Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143071.roa
File:                     AS143071.roa (raw, json)
Hash identifier:          5ddowBAGC6dSifNvbu2jjAM9q8alPJLEA1Jf/wqbi2o=
Subject key identifier:   78:25:6D:20:86:F3:69:55:AF:51:06:D5:BA:FC:20:76:76:53:22:4B
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       05E3910BBC40378BBA6351B3728A0F28D0659A84
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143071.roa
Signing time:             Wed 04 Mar 2026 06:05:36 +0000
ROA not before:           Wed 04 Mar 2026 06:00:36 +0000
ROA not after:            Wed 03 Mar 2027 06:05:36 +0000
asID:                     143071
IP address blocks:        240a:a1a5::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            05:e3:91:0b:bc:40:37:8b:ba:63:51:b3:72:8a:0f:28:d0:65:9a:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:00:36 2026 GMT
            Not After : Mar  3 06:05:36 2027 GMT
        Subject: CN=78256D2086F36955AF5106D5BAFC20767653224B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:78:cc:d0:9e:f4:65:02:58:5a:8e:04:9f:13:
                    f3:29:b1:3e:6c:de:b7:e6:c7:a8:24:8f:5c:9c:16:
                    79:08:20:54:84:0b:b0:ca:c2:0e:23:a2:13:25:e0:
                    36:13:6c:be:24:8d:b0:18:2a:48:50:41:8f:df:09:
                    fe:13:36:f9:45:3b:a7:1d:cc:1b:45:16:45:54:32:
                    38:28:78:7e:24:2f:6c:e7:4b:55:01:51:94:88:a4:
                    4e:92:3a:ca:98:fd:bc:84:76:9e:5c:ba:bf:04:ad:
                    24:54:4b:41:a4:83:8b:fa:6d:d4:e4:90:2e:2b:15:
                    ee:dc:81:b0:fd:e1:e8:c9:2c:74:66:48:5e:2d:72:
                    32:f4:a1:e8:f6:81:3d:d0:b3:a7:cc:bc:b1:29:9d:
                    74:4d:01:5b:cc:d7:33:2d:34:cd:08:c5:e6:71:d2:
                    36:64:22:45:86:b1:8e:90:fc:23:62:51:ef:7c:3e:
                    83:8c:4d:a6:a0:b2:32:30:d1:ec:ba:e0:9a:74:ee:
                    dc:46:e1:be:10:be:3a:d6:48:fc:24:7b:b2:75:fe:
                    43:58:fd:48:6c:25:a6:50:7d:33:34:77:c6:ff:33:
                    1a:e8:95:24:be:dc:ac:d2:5d:d7:e5:dd:c5:b2:db:
                    56:33:1e:df:a2:c2:06:ad:41:b0:d8:00:3a:63:fa:
                    f3:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:25:6D:20:86:F3:69:55:AF:51:06:D5:BA:FC:20:76:76:53:22:4B
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143071.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a1a5::/32

    Signature Algorithm: sha256WithRSAEncryption
         40:4e:1a:b5:b6:c4:b6:80:65:2e:46:14:63:09:69:fc:4a:0e:
         6d:c9:cf:f8:fc:ba:96:1d:0a:94:c1:14:6f:0c:2f:ff:b8:a5:
         21:6d:c2:6c:09:c3:ae:b2:72:92:88:70:68:1c:62:c9:c9:29:
         bf:33:59:80:5f:da:44:b9:b3:c5:af:84:a2:11:1a:fa:bc:9b:
         ad:18:b1:29:eb:f7:1c:1f:4b:50:8e:3f:de:db:61:e6:b6:50:
         47:95:d1:25:39:0b:67:03:f1:86:94:19:ec:1c:73:bc:41:25:
         79:b4:ce:f4:8f:b0:31:ae:de:d3:c9:71:ce:69:49:50:dd:c0:
         41:6d:40:c1:76:d1:e8:53:a8:07:b9:8f:43:65:42:a4:a1:12:
         65:a5:09:80:88:df:96:01:ec:5a:c7:30:fe:58:eb:e6:5b:19:
         76:53:98:f1:49:1e:21:d2:e5:e1:58:da:7b:70:5b:7c:ae:de:
         81:b4:b1:9b:a3:23:7a:cd:bf:a9:6f:7f:e0:93:4f:cb:64:29:
         38:56:d9:20:52:25:c1:5f:f4:cc:be:da:1b:3e:b3:f0:3d:34:
         88:4a:86:03:91:96:3a:1d:7f:5c:5d:49:05:2c:39:6c:bc:5f:
         d3:7c:af:d6:b1:42:0d:c4:d2:d8:5f:36:91:c4:a3:db:7b:56:
         2d:9b:a0:1f
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUBeORC7xAN4u6Y1GzcooPKNBlmoQwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDAzNloX
DTI3MDMwMzA2MDUzNlowMzExMC8GA1UEAxMoNzgyNTZEMjA4NkYzNjk1NUFGNTEw
NkQ1QkFGQzIwNzY3NjUzMjI0QjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKx4zNCe9GUCWFqOBJ8T8ymxPmzet+bHqCSPXJwWeQggVIQLsMrCDiOiEyXg
NhNsviSNsBgqSFBBj98J/hM2+UU7px3MG0UWRVQyOCh4fiQvbOdLVQFRlIikTpI6
ypj9vIR2nly6vwStJFRLQaSDi/pt1OSQLisV7tyBsP3h6MksdGZIXi1yMvSh6PaB
PdCzp8y8sSmddE0BW8zXMy00zQjF5nHSNmQiRYaxjpD8I2JR73w+g4xNpqCyMjDR
7LrgmnTu3EbhvhC+OtZI/CR7snX+Q1j9SGwlplB9MzR3xv8zGuiVJL7crNJd1+Xd
xbLbVjMe36LCBq1BsNgAOmP680MCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBR4JW0g
hvNpVa9RBtW6/CB2dlMiSzAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MzA3MS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
oaUwDQYJKoZIhvcNAQELBQADggEBAEBOGrW2xLaAZS5GFGMJafxKDm3Jz/j8upYd
CpTBFG8ML/+4pSFtwmwJw66ycpKIcGgcYsnJKb8zWYBf2kS5s8WvhKIRGvq8m60Y
sSnr9xwfS1COP97bYea2UEeV0SU5C2cD8YaUGewcc7xBJXm0zvSPsDGu3tPJcc5p
SVDdwEFtQMF20ehTqAe5j0NlQqShEmWlCYCI35YB7FrHMP5Y6+ZbGXZTmPFJHiHS
5eFY2ntwW3yu3oG0sZujI3rNv6lvf+CTT8tkKThW2SBSJcFf9My+2hs+s/A9NIhK
hgORljodf1xdSQUsOWy8X9N8r9axQg3E0thfNpHEo9t7Vi2boB8=
-----END CERTIFICATE-----