Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143086.roa
File:                     AS143086.roa (raw, json)
Hash identifier:          lnL+PgOrN4QNH0uiUZPgb3R/c6xVVLXDAgIR0pxs9bs=
Subject key identifier:   DD:6A:78:A6:95:D2:41:13:66:8C:20:02:03:96:35:BD:7D:70:18:ED
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       392088CB220E461053B17C67AC667B377D9C4B7C
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143086.roa
Signing time:             Wed 04 Mar 2026 06:07:38 +0000
ROA not before:           Wed 04 Mar 2026 06:02:38 +0000
ROA not after:            Wed 03 Mar 2027 06:07:38 +0000
asID:                     143086
IP address blocks:        240a:a1b4::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:20:88:cb:22:0e:46:10:53:b1:7c:67:ac:66:7b:37:7d:9c:4b:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:02:38 2026 GMT
            Not After : Mar  3 06:07:38 2027 GMT
        Subject: CN=DD6A78A695D24113668C2002039635BD7D7018ED
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:58:c7:5b:b8:da:1e:da:b4:9d:7d:f2:db:4e:
                    4b:15:e6:8c:1d:28:9d:d0:49:84:8a:07:bf:c3:90:
                    6b:49:b1:37:7b:54:f0:7e:11:5a:89:bd:d7:99:9b:
                    bf:08:98:76:4e:ed:29:dd:25:85:52:39:18:68:12:
                    24:90:25:7b:44:ea:d8:dd:c2:77:97:6c:b7:c9:5e:
                    c5:a9:23:62:47:e0:b2:b6:35:0d:b8:5b:81:ed:2a:
                    56:10:dc:ee:41:84:91:64:78:9b:81:e4:71:93:f3:
                    77:20:92:5f:60:1c:6b:0b:9e:57:cc:f7:65:de:bd:
                    66:9c:0e:77:d6:71:bc:e7:91:09:9d:09:be:2c:0a:
                    04:ba:f5:0b:f4:a7:c8:87:79:be:3a:3f:c5:5d:1f:
                    cc:3b:fa:fb:7b:d9:b2:89:78:b4:bd:52:c2:a5:c7:
                    ac:23:9c:00:be:7c:90:1f:3c:96:81:b0:8d:de:c9:
                    9e:48:70:39:e5:ca:e8:53:8c:d9:91:c1:75:e6:76:
                    c2:c5:73:38:be:83:09:cf:07:16:04:43:fd:40:d9:
                    42:8c:db:a3:b8:1b:be:36:5e:26:6e:9b:99:2c:c3:
                    9b:f6:a0:63:55:74:80:dc:51:81:34:74:ef:ec:64:
                    4f:25:3a:da:c0:96:c8:0e:0d:fa:fb:21:dd:b4:1c:
                    c4:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:6A:78:A6:95:D2:41:13:66:8C:20:02:03:96:35:BD:7D:70:18:ED
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143086.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a1b4::/32

    Signature Algorithm: sha256WithRSAEncryption
         84:1f:59:9a:60:30:5e:22:10:06:86:c7:f7:f6:64:32:eb:d0:
         90:74:48:5c:b8:18:18:03:c9:0a:ff:c4:84:33:d7:af:3c:78:
         1c:04:bb:04:63:00:9f:76:ec:3b:f2:42:cd:ab:d4:9e:3d:9f:
         0b:b5:c7:b8:22:26:3a:64:65:f7:a4:7a:fd:2c:8a:69:ed:c2:
         d1:33:57:29:d4:1a:6b:c2:fb:7a:c7:ad:1b:11:fd:fc:90:ec:
         fe:83:4f:5d:ec:91:a6:9d:48:0e:a1:55:33:13:1d:4a:51:2c:
         51:6f:12:80:73:98:bc:28:79:e5:9e:cb:34:4e:7f:07:98:94:
         4a:aa:3e:c5:bf:5d:04:0c:c2:81:bf:f1:b0:0d:54:dd:cc:f9:
         5c:11:0c:87:f5:d7:a0:11:79:85:0a:24:d9:ac:f3:45:cb:ac:
         4a:87:cd:0e:a3:35:36:22:31:4d:bb:e3:04:7a:57:29:02:dc:
         d3:3a:d9:74:95:c0:00:d2:e7:50:aa:30:97:85:db:3c:c2:36:
         51:79:36:91:a1:2b:0b:4a:aa:b3:cb:35:a0:74:1f:4b:0c:bb:
         58:3f:5b:52:63:6b:3d:86:7e:f1:0b:07:1d:47:a9:7e:af:7e:
         62:9f:13:45:f6:09:20:cc:00:16:0e:ac:32:14:e3:20:36:e1:
         c9:d3:96:55
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUOSCIyyIORhBTsXxnrGZ7N32cS3wwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDIzOFoX
DTI3MDMwMzA2MDczOFowMzExMC8GA1UEAxMoREQ2QTc4QTY5NUQyNDExMzY2OEMy
MDAyMDM5NjM1QkQ3RDcwMThFRDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJtYx1u42h7atJ198ttOSxXmjB0ondBJhIoHv8OQa0mxN3tU8H4RWom915mb
vwiYdk7tKd0lhVI5GGgSJJAle0Tq2N3Cd5dst8lexakjYkfgsrY1Dbhbge0qVhDc
7kGEkWR4m4HkcZPzdyCSX2AcawueV8z3Zd69ZpwOd9ZxvOeRCZ0JviwKBLr1C/Sn
yId5vjo/xV0fzDv6+3vZsol4tL1SwqXHrCOcAL58kB88loGwjd7JnkhwOeXK6FOM
2ZHBdeZ2wsVzOL6DCc8HFgRD/UDZQozbo7gbvjZeJm6bmSzDm/agY1V0gNxRgTR0
7+xkTyU62sCWyA4N+vsh3bQcxP0CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBTdanim
ldJBE2aMIAIDljW9fXAY7TAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MzA4Ni5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
obQwDQYJKoZIhvcNAQELBQADggEBAIQfWZpgMF4iEAaGx/f2ZDLr0JB0SFy4GBgD
yQr/xIQz1688eBwEuwRjAJ927DvyQs2r1J49nwu1x7giJjpkZfekev0simntwtEz
VynUGmvC+3rHrRsR/fyQ7P6DT13skaadSA6hVTMTHUpRLFFvEoBzmLwoeeWeyzRO
fweYlEqqPsW/XQQMwoG/8bANVN3M+VwRDIf116AReYUKJNms80XLrEqHzQ6jNTYi
MU274wR6VykC3NM62XSVwADS51CqMJeF2zzCNlF5NpGhKwtKqrPLNaB0H0sMu1g/
W1Jjaz2GfvELBx1HqX6vfmKfE0X2CSDMABYOrDIU4yA24cnTllU=
-----END CERTIFICATE-----