Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143050.roa
File:                     AS143050.roa (raw, json)
Hash identifier:          ka7N1AVoqi6K77I24b1E7JHvjA/Lc3Rh8TFpWiB9UWw=
Subject key identifier:   AB:56:6C:59:E8:5E:F1:0A:8F:2C:A0:D2:FA:41:77:AA:F3:3F:26:B4
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       0BB950763D523D15CDA43A95C344A7EB2519F92F
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143050.roa
Signing time:             Wed 04 Mar 2026 06:05:11 +0000
ROA not before:           Wed 04 Mar 2026 06:00:11 +0000
ROA not after:            Wed 03 Mar 2027 06:05:11 +0000
asID:                     143050
IP address blocks:        240a:a190::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0b:b9:50:76:3d:52:3d:15:cd:a4:3a:95:c3:44:a7:eb:25:19:f9:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:00:11 2026 GMT
            Not After : Mar  3 06:05:11 2027 GMT
        Subject: CN=AB566C59E85EF10A8F2CA0D2FA4177AAF33F26B4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:f7:77:01:dd:dc:4f:42:07:a6:12:a1:f5:c7:
                    5a:18:b2:6a:0c:0c:96:59:41:5c:94:2d:09:7b:ce:
                    35:8d:f2:70:52:2f:b1:0a:08:91:9b:74:a9:23:12:
                    62:8f:8a:e8:9a:56:79:bf:55:a9:5a:bc:8f:4e:4f:
                    c0:2b:28:c6:15:2e:5a:76:9b:2d:ee:bd:56:56:6d:
                    cf:fb:f0:35:c9:58:87:f5:3f:ea:ea:0e:8b:3c:f6:
                    ec:ff:c2:12:23:54:79:99:a7:a6:42:6b:1b:8e:1a:
                    7c:79:82:3f:62:74:ec:55:c2:c9:a3:2f:6c:95:4e:
                    5b:69:e3:ca:c0:8e:4f:14:f5:4b:34:b5:4f:22:c2:
                    55:2a:01:95:80:67:b1:4d:6f:52:c4:9c:32:f9:af:
                    1c:60:44:5a:7f:d2:13:ea:6f:62:fd:40:0b:e6:04:
                    c0:4f:96:63:0f:26:3e:5c:5d:c5:03:5a:87:3e:d1:
                    f6:00:f7:be:17:be:91:85:c0:81:d0:c0:0a:a6:78:
                    00:53:ec:92:93:77:f1:d1:0a:79:2d:5f:43:f2:1a:
                    7a:f9:09:43:95:06:13:26:67:cc:cb:ce:89:15:08:
                    54:fc:49:7f:6a:fc:61:e6:a2:34:45:30:88:5b:1e:
                    22:60:db:77:37:f1:ce:66:8c:a6:27:6b:6e:ff:ae:
                    19:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:56:6C:59:E8:5E:F1:0A:8F:2C:A0:D2:FA:41:77:AA:F3:3F:26:B4
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143050.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a190::/32

    Signature Algorithm: sha256WithRSAEncryption
         d4:57:c7:ff:6e:34:68:c6:7c:3f:c1:0f:c7:f7:75:a2:9d:cb:
         1b:50:f9:a7:03:a1:99:7f:01:a5:ff:88:df:c7:39:d7:72:f8:
         11:20:eb:d9:41:20:99:8d:d6:5e:51:1e:de:9a:11:7f:a8:28:
         8d:8b:30:cc:4e:f9:a3:b4:57:cb:3c:36:c6:12:d2:08:bc:d3:
         d6:29:37:c6:0b:b7:7c:be:ee:c1:c5:05:56:45:b5:b0:e5:32:
         3d:9e:a8:d7:79:ee:f9:fd:40:7a:3e:ea:da:05:a0:e2:a6:7a:
         c1:f2:da:93:a3:40:c8:52:6f:35:d1:84:fe:a0:cc:a8:ac:d5:
         be:ba:ec:73:1e:3b:12:31:55:6b:a8:de:24:a8:79:a7:de:1e:
         7f:6d:ad:64:21:95:0f:b2:5d:98:21:f4:a4:15:51:bd:91:ca:
         9d:df:5f:b5:d8:04:9a:b9:cc:e1:4c:92:17:4c:e2:12:6c:e7:
         4d:47:3b:dd:a1:b8:e8:c1:cf:cc:17:a6:a4:ac:f4:3b:57:59:
         aa:e3:4a:ba:f6:26:b4:50:71:b2:38:5f:f0:af:4e:d7:2c:12:
         fe:c9:d1:5a:6e:a0:9f:b9:25:61:c6:99:e2:22:4c:d9:ae:57:
         17:62:d1:a8:b6:f7:ac:43:74:0b:95:f9:59:8c:98:a8:d3:01:
         dc:c6:4b:0c
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUC7lQdj1SPRXNpDqVw0Sn6yUZ+S8wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDAxMVoX
DTI3MDMwMzA2MDUxMVowMzExMC8GA1UEAxMoQUI1NjZDNTlFODVFRjEwQThGMkNB
MEQyRkE0MTc3QUFGMzNGMjZCNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKz3dwHd3E9CB6YSofXHWhiyagwMlllBXJQtCXvONY3ycFIvsQoIkZt0qSMS
Yo+K6JpWeb9VqVq8j05PwCsoxhUuWnabLe69VlZtz/vwNclYh/U/6uoOizz27P/C
EiNUeZmnpkJrG44afHmCP2J07FXCyaMvbJVOW2njysCOTxT1SzS1TyLCVSoBlYBn
sU1vUsScMvmvHGBEWn/SE+pvYv1AC+YEwE+WYw8mPlxdxQNahz7R9gD3vhe+kYXA
gdDACqZ4AFPskpN38dEKeS1fQ/IaevkJQ5UGEyZnzMvOiRUIVPxJf2r8YeaiNEUw
iFseImDbdzfxzmaMpidrbv+uGRMCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBSrVmxZ
6F7xCo8soNL6QXeq8z8mtDAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MzA1MC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
oZAwDQYJKoZIhvcNAQELBQADggEBANRXx/9uNGjGfD/BD8f3daKdyxtQ+acDoZl/
AaX/iN/HOddy+BEg69lBIJmN1l5RHt6aEX+oKI2LMMxO+aO0V8s8NsYS0gi809Yp
N8YLt3y+7sHFBVZFtbDlMj2eqNd57vn9QHo+6toFoOKmesHy2pOjQMhSbzXRhP6g
zKis1b667HMeOxIxVWuo3iSoeafeHn9trWQhlQ+yXZgh9KQVUb2Ryp3fX7XYBJq5
zOFMkhdM4hJs501HO92huOjBz8wXpqSs9DtXWarjSrr2JrRQcbI4X/CvTtcsEv7J
0VpuoJ+5JWHGmeIiTNmuVxdi0ai296xDdAuV+VmMmKjTAdzGSww=
-----END CERTIFICATE-----