Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143042.roa
File:                     AS143042.roa (raw, json)
Hash identifier:          +JVE4GqO5wTEjL/YGT1uU3aGFbzirAXPuaNT7rIJgXA=
Subject key identifier:   22:18:77:F8:DC:E9:E0:33:D5:8A:53:D8:DD:F8:87:A5:43:24:5A:2E
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       0319874D4F8DC95A2B2BAF7ED8AB4B9C56AE40EE
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143042.roa
Signing time:             Wed 04 Mar 2026 06:05:31 +0000
ROA not before:           Wed 04 Mar 2026 06:00:31 +0000
ROA not after:            Wed 03 Mar 2027 06:05:31 +0000
asID:                     143042
IP address blocks:        240a:a188::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:19:87:4d:4f:8d:c9:5a:2b:2b:af:7e:d8:ab:4b:9c:56:ae:40:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:00:31 2026 GMT
            Not After : Mar  3 06:05:31 2027 GMT
        Subject: CN=221877F8DCE9E033D58A53D8DDF887A543245A2E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:a9:01:f5:ec:f3:c6:46:70:c4:9e:6f:48:b6:
                    e7:b9:4f:5a:3c:9f:fe:d9:19:8f:f9:74:43:06:6b:
                    05:c1:52:5f:ec:fe:25:71:c2:f7:f1:72:d4:9f:cd:
                    d8:1e:58:62:2a:e7:34:ae:e8:f6:6b:fc:96:73:85:
                    49:3b:ef:8f:a0:79:db:a9:8c:a7:4c:b7:19:20:3d:
                    a3:f0:31:bb:dd:db:fa:a9:a7:4c:21:9e:bc:d6:b8:
                    55:e4:63:86:1f:2e:1d:8b:7b:b1:38:77:be:8d:b1:
                    8e:00:a0:48:86:5d:d8:01:1b:54:fc:d1:28:99:dc:
                    df:7e:84:e0:3e:48:99:7b:4f:47:5d:ef:e0:36:af:
                    44:36:fc:15:72:45:29:e0:f9:48:c5:4a:bf:02:89:
                    60:e6:5a:ee:33:a7:5b:62:b6:1d:e8:1f:03:1c:f8:
                    f2:3a:df:f9:8d:e4:2e:7e:fe:3e:d6:60:b8:f3:c5:
                    b6:93:98:50:38:b6:89:0e:4f:58:14:01:3f:24:ee:
                    d7:47:3e:13:99:78:25:e5:22:7a:2c:0c:e3:32:06:
                    ca:1b:eb:eb:c3:7e:8f:49:3a:fa:d6:3e:c3:9b:3c:
                    ad:db:e9:d3:0a:c0:b3:96:ed:c1:15:37:29:54:f7:
                    93:31:c4:32:08:1b:4d:e8:52:cb:70:84:78:28:9b:
                    30:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:18:77:F8:DC:E9:E0:33:D5:8A:53:D8:DD:F8:87:A5:43:24:5A:2E
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143042.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a188::/32

    Signature Algorithm: sha256WithRSAEncryption
         8d:30:74:62:88:ed:86:b9:a0:dd:7c:d1:24:c1:d0:7e:10:bf:
         e9:32:17:22:04:5a:96:81:da:ab:1c:e4:d8:bc:1c:42:2f:dc:
         07:08:da:35:20:4b:70:91:77:fc:6c:a0:73:a8:45:4f:19:bc:
         79:0c:82:92:4c:5a:7e:fb:7e:13:b2:b5:d7:ac:ff:b2:ba:14:
         cc:be:d1:df:c3:6b:31:ff:65:86:eb:57:94:d4:ba:09:82:41:
         7a:73:1d:54:d6:01:23:c8:4e:96:7f:b7:37:aa:cc:c6:6f:47:
         7e:39:b7:a0:d3:bc:c3:f5:b1:78:43:85:9a:20:dc:29:e0:b2:
         3e:22:fc:1f:8c:ee:31:cd:d0:1b:d4:ed:bc:9f:f2:7c:d6:43:
         ae:d0:7d:78:01:51:32:bb:a0:a8:a6:af:dc:b5:2a:c6:a3:48:
         9c:f8:30:70:c2:a0:b2:c2:e9:77:18:51:45:34:fb:88:fd:6b:
         09:33:1e:0c:31:e1:69:62:b6:86:85:c7:b0:a1:f8:e7:8d:02:
         95:b6:d1:40:a9:42:b2:0d:32:0c:b3:59:9c:34:c4:6d:95:54:
         4e:e3:d8:33:d0:da:7f:a4:b5:13:22:35:60:d4:cd:14:97:16:
         ad:64:0c:c5:00:4f:5a:da:4d:21:27:95:a8:aa:da:93:7d:16:
         8d:63:d2:dc
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUAxmHTU+NyVorK69+2KtLnFauQO4wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDAzMVoX
DTI3MDMwMzA2MDUzMVowMzExMC8GA1UEAxMoMjIxODc3RjhEQ0U5RTAzM0Q1OEE1
M0Q4RERGODg3QTU0MzI0NUEyRTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALCpAfXs88ZGcMSeb0i257lPWjyf/tkZj/l0QwZrBcFSX+z+JXHC9/Fy1J/N
2B5YYirnNK7o9mv8lnOFSTvvj6B526mMp0y3GSA9o/Axu93b+qmnTCGevNa4VeRj
hh8uHYt7sTh3vo2xjgCgSIZd2AEbVPzRKJnc336E4D5ImXtPR13v4DavRDb8FXJF
KeD5SMVKvwKJYOZa7jOnW2K2HegfAxz48jrf+Y3kLn7+PtZguPPFtpOYUDi2iQ5P
WBQBPyTu10c+E5l4JeUieiwM4zIGyhvr68N+j0k6+tY+w5s8rdvp0wrAs5btwRU3
KVT3kzHEMggbTehSy3CEeCibMDUCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQiGHf4
3OngM9WKU9jd+IelQyRaLjAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MzA0Mi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
oYgwDQYJKoZIhvcNAQELBQADggEBAI0wdGKI7Ya5oN180STB0H4Qv+kyFyIEWpaB
2qsc5Ni8HEIv3AcI2jUgS3CRd/xsoHOoRU8ZvHkMgpJMWn77fhOytdes/7K6FMy+
0d/DazH/ZYbrV5TUugmCQXpzHVTWASPITpZ/tzeqzMZvR345t6DTvMP1sXhDhZog
3Cngsj4i/B+M7jHN0BvU7byf8nzWQ67QfXgBUTK7oKimr9y1KsajSJz4MHDCoLLC
6XcYUUU0+4j9awkzHgwx4WlitoaFx7Ch+OeNApW20UCpQrINMgyzWZw0xG2VVE7j
2DPQ2n+ktRMiNWDUzRSXFq1kDMUAT1raTSEnlaiq2pN9Fo1j0tw=
-----END CERTIFICATE-----