Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143035.roa
File:                     AS143035.roa (raw, json)
Hash identifier:          ACvLdF9KktwAwISQgHEcT+ZDoy/QY/WhO9DoBe9sQwg=
Subject key identifier:   AC:7A:93:8D:C7:FC:9D:42:58:C8:2E:C0:70:01:4B:D3:CD:0F:4F:09
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       7421982BFE2339D34062679A02C0E7F374BDEF28
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143035.roa
Signing time:             Wed 04 Mar 2026 06:07:11 +0000
ROA not before:           Wed 04 Mar 2026 06:02:11 +0000
ROA not after:            Wed 03 Mar 2027 06:07:11 +0000
asID:                     143035
IP address blocks:        240a:a181::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:21:98:2b:fe:23:39:d3:40:62:67:9a:02:c0:e7:f3:74:bd:ef:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:02:11 2026 GMT
            Not After : Mar  3 06:07:11 2027 GMT
        Subject: CN=AC7A938DC7FC9D4258C82EC070014BD3CD0F4F09
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:50:b5:26:7c:63:d8:ac:d8:9b:90:fc:9d:e3:
                    4c:b2:10:6e:3a:a3:95:bb:f5:ba:12:74:03:cb:66:
                    07:4a:32:f6:56:b7:73:fa:90:0b:33:f9:aa:27:19:
                    c4:73:63:1b:28:ce:e0:16:aa:e3:63:02:4e:e9:33:
                    4a:7c:ea:3d:ab:4c:c2:6b:94:6d:8f:1f:0b:12:2f:
                    dc:5b:f5:74:80:be:36:80:f7:22:29:8f:0e:4c:d9:
                    e3:7b:a8:fc:99:ff:2b:ba:18:25:3c:c4:61:aa:b3:
                    13:1f:f0:ea:f3:83:88:22:32:42:30:5c:32:a8:26:
                    bd:68:06:7d:06:ed:21:0d:69:e0:e1:cd:ea:d7:a2:
                    94:2e:10:e3:8a:f5:96:37:fc:0a:d7:87:ee:df:c6:
                    6c:89:f0:92:09:69:7b:0c:7d:65:fe:e5:58:5a:34:
                    cd:b4:7b:59:67:59:b6:87:1f:8a:1b:f3:4a:92:3b:
                    f7:66:79:c7:e7:42:ce:a7:2c:80:64:59:b0:d6:b3:
                    0a:1c:5f:70:c0:9d:14:07:32:7c:17:69:48:62:40:
                    c0:b0:f2:e2:f7:91:f6:44:1b:33:80:f1:9b:24:61:
                    48:59:02:01:62:21:a3:1e:b6:cd:71:95:d7:58:1d:
                    cf:fe:9f:89:ef:46:bb:4c:83:b7:71:43:79:5d:cc:
                    d6:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:7A:93:8D:C7:FC:9D:42:58:C8:2E:C0:70:01:4B:D3:CD:0F:4F:09
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143035.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a181::/32

    Signature Algorithm: sha256WithRSAEncryption
         b6:31:c0:2c:65:20:bb:d3:ad:b6:57:7f:77:e9:4f:f2:99:9e:
         63:7a:24:c8:85:04:d2:f5:1c:d0:34:49:24:5c:72:95:58:8a:
         80:20:01:f6:5e:1c:7e:8f:3b:87:11:97:8a:e7:0d:81:d2:13:
         81:55:21:97:62:96:2c:20:2c:a1:d3:4b:08:84:0c:9d:27:bf:
         08:7e:3c:6e:35:57:97:12:75:4d:3e:b4:61:7b:96:6c:44:26:
         3e:c7:0c:2e:d0:d6:35:3a:b2:8b:df:2f:dc:cf:3f:78:00:ab:
         04:0f:9b:bd:d6:4b:e4:8a:ba:5a:1a:9d:5f:d0:ce:6c:78:03:
         47:15:da:6b:2c:a4:f8:9c:6e:40:c5:5e:20:9e:75:10:c0:a2:
         dc:2a:5c:75:88:92:c4:04:e4:f5:f8:09:22:30:1c:21:90:06:
         1a:8f:ef:e6:5a:c8:18:08:cc:e4:87:11:f4:b8:86:ec:fa:72:
         50:37:3b:8e:e6:89:c8:64:38:73:dc:ef:43:1c:32:52:8b:46:
         7e:2b:c0:84:67:39:26:08:88:3d:6b:75:e3:80:9f:a4:d3:95:
         41:7b:16:ac:bc:2c:4d:ab:db:42:92:5d:33:c4:cb:79:c3:c1:
         50:3e:06:3f:20:40:82:e5:58:68:3e:b3:3c:7f:3c:98:74:92:
         02:86:b4:4f
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUdCGYK/4jOdNAYmeaAsDn83S97ygwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDIxMVoX
DTI3MDMwMzA2MDcxMVowMzExMC8GA1UEAxMoQUM3QTkzOERDN0ZDOUQ0MjU4Qzgy
RUMwNzAwMTRCRDNDRDBGNEYwOTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMJQtSZ8Y9is2JuQ/J3jTLIQbjqjlbv1uhJ0A8tmB0oy9la3c/qQCzP5qicZ
xHNjGyjO4Baq42MCTukzSnzqPatMwmuUbY8fCxIv3Fv1dIC+NoD3IimPDkzZ43uo
/Jn/K7oYJTzEYaqzEx/w6vODiCIyQjBcMqgmvWgGfQbtIQ1p4OHN6teilC4Q44r1
ljf8CteH7t/GbInwkglpewx9Zf7lWFo0zbR7WWdZtocfihvzSpI792Z5x+dCzqcs
gGRZsNazChxfcMCdFAcyfBdpSGJAwLDy4veR9kQbM4DxmyRhSFkCAWIhox62zXGV
11gdz/6fie9Gu0yDt3FDeV3M1nECAwEAAaOCAcUwggHBMB0GA1UdDgQWBBSsepON
x/ydQljILsBwAUvTzQ9PCTAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MzAzNS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
oYEwDQYJKoZIhvcNAQELBQADggEBALYxwCxlILvTrbZXf3fpT/KZnmN6JMiFBNL1
HNA0SSRccpVYioAgAfZeHH6PO4cRl4rnDYHSE4FVIZdiliwgLKHTSwiEDJ0nvwh+
PG41V5cSdU0+tGF7lmxEJj7HDC7Q1jU6sovfL9zPP3gAqwQPm73WS+SKuloanV/Q
zmx4A0cV2msspPicbkDFXiCedRDAotwqXHWIksQE5PX4CSIwHCGQBhqP7+ZayBgI
zOSHEfS4huz6clA3O47michkOHPc70McMlKLRn4rwIRnOSYIiD1rdeOAn6TTlUF7
Fqy8LE2r20KSXTPEy3nDwVA+Bj8gQILlWGg+szx/PJh0kgKGtE8=
-----END CERTIFICATE-----