd:
         1d:19:d6:f7:b8:a6:48:af:c2:20:f6:fd:f8:12:72:40:90:3a:
         c0:fe:22:68:28:c2:d3:50:b6:86:e4:77:ca:37:54:ad:28:64:
         e8:74:57:d3:a3:1a:48:10:cc:1e:72:8d:db:a2:de:16:08:69:
         d9:f0:b5:7f
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIURN9ChgAWYX9eMzEnn1BlJEmQ1KEwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDI1MVoX
DTI3MDMwMzA2MDc1MVowMzExMC8GA1UEAxMoQzVFQzJBMzFEMjk5QkYzMUVFOTM4
Q0YyRUQ5Q0Y3RTZFRDM5RDdDOTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKLjWhUOFMLd+6/cqZhOeg+U9ml98YsHaft7gLPCYO+G3rz1Mzc9i9vQEZzt
HnAZ+nznY6gnzjCkuJU0FsxpfB71emwF1wK9D/IGxUn5ASXrIf3oTTuShrRhPbGN
m3u0Wa3kGOgzZx1lNtOTr6BK45x57/q7Dl+5yJOQnNYOykp1/bl2UYKtqMVOACRJ
xBjvGCiw4NhLiX1HW3gu+Ums8aVlDHC+AUvtoHQBoBfMa95SZCGtwzb9/B98El8v
1f29MIsiZd/0CZQgkzHOZikXC4+2TWgXiK3MunCyRZLqn8S5aNGP5vHBHTi7FcOG
3h7cEm585oivwS2FVvd1rNJQ/PcCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBTF7Cox
0pm/Me6TjPLtnPfm7TnXyTAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MzAyOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
oXswDQYJKoZIhvcNAQELBQADggEBADLAbXzHFVjLGAjkO1+7rg5syc25hmKXcVEw
wf+ADWA3OLnZZyUd+DrqTuFOyjqbjuszePrr5NlBd6PZUm8GlHeAWdtdCFZbUB8y
EP2Y23K2e6+JY61AFLC6cjw+r0ddt9nSGmfet8agxGZ7h//UbA2KGvXdskKfRJNo
S3VyVLJTGXTpidMpLTgZj2wnQyoYECTBPouXUhqftrIrfU+SZn3IhNeR0q4l5jL6
gJYtU69eNdFCGvQmy1RV8KRYH0feuOUGPeZ0zR0Z1ve4pkivwiD2/fgSckCQOsD+
ImgowtNQtobkd8o3VK0oZOh0V9OjGkgQzB5yjdui3hYIadnwtX8=
-----END CERTIFICATE-----