Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143032.roa
File:                     AS143032.roa (raw, json)
Hash identifier:          QUWzXTwHsg6fBtb4u/JEd5bzJjuw8LZnYWTjRXCZCTQ=
Subject key identifier:   7C:BB:23:BA:83:86:9B:76:DF:F4:1E:66:4B:57:9E:2C:CF:BE:68:15
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       4E496888B8A05FA704774CD0D5549023F2AC92B3
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143032.roa
Signing time:             Wed 04 Mar 2026 06:06:25 +0000
ROA not before:           Wed 04 Mar 2026 06:01:25 +0000
ROA not after:            Wed 03 Mar 2027 06:06:25 +0000
asID:                     143032
IP address blocks:        240a:a17e::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4e:49:68:88:b8:a0:5f:a7:04:77:4c:d0:d5:54:90:23:f2:ac:92:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:01:25 2026 GMT
            Not After : Mar  3 06:06:25 2027 GMT
        Subject: CN=7CBB23BA83869B76DFF41E664B579E2CCFBE6815
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:37:6f:38:e5:e4:e4:37:ea:8e:83:ff:22:c7:
                    98:97:ce:b1:51:76:5b:89:2b:8d:da:9c:12:49:59:
                    51:70:5b:0c:e2:9a:b1:ee:69:e4:a0:fa:9b:f3:50:
                    f2:f4:30:78:ed:60:de:6e:51:d9:81:58:40:5d:70:
                    bb:b0:96:39:fc:c7:ee:49:89:96:2e:2a:14:49:18:
                    ba:25:8b:86:26:c3:f3:44:66:b2:9f:99:ab:72:a7:
                    b4:35:aa:66:c2:31:7a:d7:9e:26:c8:c3:a5:1f:a1:
                    5b:ad:08:cd:c8:5f:4a:d7:c8:64:3b:f3:78:42:7e:
                    ab:54:4e:64:56:59:de:30:14:f6:77:85:b6:31:f2:
                    01:51:33:50:fb:ad:a4:7c:e2:f0:6c:e7:1f:aa:be:
                    1e:de:3d:fb:c4:5e:d8:84:e1:3c:f4:dc:75:0d:3f:
                    4f:57:02:91:82:0f:04:55:c6:67:20:f7:ff:30:67:
                    f3:11:9d:65:2a:e7:ba:37:f3:67:a5:0d:c4:b3:e8:
                    36:df:26:0b:71:54:c4:11:ed:b2:0c:41:e7:31:ed:
                    ec:f2:7b:a1:8c:10:81:46:31:39:8a:47:55:fc:4a:
                    0d:10:ec:c1:c8:94:6b:dc:a9:8c:10:8a:3f:26:53:
                    02:a7:04:a8:40:dd:4f:b0:2b:27:53:10:ac:14:c2:
                    7f:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:BB:23:BA:83:86:9B:76:DF:F4:1E:66:4B:57:9E:2C:CF:BE:68:15
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143032.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a17e::/32

    Signature Algorithm: sha256WithRSAEncryption
         77:cb:17:51:77:95:be:ef:68:19:45:ae:a6:2c:f0:40:c4:f3:
         2e:c6:62:ac:8e:72:9d:ca:a4:aa:0d:34:9f:ed:10:63:5b:b1:
         9a:a8:1a:ff:f8:9e:36:ed:6d:4e:34:79:e4:cd:aa:f2:57:8c:
         66:b7:a1:88:0d:c0:7b:74:5b:66:ce:68:4b:0a:54:20:0c:d0:
         cd:8d:ff:15:9b:34:b5:c2:37:ed:6c:e3:59:a8:b5:fe:64:05:
         9d:d6:b5:5a:ac:92:65:c6:28:10:1f:ca:7f:16:39:77:e6:b5:
         46:c5:a3:a8:cd:26:d0:40:91:31:4f:8e:86:c7:02:5a:e0:66:
         4c:85:67:93:cd:da:db:6e:95:ef:97:0f:99:aa:73:3e:ba:1b:
         cc:89:c6:7a:45:7d:a8:43:b4:44:32:52:62:21:1a:b4:78:4d:
         6e:98:f7:0a:59:a2:30:6f:be:9f:b4:3a:94:35:c3:ab:f4:27:
         99:18:66:b1:65:c3:f9:28:71:a5:2a:97:0a:0f:dc:a5:82:1d:
         e7:f1:29:c4:75:52:7e:ce:12:94:14:3b:f4:f2:e0:57:ab:3d:
         13:a8:c4:a6:7c:44:1c:d5:99:14:ed:2c:1c:6c:20:70:47:ba:
         0c:fc:7b:f5:88:06:5b:92:35:68:51:b2:d1:e2:76:61:e6:dc:
         c0:b5:32:96
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUTkloiLigX6cEd0zQ1VSQI/KskrMwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDEyNVoX
DTI3MDMwMzA2MDYyNVowMzExMC8GA1UEAxMoN0NCQjIzQkE4Mzg2OUI3NkRGRjQx
RTY2NEI1NzlFMkNDRkJFNjgxNTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKk3bzjl5OQ36o6D/yLHmJfOsVF2W4krjdqcEklZUXBbDOKase5p5KD6m/NQ
8vQweO1g3m5R2YFYQF1wu7CWOfzH7kmJli4qFEkYuiWLhibD80Rmsp+Zq3KntDWq
ZsIxeteeJsjDpR+hW60IzchfStfIZDvzeEJ+q1ROZFZZ3jAU9neFtjHyAVEzUPut
pHzi8GznH6q+Ht49+8Re2IThPPTcdQ0/T1cCkYIPBFXGZyD3/zBn8xGdZSrnujfz
Z6UNxLPoNt8mC3FUxBHtsgxB5zHt7PJ7oYwQgUYxOYpHVfxKDRDswciUa9ypjBCK
PyZTAqcEqEDdT7ArJ1MQrBTCfw0CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBR8uyO6
g4abdt/0HmZLV54sz75oFTAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MzAzMi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
oX4wDQYJKoZIhvcNAQELBQADggEBAHfLF1F3lb7vaBlFrqYs8EDE8y7GYqyOcp3K
pKoNNJ/tEGNbsZqoGv/4njbtbU40eeTNqvJXjGa3oYgNwHt0W2bOaEsKVCAM0M2N
/xWbNLXCN+1s41motf5kBZ3WtVqskmXGKBAfyn8WOXfmtUbFo6jNJtBAkTFPjobH
AlrgZkyFZ5PN2ttule+XD5mqcz66G8yJxnpFfahDtEQyUmIhGrR4TW6Y9wpZojBv
vp+0OpQ1w6v0J5kYZrFlw/kocaUqlwoP3KWCHefxKcR1Un7OEpQUO/Ty4FerPROo
xKZ8RBzVmRTtLBxsIHBHugz8e/WIBluSNWhRstHidmHm3MC1MpY=
-----END CERTIFICATE-----