Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143098.roa
File:                     AS143098.roa (raw, json)
Hash identifier:          rDbP8dfCcQcRG+ZuxWa7fTN5lOZvKIqUwDEHmsT4xLE=
Subject key identifier:   64:4A:BF:CC:E4:1E:53:E9:18:FB:56:22:B8:BD:67:06:50:1B:35:B6
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       6004882AA437C2374E5CF3FB447409C61D668AE5
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143098.roa
Signing time:             Wed 04 Mar 2026 06:05:51 +0000
ROA not before:           Wed 04 Mar 2026 06:00:51 +0000
ROA not after:            Wed 03 Mar 2027 06:05:51 +0000
asID:                     143098
IP address blocks:        240a:a1c0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            60:04:88:2a:a4:37:c2:37:4e:5c:f3:fb:44:74:09:c6:1d:66:8a:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:00:51 2026 GMT
            Not After : Mar  3 06:05:51 2027 GMT
        Subject: CN=644ABFCCE41E53E918FB5622B8BD6706501B35B6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:96:f2:54:e9:c2:12:ba:77:d9:17:de:15:13:
                    7b:24:c1:11:79:c7:b9:4f:ca:e4:32:99:9d:12:35:
                    1f:fa:bb:0e:aa:4a:f8:e8:cd:ff:4e:2c:a5:24:af:
                    7d:51:5b:f4:26:57:93:55:52:12:7e:c0:02:5e:c6:
                    98:0a:9c:f0:89:c9:f7:57:e0:80:9f:67:32:e2:5e:
                    0e:79:7a:87:0c:09:29:ca:a7:35:e7:7b:ec:d3:d6:
                    d4:14:6a:34:30:2d:e7:77:c7:1e:d8:34:4f:c1:0f:
                    5e:ea:90:7a:5b:c4:51:3b:5e:e5:f1:52:3e:8e:b3:
                    73:c7:0e:87:9c:84:fd:ea:15:33:db:bd:4c:93:0b:
                    8a:22:5a:8b:70:40:31:57:c0:ee:97:8c:99:2c:32:
                    ba:a2:08:d6:bf:8d:b2:9b:55:16:39:63:e7:b1:66:
                    57:5e:8e:35:96:37:16:c6:af:9a:02:3f:d4:cb:91:
                    16:e9:a6:59:f6:56:cc:72:16:85:b3:ef:85:22:3e:
                    2f:43:77:fe:8d:f4:e8:14:8a:e9:aa:1c:7e:18:a6:
                    ec:7e:23:86:47:d2:12:24:fa:4e:1e:93:7a:b8:48:
                    f9:94:8f:54:4d:9d:a6:be:96:26:bb:af:6c:ea:6a:
                    b4:99:af:74:16:0b:2a:e0:72:c4:1c:e8:d5:1c:e1:
                    72:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:4A:BF:CC:E4:1E:53:E9:18:FB:56:22:B8:BD:67:06:50:1B:35:B6
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143098.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a1c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         8a:cf:fb:82:d8:5d:da:6b:73:75:b4:50:74:4e:63:33:58:bd:
         86:66:9a:d9:85:ef:43:db:7b:4f:f4:c6:49:14:f8:ae:19:73:
         f8:8f:c5:50:5e:33:8e:77:0a:28:65:e1:5a:2a:8b:2a:b8:f9:
         0f:65:4a:30:49:af:c7:6e:5a:15:23:60:ec:4c:e5:df:c3:bb:
         e9:55:36:7a:7d:70:52:98:8a:65:88:75:94:4c:76:69:40:9c:
         b6:15:00:e1:d7:29:89:42:72:e0:c2:ec:a7:21:d3:3e:8e:36:
         4a:41:91:d7:d9:38:f4:81:af:5b:c9:68:4d:cf:e8:7e:a5:89:
         d0:b5:44:c3:8d:2f:21:1b:de:1c:ea:52:9e:2e:af:4f:18:de:
         f9:02:0f:bd:0f:97:fc:14:1f:b8:2a:d0:dd:91:9d:b3:78:9d:
         48:62:d4:94:97:cd:65:1e:de:ed:26:09:5e:05:09:5d:01:ff:
         b8:e4:da:a1:ec:91:a1:f1:9f:7d:cb:4d:0a:6d:a1:2c:23:1e:
         00:c4:43:fa:1a:ba:d6:99:fc:a1:90:2c:e2:00:76:1e:11:03:
         7c:48:17:5f:a7:7a:01:f8:18:23:c1:b1:e7:f1:7d:6e:98:23:
         a2:e0:56:6b:d7:dd:02:97:ad:2f:f0:58:ab:3a:0f:9f:2f:c4:
         03:fe:77:f1
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUYASIKqQ3wjdOXPP7RHQJxh1miuUwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDA1MVoX
DTI3MDMwMzA2MDU1MVowMzExMC8GA1UEAxMoNjQ0QUJGQ0NFNDFFNTNFOTE4RkI1
NjIyQjhCRDY3MDY1MDFCMzVCNjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKmW8lTpwhK6d9kX3hUTeyTBEXnHuU/K5DKZnRI1H/q7DqpK+OjN/04spSSv
fVFb9CZXk1VSEn7AAl7GmAqc8InJ91fggJ9nMuJeDnl6hwwJKcqnNed77NPW1BRq
NDAt53fHHtg0T8EPXuqQelvEUTte5fFSPo6zc8cOh5yE/eoVM9u9TJMLiiJai3BA
MVfA7peMmSwyuqII1r+NsptVFjlj57FmV16ONZY3FsavmgI/1MuRFummWfZWzHIW
hbPvhSI+L0N3/o306BSK6aocfhim7H4jhkfSEiT6Th6TerhI+ZSPVE2dpr6WJruv
bOpqtJmvdBYLKuByxBzo1Rzhct8CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBRkSr/M
5B5T6Rj7ViK4vWcGUBs1tjAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MzA5OC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
ocAwDQYJKoZIhvcNAQELBQADggEBAIrP+4LYXdprc3W0UHROYzNYvYZmmtmF70Pb
e0/0xkkU+K4Zc/iPxVBeM453Cihl4Voqiyq4+Q9lSjBJr8duWhUjYOxM5d/Du+lV
Nnp9cFKYimWIdZRMdmlAnLYVAOHXKYlCcuDC7Kch0z6ONkpBkdfZOPSBr1vJaE3P
6H6lidC1RMONLyEb3hzqUp4ur08Y3vkCD70Pl/wUH7gq0N2RnbN4nUhi1JSXzWUe
3u0mCV4FCV0B/7jk2qHskaHxn33LTQptoSwjHgDEQ/oautaZ/KGQLOIAdh4RA3xI
F1+negH4GCPBsefxfW6YI6LgVmvX3QKXrS/wWKs6D58vxAP+d/E=
-----END CERTIFICATE-----