Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143099.roa
File:                     AS143099.roa (raw, json)
Hash identifier:          QJmoKMtSdStIgT+gc/wS+YQJAWcLGn83WyZo91SBUNo=
Subject key identifier:   A9:F7:A5:1C:D3:4B:AF:9B:56:6A:53:B6:5A:6C:81:D6:D7:9A:7B:35
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       0B6961F7936242482E1FB4BE72BF55F2CE41588C
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143099.roa
Signing time:             Wed 04 Mar 2026 06:07:44 +0000
ROA not before:           Wed 04 Mar 2026 06:02:44 +0000
ROA not after:            Wed 03 Mar 2027 06:07:44 +0000
asID:                     143099
IP address blocks:        240a:a1c1::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0b:69:61:f7:93:62:42:48:2e:1f:b4:be:72:bf:55:f2:ce:41:58:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:02:44 2026 GMT
            Not After : Mar  3 06:07:44 2027 GMT
        Subject: CN=A9F7A51CD34BAF9B566A53B65A6C81D6D79A7B35
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:e0:5d:cd:1f:5d:c4:c9:c8:28:20:f2:f6:1b:
                    ed:f3:d1:54:63:e6:02:91:64:ee:4c:02:c1:5f:f7:
                    f7:4e:82:db:c7:36:c8:6b:c8:21:86:c8:8b:82:ce:
                    bc:6d:87:dc:fd:ca:0a:f0:df:de:f0:79:92:78:f1:
                    1c:a5:22:47:c3:84:96:ff:93:dd:b7:5a:31:05:71:
                    52:e1:65:be:ed:05:e0:47:ae:06:ac:3b:6f:f3:15:
                    14:0f:61:79:fb:37:f7:c6:71:ff:c3:b8:bb:53:17:
                    8c:00:14:10:16:a5:0c:fc:db:c9:17:a1:b4:a2:d7:
                    6e:2f:4f:c3:c2:cc:e1:72:e3:52:8a:00:1a:db:dd:
                    ba:8c:0d:5a:5c:57:43:85:ca:4a:1e:77:50:0e:0e:
                    31:fe:0a:7e:c3:41:9c:da:ec:71:a9:ce:4c:0a:07:
                    c9:c0:cc:16:24:74:84:87:20:c9:7a:7c:20:e8:7e:
                    83:53:46:55:7d:2c:78:0b:ac:68:7c:02:c6:bb:7f:
                    a4:a8:52:a5:d7:e8:1a:bf:9f:25:cd:1f:ea:af:b5:
                    15:2c:ab:71:8d:62:69:c3:ca:80:31:97:c9:b9:1a:
                    5b:9c:98:7d:81:f3:d2:f4:5f:b5:bc:c4:32:2a:01:
                    10:3f:39:92:8a:0a:86:50:e5:98:bd:29:32:22:31:
                    7f:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:F7:A5:1C:D3:4B:AF:9B:56:6A:53:B6:5A:6C:81:D6:D7:9A:7B:35
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143099.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a1c1::/32

    Signature Algorithm: sha256WithRSAEncryption
         ad:08:a1:b8:05:6f:91:a6:1a:7a:f4:71:f1:aa:9a:91:44:16:
         20:7d:97:ba:f9:22:ef:16:33:ff:a8:6d:f9:dc:54:79:80:80:
         e8:35:dd:d3:73:ec:03:33:78:4c:97:69:c6:d6:8f:08:38:0d:
         00:47:a1:40:92:a4:0f:21:d4:f1:d3:ce:a5:70:bf:03:aa:4c:
         23:42:ce:95:b7:f6:b4:92:27:ee:c3:bf:d8:99:9e:d8:f4:57:
         ed:54:88:21:64:fb:4f:e4:1a:79:1a:44:fc:71:fc:83:eb:c6:
         41:9e:e9:22:08:6f:49:47:8f:46:f2:d5:04:4f:83:6d:60:3d:
         62:53:3c:3e:ac:55:b8:a9:62:5a:97:b2:6d:e7:19:e0:e2:52:
         05:30:f9:03:44:5b:38:19:48:ef:52:7a:f3:fd:d3:1d:be:67:
         46:c9:39:a9:ab:f7:6e:9f:65:58:15:ae:76:f0:35:b6:8c:f6:
         49:6c:b7:09:ac:09:56:a1:27:32:7e:b4:35:3a:0b:83:f2:4e:
         d6:16:d6:31:21:5f:ee:f5:fd:f2:0a:0b:67:61:96:87:ba:6a:
         66:a3:b4:de:af:f5:9f:72:fe:50:6f:c4:c0:dc:12:72:e3:1a:
         09:e4:96:e2:8d:6c:07:96:6e:5d:06:cd:fb:ea:8a:71:c0:24:
         ca:05:36:16
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUC2lh95NiQkguH7S+cr9V8s5BWIwwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDI0NFoX
DTI3MDMwMzA2MDc0NFowMzExMC8GA1UEAxMoQTlGN0E1MUNEMzRCQUY5QjU2NkE1
M0I2NUE2QzgxRDZENzlBN0IzNTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJHgXc0fXcTJyCgg8vYb7fPRVGPmApFk7kwCwV/3906C28c2yGvIIYbIi4LO
vG2H3P3KCvDf3vB5knjxHKUiR8OElv+T3bdaMQVxUuFlvu0F4EeuBqw7b/MVFA9h
efs398Zx/8O4u1MXjAAUEBalDPzbyRehtKLXbi9Pw8LM4XLjUooAGtvduowNWlxX
Q4XKSh53UA4OMf4KfsNBnNrscanOTAoHycDMFiR0hIcgyXp8IOh+g1NGVX0seAus
aHwCxrt/pKhSpdfoGr+fJc0f6q+1FSyrcY1iacPKgDGXybkaW5yYfYHz0vRftbzE
MioBED85kooKhlDlmL0pMiIxfyMCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBSp96Uc
00uvm1ZqU7ZabIHW15p7NTAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MzA5OS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
ocEwDQYJKoZIhvcNAQELBQADggEBAK0IobgFb5GmGnr0cfGqmpFEFiB9l7r5Iu8W
M/+obfncVHmAgOg13dNz7AMzeEyXacbWjwg4DQBHoUCSpA8h1PHTzqVwvwOqTCNC
zpW39rSSJ+7Dv9iZntj0V+1UiCFk+0/kGnkaRPxx/IPrxkGe6SIIb0lHj0by1QRP
g21gPWJTPD6sVbipYlqXsm3nGeDiUgUw+QNEWzgZSO9SevP90x2+Z0bJOamr926f
ZVgVrnbwNbaM9klstwmsCVahJzJ+tDU6C4PyTtYW1jEhX+71/fIKC2dhloe6amaj
tN6v9Z9y/lBvxMDcEnLjGgnkluKNbAeWbl0GzfvqinHAJMoFNhY=
-----END CERTIFICATE-----