Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143056.roa
File:                     AS143056.roa (raw, json)
Hash identifier:          OtmeHhZoU+TSuGg9NW6BAXDvoD5K49DzPBAUAMkuzqc=
Subject key identifier:   96:1B:54:68:83:CF:A4:E4:AE:B3:96:C3:51:93:80:F5:F6:EF:DF:DA
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       21DBCB7CC017CC40FA052F2D4759EACBAA42B261
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143056.roa
Signing time:             Wed 04 Mar 2026 06:06:04 +0000
ROA not before:           Wed 04 Mar 2026 06:01:04 +0000
ROA not after:            Wed 03 Mar 2027 06:06:04 +0000
asID:                     143056
IP address blocks:        240a:a196::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:db:cb:7c:c0:17:cc:40:fa:05:2f:2d:47:59:ea:cb:aa:42:b2:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:01:04 2026 GMT
            Not After : Mar  3 06:06:04 2027 GMT
        Subject: CN=961B546883CFA4E4AEB396C3519380F5F6EFDFDA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:4b:85:88:df:2a:27:08:68:ad:5c:94:62:a7:
                    95:4b:4e:06:a8:ef:29:ec:3d:23:8a:f5:3c:ce:c8:
                    9a:aa:dc:c8:fa:1c:0f:74:e3:38:0f:38:d6:42:c4:
                    33:9e:81:4c:ed:c0:68:51:04:6a:83:eb:29:6e:b6:
                    2e:b0:89:21:48:f2:e7:47:85:78:a9:9b:c0:de:96:
                    e0:e5:ef:67:f5:d0:08:0a:d0:76:b5:15:62:13:fb:
                    ea:1d:48:15:cd:45:18:8a:55:5a:46:10:40:3a:7a:
                    38:5c:40:45:79:78:19:a3:04:ff:0f:e0:aa:13:00:
                    c3:e7:87:f5:ed:47:17:bd:58:93:56:32:b5:c0:e1:
                    cf:d9:03:eb:1a:ca:6c:4c:43:da:c3:1d:d2:32:79:
                    8b:9f:25:48:60:e3:04:64:1b:73:f9:06:71:ab:e2:
                    fb:8f:27:eb:f3:dc:54:2f:4b:6b:af:6b:0f:f4:73:
                    77:51:64:f2:5e:05:01:10:32:d3:30:be:57:bc:be:
                    b4:31:b4:d1:e4:41:01:6e:9f:2d:6d:26:25:8e:bf:
                    56:41:5f:b8:f0:79:02:91:ab:9f:df:f7:d7:b1:6a:
                    62:73:5c:12:b1:74:dd:ba:cf:0b:d4:e5:15:45:83:
                    9b:84:2e:06:42:6d:ca:f0:ad:42:92:54:d3:83:9c:
                    a6:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:1B:54:68:83:CF:A4:E4:AE:B3:96:C3:51:93:80:F5:F6:EF:DF:DA
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143056.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a196::/32

    Signature Algorithm: sha256WithRSAEncryption
         7a:f3:da:b3:2b:7a:3f:ef:ca:9a:b4:c1:5f:5f:5e:d3:b1:2b:
         64:08:b3:18:9d:b8:be:b5:c4:41:07:29:a8:5a:75:60:1a:73:
         82:68:7a:f0:fd:1f:33:63:cd:53:6f:8d:59:0e:64:c4:8c:ba:
         96:27:dd:ed:43:1a:64:eb:51:f3:59:c4:3f:38:28:03:34:e9:
         a5:37:9e:6d:53:58:4a:03:4f:17:94:79:cc:74:9d:ac:7f:9f:
         f1:e6:a9:bf:a8:0d:af:08:ed:0b:36:46:d2:09:ae:55:8e:21:
         9e:dc:37:65:48:11:c2:81:bd:a7:74:63:77:06:8c:c9:2b:d8:
         24:fb:4b:90:7e:7e:90:61:d5:7b:06:30:89:6a:8f:6d:14:a1:
         d3:d0:97:1b:41:c1:df:b1:9b:c3:25:d3:86:65:aa:c6:77:3c:
         75:79:52:3e:95:1a:ed:2a:0b:76:fb:73:25:4e:42:f9:40:e0:
         ae:86:13:03:61:4a:d5:e9:cf:47:e4:02:08:6d:1e:65:7c:3e:
         44:40:e0:98:36:1d:ac:10:f1:00:3e:0e:75:99:a7:a3:ca:1b:
         7a:fd:ec:e8:1c:76:d0:0d:7f:e9:73:45:66:7f:b7:e6:f0:f1:
         74:8c:01:7f:e8:b6:f3:90:42:32:e9:4d:47:14:96:96:ed:94:
         dd:0c:1d:1a
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUIdvLfMAXzED6BS8tR1nqy6pCsmEwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDEwNFoX
DTI3MDMwMzA2MDYwNFowMzExMC8GA1UEAxMoOTYxQjU0Njg4M0NGQTRFNEFFQjM5
NkMzNTE5MzgwRjVGNkVGREZEQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKNLhYjfKicIaK1clGKnlUtOBqjvKew9I4r1PM7ImqrcyPocD3TjOA841kLE
M56BTO3AaFEEaoPrKW62LrCJIUjy50eFeKmbwN6W4OXvZ/XQCArQdrUVYhP76h1I
Fc1FGIpVWkYQQDp6OFxARXl4GaME/w/gqhMAw+eH9e1HF71Yk1YytcDhz9kD6xrK
bExD2sMd0jJ5i58lSGDjBGQbc/kGcavi+48n6/PcVC9La69rD/Rzd1Fk8l4FARAy
0zC+V7y+tDG00eRBAW6fLW0mJY6/VkFfuPB5ApGrn9/317FqYnNcErF03brPC9Tl
FUWDm4QuBkJtyvCtQpJU04OcpuECAwEAAaOCAcUwggHBMB0GA1UdDgQWBBSWG1Ro
g8+k5K6zlsNRk4D19u/f2jAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MzA1Ni5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
oZYwDQYJKoZIhvcNAQELBQADggEBAHrz2rMrej/vypq0wV9fXtOxK2QIsxiduL61
xEEHKahadWAac4JoevD9HzNjzVNvjVkOZMSMupYn3e1DGmTrUfNZxD84KAM06aU3
nm1TWEoDTxeUecx0nax/n/Hmqb+oDa8I7Qs2RtIJrlWOIZ7cN2VIEcKBvad0Y3cG
jMkr2CT7S5B+fpBh1XsGMIlqj20UodPQlxtBwd+xm8Ml04ZlqsZ3PHV5Uj6VGu0q
C3b7cyVOQvlA4K6GEwNhStXpz0fkAghtHmV8PkRA4Jg2HawQ8QA+DnWZp6PKG3r9
7OgcdtANf+lzRWZ/t+bw8XSMAX/otvOQQjLpTUcUlpbtlN0MHRo=
-----END CERTIFICATE-----