Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143122.roa
File:                     AS143122.roa (raw, json)
Hash identifier:          iXZfIx6YDrC5wwqRW/H+SjkIobgH6uQdeszCV6F0pO0=
Subject key identifier:   21:B7:F9:1A:13:62:FC:2C:8A:03:A3:EC:39:20:48:9B:05:06:04:70
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       447D773466CC74B3D1B7F1998AA12C467A9ADDC6
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143122.roa
Signing time:             Wed 04 Mar 2026 06:08:04 +0000
ROA not before:           Wed 04 Mar 2026 06:03:04 +0000
ROA not after:            Wed 03 Mar 2027 06:08:04 +0000
asID:                     143122
IP address blocks:        240a:a1d8::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:7d:77:34:66:cc:74:b3:d1:b7:f1:99:8a:a1:2c:46:7a:9a:dd:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:03:04 2026 GMT
            Not After : Mar  3 06:08:04 2027 GMT
        Subject: CN=21B7F91A1362FC2C8A03A3EC3920489B05060470
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:67:d6:10:6c:22:f3:d8:7f:56:66:ba:bd:9d:
                    4f:2a:0c:c2:43:3f:cf:b3:5a:9b:ba:6d:94:0d:9f:
                    a0:20:f8:1e:b2:c9:eb:ed:f2:63:3c:7b:28:22:fb:
                    2a:c9:fd:89:44:8b:48:f9:22:c3:16:74:e0:ce:a0:
                    ae:ae:66:75:2a:da:a3:1d:4e:0d:a9:38:9e:1c:8c:
                    4f:1e:f4:0f:3a:5b:7f:f8:bc:c1:59:82:04:ef:d4:
                    6a:2b:dc:ff:f8:30:67:73:13:04:61:f5:66:51:05:
                    d1:ba:28:50:34:74:42:ba:60:25:2c:2d:5b:7c:54:
                    7a:42:19:34:05:7b:6b:84:bc:85:c8:14:85:7e:47:
                    58:13:24:c2:74:05:01:2f:7b:cf:4c:45:c1:20:a3:
                    f5:b3:b2:74:93:39:17:0a:d2:d3:55:12:d9:3e:91:
                    5b:aa:b1:de:c6:c7:a5:70:68:8c:82:3a:02:86:56:
                    93:03:5d:e7:05:4e:a9:b8:01:e4:a2:53:d3:d5:ae:
                    8c:ea:94:e4:3c:50:13:21:96:3f:bc:3b:6b:5d:c4:
                    5e:88:65:4f:7d:43:a2:23:fd:62:17:3b:4c:6e:a5:
                    c4:48:9a:f6:20:ba:af:9c:d4:fd:03:8b:0e:a8:a9:
                    60:8c:e6:1f:8b:f6:36:46:18:ab:9e:12:0a:bb:d5:
                    c4:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:B7:F9:1A:13:62:FC:2C:8A:03:A3:EC:39:20:48:9B:05:06:04:70
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143122.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a1d8::/32

    Signature Algorithm: sha256WithRSAEncryption
         9c:b7:26:38:ba:80:4c:ef:06:0c:63:23:3b:4d:89:f2:e7:b7:
         2c:1c:7a:b8:2c:24:60:59:42:2b:21:ff:7d:59:7c:b2:57:f5:
         2a:d3:b3:00:50:53:19:d1:b1:d3:95:af:90:79:63:5e:c7:f7:
         37:27:20:a9:f8:aa:1f:17:3e:81:6b:b2:f3:87:b2:37:81:f9:
         72:f2:82:a1:a1:32:b9:01:66:13:c8:fe:8f:b9:b0:97:a8:94:
         1f:de:ae:7e:e8:6c:db:b4:d6:09:ca:3a:7e:63:09:75:85:cd:
         5a:13:02:bd:5e:3f:5b:91:8c:b8:d9:92:74:fb:59:16:b6:36:
         0a:39:a9:70:a4:2f:8d:6b:b8:a1:50:df:66:c2:43:86:6f:63:
         d6:cd:4e:ac:63:c7:a5:b4:81:c7:0d:cf:98:09:d3:97:86:c5:
         83:7c:1b:39:53:87:2d:1c:74:0c:d5:db:8a:02:8b:be:85:55:
         f0:e0:9e:04:21:ce:4c:81:a9:8c:f8:51:27:7f:51:53:01:ac:
         f8:ba:6b:7d:c7:34:11:39:43:c0:74:13:d2:1e:64:ff:14:30:
         90:64:66:c3:8a:48:70:da:9c:77:59:7b:ef:04:0a:b5:0a:b5:
         18:dc:88:2c:d7:64:af:16:fd:2c:61:41:50:35:ac:db:7f:be:
         1f:c3:90:e1
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIURH13NGbMdLPRt/GZiqEsRnqa3cYwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDMwNFoX
DTI3MDMwMzA2MDgwNFowMzExMC8GA1UEAxMoMjFCN0Y5MUExMzYyRkMyQzhBMDNB
M0VDMzkyMDQ4OUIwNTA2MDQ3MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANdn1hBsIvPYf1Zmur2dTyoMwkM/z7Nam7ptlA2foCD4HrLJ6+3yYzx7KCL7
Ksn9iUSLSPkiwxZ04M6grq5mdSraox1ODak4nhyMTx70Dzpbf/i8wVmCBO/Uaivc
//gwZ3MTBGH1ZlEF0booUDR0QrpgJSwtW3xUekIZNAV7a4S8hcgUhX5HWBMkwnQF
AS97z0xFwSCj9bOydJM5FwrS01US2T6RW6qx3sbHpXBojII6AoZWkwNd5wVOqbgB
5KJT09WujOqU5DxQEyGWP7w7a13EXohlT31DoiP9Yhc7TG6lxEia9iC6r5zU/QOL
DqipYIzmH4v2NkYYq54SCrvVxJcCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQht/ka
E2L8LIoDo+w5IEibBQYEcDAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MzEyMi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
odgwDQYJKoZIhvcNAQELBQADggEBAJy3Jji6gEzvBgxjIztNifLntywcergsJGBZ
Qish/31ZfLJX9SrTswBQUxnRsdOVr5B5Y17H9zcnIKn4qh8XPoFrsvOHsjeB+XLy
gqGhMrkBZhPI/o+5sJeolB/ern7obNu01gnKOn5jCXWFzVoTAr1eP1uRjLjZknT7
WRa2Ngo5qXCkL41ruKFQ32bCQ4ZvY9bNTqxjx6W0gccNz5gJ05eGxYN8GzlThy0c
dAzV24oCi76FVfDgngQhzkyBqYz4USd/UVMBrPi6a33HNBE5Q8B0E9IeZP8UMJBk
ZsOKSHDanHdZe+8ECrUKtRjciCzXZK8W/SxhQVA1rNt/vh/DkOE=
-----END CERTIFICATE-----