Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143048.roa
File:                     AS143048.roa (raw, json)
Hash identifier:          e/O8tZtYpjyUfhiayJJNj3vuiDdK8wUzIWKL4KGbm+o=
Subject key identifier:   25:9F:7F:EE:BE:F0:78:E1:99:05:78:85:25:5B:19:A7:7C:48:9B:1C
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       3C376963D9F2BB559377E581892889302EB99998
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143048.roa
Signing time:             Wed 04 Mar 2026 06:07:08 +0000
ROA not before:           Wed 04 Mar 2026 06:02:08 +0000
ROA not after:            Wed 03 Mar 2027 06:07:08 +0000
asID:                     143048
IP address blocks:        240a:a18e::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:37:69:63:d9:f2:bb:55:93:77:e5:81:89:28:89:30:2e:b9:99:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:02:08 2026 GMT
            Not After : Mar  3 06:07:08 2027 GMT
        Subject: CN=259F7FEEBEF078E199057885255B19A77C489B1C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:ca:14:49:c3:19:b8:7e:37:a8:5f:27:ea:f4:
                    d7:1f:83:ca:73:d5:eb:44:ca:1d:08:d5:70:a0:40:
                    01:ae:78:41:99:39:3e:29:53:6f:50:ee:e7:13:bd:
                    e4:74:10:49:c0:8a:e7:96:1d:62:3f:13:74:aa:86:
                    46:de:9a:ba:83:9c:0d:16:ab:19:63:a4:d6:95:a7:
                    14:62:1a:c5:0a:83:f3:f0:07:99:31:4c:95:3d:fb:
                    00:8c:68:df:cf:9e:2e:25:35:a6:ce:63:f1:7d:1d:
                    bf:13:87:ea:e4:32:a8:78:ca:63:4d:04:27:98:04:
                    b8:b9:1a:1f:28:e8:d3:c2:3f:5d:8a:10:e6:76:35:
                    b9:a8:d3:4b:97:e1:f0:d6:3f:47:fc:96:ed:ef:a1:
                    32:88:bf:3d:e1:4e:75:ff:c6:05:5c:1a:a9:a9:6d:
                    6e:2e:23:84:79:db:aa:61:e3:37:b5:24:f4:53:65:
                    7e:42:cf:e7:b0:3a:ce:b1:7a:78:44:60:f5:7c:21:
                    b9:71:7e:26:12:a8:ce:8f:a7:59:7c:f2:14:be:42:
                    dc:88:c1:75:cd:f7:72:9d:84:8d:c8:32:c6:02:6f:
                    ac:fd:fd:f5:1e:fb:82:ca:46:6e:f1:46:33:00:50:
                    cd:79:e5:dc:bc:27:10:36:6b:d8:a5:b1:e5:ac:cb:
                    80:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:9F:7F:EE:BE:F0:78:E1:99:05:78:85:25:5B:19:A7:7C:48:9B:1C
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143048.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a18e::/32

    Signature Algorithm: sha256WithRSAEncryption
         2d:17:ff:1a:84:88:57:03:6d:8b:52:f6:a8:80:79:98:ca:e9:
         e4:42:dc:7c:55:10:92:85:2e:6b:78:b9:5f:4e:66:ed:dd:ef:
         92:7c:31:b9:68:fc:6a:89:19:b3:ac:0f:d0:81:94:7b:31:10:
         4b:fd:97:20:e1:5a:02:b5:45:ff:16:5b:a2:30:a0:57:7a:43:
         4b:7b:44:3e:3c:6e:c5:19:cf:2f:36:c8:e5:92:a4:f8:15:50:
         cc:44:4b:a3:e1:9a:e2:33:49:93:58:03:eb:e3:e0:c9:a1:ee:
         b1:8e:27:86:34:c4:06:ea:48:c3:97:db:3b:0a:9f:75:58:48:
         67:20:ca:81:b1:43:fc:94:a1:37:b5:33:07:7d:91:c3:29:dc:
         34:bd:a3:70:7e:c1:10:d4:4f:13:80:b2:b8:21:00:71:a2:22:
         10:a4:ab:07:ac:06:08:20:cb:cb:ef:1b:ef:e2:23:d6:7b:fe:
         6e:4e:32:ca:74:a0:18:ce:6e:7d:ff:0e:fe:50:71:2b:dd:6e:
         b0:9f:ca:96:ca:dd:c5:f9:5d:bf:16:58:95:54:84:e5:79:f8:
         ba:ff:5b:2a:8c:3e:6f:0d:b4:bc:af:7a:f8:aa:55:cf:7d:4e:
         8b:ef:8b:27:e4:ab:fb:9d:82:fb:14:5d:ab:cc:fd:07:91:17:
         e3:41:b2:7f
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUPDdpY9nyu1WTd+WBiSiJMC65mZgwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDIwOFoX
DTI3MDMwMzA2MDcwOFowMzExMC8GA1UEAxMoMjU5RjdGRUVCRUYwNzhFMTk5MDU3
ODg1MjU1QjE5QTc3QzQ4OUIxQzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMjKFEnDGbh+N6hfJ+r01x+DynPV60TKHQjVcKBAAa54QZk5PilTb1Du5xO9
5HQQScCK55YdYj8TdKqGRt6auoOcDRarGWOk1pWnFGIaxQqD8/AHmTFMlT37AIxo
38+eLiU1ps5j8X0dvxOH6uQyqHjKY00EJ5gEuLkaHyjo08I/XYoQ5nY1uajTS5fh
8NY/R/yW7e+hMoi/PeFOdf/GBVwaqaltbi4jhHnbqmHjN7Uk9FNlfkLP57A6zrF6
eERg9XwhuXF+JhKozo+nWXzyFL5C3IjBdc33cp2EjcgyxgJvrP399R77gspGbvFG
MwBQzXnl3LwnEDZr2KWx5azLgMECAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQln3/u
vvB44ZkFeIUlWxmnfEibHDAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MzA0OC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
oY4wDQYJKoZIhvcNAQELBQADggEBAC0X/xqEiFcDbYtS9qiAeZjK6eRC3HxVEJKF
Lmt4uV9OZu3d75J8Mblo/GqJGbOsD9CBlHsxEEv9lyDhWgK1Rf8WW6IwoFd6Q0t7
RD48bsUZzy82yOWSpPgVUMxES6PhmuIzSZNYA+vj4Mmh7rGOJ4Y0xAbqSMOX2zsK
n3VYSGcgyoGxQ/yUoTe1Mwd9kcMp3DS9o3B+wRDUTxOAsrghAHGiIhCkqwesBggg
y8vvG+/iI9Z7/m5OMsp0oBjObn3/Dv5QcSvdbrCfypbK3cX5Xb8WWJVUhOV5+Lr/
WyqMPm8NtLyveviqVc99Tovviyfkq/udgvsUXavM/QeRF+NBsn8=
-----END CERTIFICATE-----