Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143068.roa
File:                     AS143068.roa (raw, json)
Hash identifier:          UCufH1j4TlQbcsFSgCiTeY7EM1L2LBKdzRjmbEY9eIk=
Subject key identifier:   5B:09:C2:4E:44:A1:37:DB:1E:7D:BB:6C:8A:1E:72:77:9B:A3:BD:00
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       697BF7852D3560AD5BA76141CED963690982C668
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143068.roa
Signing time:             Wed 04 Mar 2026 06:06:57 +0000
ROA not before:           Wed 04 Mar 2026 06:01:57 +0000
ROA not after:            Wed 03 Mar 2027 06:06:57 +0000
asID:                     143068
IP address blocks:        240a:a1a2::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            69:7b:f7:85:2d:35:60:ad:5b:a7:61:41:ce:d9:63:69:09:82:c6:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:01:57 2026 GMT
            Not After : Mar  3 06:06:57 2027 GMT
        Subject: CN=5B09C24E44A137DB1E7DBB6C8A1E72779BA3BD00
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:f7:78:4f:c0:67:66:8e:5f:00:e4:c9:40:13:
                    49:2a:95:b4:40:e4:cc:19:7b:86:c0:31:38:59:c4:
                    46:1d:9d:c0:0a:29:d9:12:7a:c1:1a:10:d4:95:b6:
                    96:d4:07:a5:11:9d:7f:51:6a:b5:0c:c0:eb:6b:96:
                    a3:91:d9:8e:6b:11:5f:05:e2:4e:77:b9:91:ed:dd:
                    4d:7f:a4:c3:70:7a:29:38:66:7c:d1:54:f9:10:ed:
                    13:bd:e3:d0:74:22:c2:8d:d2:5c:99:f1:09:ce:34:
                    34:1c:f5:1e:7d:22:c8:b5:a9:49:c7:f0:52:df:c9:
                    b1:96:9c:cc:f5:be:70:5a:62:51:5d:6f:89:92:f1:
                    9a:a9:19:ad:99:b0:86:1e:04:ce:ca:1f:4c:68:47:
                    23:2b:3a:57:2a:f7:36:df:65:59:33:37:b4:83:32:
                    48:1f:84:b1:0b:20:47:bc:43:e1:ec:2a:00:e4:9f:
                    87:95:72:13:e4:5e:fe:85:8b:1a:cc:04:f8:92:9e:
                    ae:3a:89:15:c7:3e:14:42:0f:e0:a8:82:29:12:75:
                    45:9e:5b:c7:32:c7:39:28:53:8c:16:01:6c:a9:4a:
                    9b:5d:6a:f2:31:fa:e1:e2:fc:fd:6c:82:05:52:98:
                    49:03:ce:b6:fc:93:13:d1:3f:21:ce:86:f9:b9:16:
                    c9:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:09:C2:4E:44:A1:37:DB:1E:7D:BB:6C:8A:1E:72:77:9B:A3:BD:00
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143068.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a1a2::/32

    Signature Algorithm: sha256WithRSAEncryption
         81:af:11:9e:45:74:2d:aa:45:ca:b2:63:ab:f6:fc:7c:12:67:
         bd:b5:c6:45:b8:32:70:9d:88:66:b9:6e:93:a4:ae:39:90:2c:
         b3:47:d4:5f:b2:2b:7b:e2:65:b0:81:b4:22:f6:d8:49:f7:f7:
         2b:a1:17:2d:19:91:58:34:7a:13:67:54:da:79:ed:47:f8:fe:
         9b:9a:63:18:b2:e2:ef:7f:f8:21:4e:10:ca:4b:34:3e:b1:14:
         6b:08:65:90:96:23:62:4e:0d:b7:d1:98:6f:4c:17:2b:6a:c1:
         5d:f7:63:e3:96:8f:3f:05:9c:5c:09:ba:ee:8e:82:5f:97:f8:
         8e:9a:d9:d6:bc:1a:bb:a9:15:95:bb:b4:2e:e0:d4:ea:70:6c:
         27:fe:d3:e6:c2:c2:94:70:0a:0f:9a:30:81:2c:29:8c:3e:ba:
         21:d7:b5:bd:ca:0c:39:32:36:b7:ed:7b:38:d6:62:71:4b:1c:
         d9:a3:34:86:3f:ad:c4:c1:02:62:99:cb:12:3e:fc:a9:01:15:
         d7:3c:ef:37:04:8f:2b:ca:d3:09:5c:e1:23:ff:50:ac:d9:2d:
         af:b5:37:34:6b:40:5f:ef:24:4f:34:89:66:21:f5:7d:db:48:
         73:86:03:b4:4d:6b:4a:23:2a:58:b5:b6:5c:10:81:b6:10:be:
         bd:9b:d2:81
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUaXv3hS01YK1bp2FBztljaQmCxmgwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDE1N1oX
DTI3MDMwMzA2MDY1N1owMzExMC8GA1UEAxMoNUIwOUMyNEU0NEExMzdEQjFFN0RC
QjZDOEExRTcyNzc5QkEzQkQwMDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAML3eE/AZ2aOXwDkyUATSSqVtEDkzBl7hsAxOFnERh2dwAop2RJ6wRoQ1JW2
ltQHpRGdf1FqtQzA62uWo5HZjmsRXwXiTne5ke3dTX+kw3B6KThmfNFU+RDtE73j
0HQiwo3SXJnxCc40NBz1Hn0iyLWpScfwUt/JsZaczPW+cFpiUV1viZLxmqkZrZmw
hh4EzsofTGhHIys6Vyr3Nt9lWTM3tIMySB+EsQsgR7xD4ewqAOSfh5VyE+Re/oWL
GswE+JKerjqJFcc+FEIP4KiCKRJ1RZ5bxzLHOShTjBYBbKlKm11q8jH64eL8/WyC
BVKYSQPOtvyTE9E/Ic6G+bkWyRECAwEAAaOCAcUwggHBMB0GA1UdDgQWBBRbCcJO
RKE32x59u2yKHnJ3m6O9ADAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MzA2OC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
oaIwDQYJKoZIhvcNAQELBQADggEBAIGvEZ5FdC2qRcqyY6v2/HwSZ721xkW4MnCd
iGa5bpOkrjmQLLNH1F+yK3viZbCBtCL22En39yuhFy0ZkVg0ehNnVNp57Uf4/pua
Yxiy4u9/+CFOEMpLND6xFGsIZZCWI2JODbfRmG9MFytqwV33Y+OWjz8FnFwJuu6O
gl+X+I6a2da8GrupFZW7tC7g1OpwbCf+0+bCwpRwCg+aMIEsKYw+uiHXtb3KDDky
NrftezjWYnFLHNmjNIY/rcTBAmKZyxI+/KkBFdc87zcEjyvK0wlc4SP/UKzZLa+1
NzRrQF/vJE80iWYh9X3bSHOGA7RNa0ojKli1tlwQgbYQvr2b0oE=
-----END CERTIFICATE-----