Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143034.roa
File:                     AS143034.roa (raw, json)
Hash identifier:          e/yYgTFgmKW+KNEM8kRyAehGKyFl28FPdZV70DFkjyI=
Subject key identifier:   81:6B:F7:1E:BD:7C:67:09:B3:09:52:E0:73:20:19:AD:CD:3E:2F:70
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       55E5F8EA2ACDBCAEF8543F9B13AE75C53502DD7A
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143034.roa
Signing time:             Wed 04 Mar 2026 06:05:27 +0000
ROA not before:           Wed 04 Mar 2026 06:00:27 +0000
ROA not after:            Wed 03 Mar 2027 06:05:27 +0000
asID:                     143034
IP address blocks:        240a:a180::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            55:e5:f8:ea:2a:cd:bc:ae:f8:54:3f:9b:13:ae:75:c5:35:02:dd:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:00:27 2026 GMT
            Not After : Mar  3 06:05:27 2027 GMT
        Subject: CN=816BF71EBD7C6709B30952E0732019ADCD3E2F70
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:8b:cb:b0:c5:ad:9e:fa:e3:b6:9c:67:99:2a:
                    bc:47:d3:57:72:db:50:a5:f6:3b:08:18:ac:f6:bb:
                    45:04:51:97:d6:74:87:45:0c:4b:03:ae:2f:60:59:
                    4b:b5:6a:e6:a2:93:ee:f0:0a:75:8e:b5:91:93:0a:
                    4b:79:95:51:d9:f4:3b:a0:fd:97:22:48:b2:b0:44:
                    67:e8:1d:09:98:a4:5b:84:80:5f:43:fb:68:d2:29:
                    fb:58:44:04:df:69:06:46:27:bc:d1:ee:db:22:d1:
                    29:c9:5c:17:8f:82:42:42:91:f8:b6:83:af:43:58:
                    53:ec:5f:52:74:fb:5d:19:c8:59:a5:23:63:37:1e:
                    cc:01:d2:0d:41:c1:4b:9f:2b:4b:68:72:ea:55:a2:
                    86:02:bf:30:0a:72:33:79:5d:89:d9:af:37:3a:78:
                    d3:e0:04:9b:46:ff:1f:08:ed:c2:0c:eb:32:2c:14:
                    4c:62:32:d2:a3:9c:23:16:cd:da:f8:08:22:ac:72:
                    5a:2e:c4:40:e7:f7:d6:f7:b9:c6:4a:08:52:36:ef:
                    b1:dc:d2:36:52:e1:23:6c:af:73:6b:46:0b:6e:07:
                    65:78:2c:45:1d:17:84:32:4c:ae:52:b6:5d:b9:e4:
                    36:ac:fc:9a:07:08:c4:aa:af:f5:f4:c2:34:3f:4f:
                    96:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:6B:F7:1E:BD:7C:67:09:B3:09:52:E0:73:20:19:AD:CD:3E:2F:70
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143034.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a180::/32

    Signature Algorithm: sha256WithRSAEncryption
         30:b9:8f:d0:52:47:8b:07:c2:76:17:ed:6f:44:2a:4a:2e:ff:
         ab:fe:46:34:2e:d1:7a:20:99:8a:9d:28:e5:25:8d:15:e0:2d:
         c8:88:7e:18:30:c3:80:66:59:51:91:0d:1c:e2:33:2a:ab:a3:
         54:97:23:d1:84:26:2b:32:c2:83:66:d4:b9:bf:e0:79:7a:eb:
         eb:16:d6:96:fb:83:04:a9:23:96:ef:44:c4:86:77:ec:94:a8:
         8d:25:75:8e:c3:1e:01:6e:1c:e5:04:19:2a:29:81:e9:12:45:
         14:55:3c:7d:cf:84:9e:c6:24:d5:0a:dd:f4:1b:58:ed:f3:e3:
         15:2b:c3:48:d5:f1:bb:3f:f6:e3:2d:77:00:41:19:78:16:8f:
         e9:88:14:c8:e1:e8:26:06:3b:6b:54:4d:e9:99:bc:e6:52:67:
         d9:b5:95:af:ee:a5:66:61:49:ae:14:8d:6d:c8:d1:24:17:94:
         88:ea:99:68:ee:63:9b:e5:29:4a:69:ff:b9:6c:b7:be:ef:0e:
         70:85:58:2e:1b:97:da:2f:cf:1d:41:55:75:f4:9b:7d:c1:63:
         75:0e:44:c4:55:7d:9e:86:72:fd:7b:99:24:3a:12:78:7b:22:
         6e:1c:15:be:27:d9:0d:00:0f:c0:41:9c:a2:38:96:4f:25:9f:
         b2:eb:df:3b
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUVeX46irNvK74VD+bE651xTUC3XowDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDAyN1oX
DTI3MDMwMzA2MDUyN1owMzExMC8GA1UEAxMoODE2QkY3MUVCRDdDNjcwOUIzMDk1
MkUwNzMyMDE5QURDRDNFMkY3MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANuLy7DFrZ7647acZ5kqvEfTV3LbUKX2OwgYrPa7RQRRl9Z0h0UMSwOuL2BZ
S7Vq5qKT7vAKdY61kZMKS3mVUdn0O6D9lyJIsrBEZ+gdCZikW4SAX0P7aNIp+1hE
BN9pBkYnvNHu2yLRKclcF4+CQkKR+LaDr0NYU+xfUnT7XRnIWaUjYzcezAHSDUHB
S58rS2hy6lWihgK/MApyM3ldidmvNzp40+AEm0b/HwjtwgzrMiwUTGIy0qOcIxbN
2vgIIqxyWi7EQOf31ve5xkoIUjbvsdzSNlLhI2yvc2tGC24HZXgsRR0XhDJMrlK2
XbnkNqz8mgcIxKqv9fTCND9PllMCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBSBa/ce
vXxnCbMJUuBzIBmtzT4vcDAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MzAzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
oYAwDQYJKoZIhvcNAQELBQADggEBADC5j9BSR4sHwnYX7W9EKkou/6v+RjQu0Xog
mYqdKOUljRXgLciIfhgww4BmWVGRDRziMyqro1SXI9GEJisywoNm1Lm/4Hl66+sW
1pb7gwSpI5bvRMSGd+yUqI0ldY7DHgFuHOUEGSopgekSRRRVPH3PhJ7GJNUK3fQb
WO3z4xUrw0jV8bs/9uMtdwBBGXgWj+mIFMjh6CYGO2tUTemZvOZSZ9m1la/upWZh
Sa4UjW3I0SQXlIjqmWjuY5vlKUpp/7lst77vDnCFWC4bl9ovzx1BVXX0m33BY3UO
RMRVfZ6Gcv17mSQ6Enh7Im4cFb4n2Q0AD8BBnKI4lk8ln7Lr3zs=
-----END CERTIFICATE-----