Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143126.roa
File:                     AS143126.roa (raw, json)
Hash identifier:          F6uuKMOPuK/lPp4of/Q+GwaNvO3X+WcobrtnMer9+xw=
Subject key identifier:   A7:F6:6B:43:3B:60:E6:46:56:5B:78:95:7F:CE:D1:F5:93:96:A9:92
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       7AFF2E009C2ECE12E2DF87F1FF8D72C047612BF8
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143126.roa
Signing time:             Wed 04 Mar 2026 06:07:59 +0000
ROA not before:           Wed 04 Mar 2026 06:02:59 +0000
ROA not after:            Wed 03 Mar 2027 06:07:59 +0000
asID:                     143126
IP address blocks:        240a:a1dc::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7a:ff:2e:00:9c:2e:ce:12:e2:df:87:f1:ff:8d:72:c0:47:61:2b:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:02:59 2026 GMT
            Not After : Mar  3 06:07:59 2027 GMT
        Subject: CN=A7F66B433B60E646565B78957FCED1F59396A992
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:bb:47:c5:47:11:d1:dd:e1:b2:17:41:0a:64:
                    1f:72:d5:1c:f3:bc:68:b8:e5:b7:ba:76:bf:7a:6a:
                    2f:34:d3:72:e7:51:40:fa:4f:f9:e7:db:d6:5e:a5:
                    ed:fc:49:b7:f6:27:36:59:53:f9:b2:45:be:c0:95:
                    78:a9:96:61:68:1b:0c:9a:36:0b:5e:3f:ba:ba:d7:
                    a5:ff:6f:53:97:16:39:06:4f:a2:03:f4:4a:9b:ed:
                    4c:a0:0d:ad:eb:6d:d3:64:48:67:fc:d7:ff:ea:f9:
                    78:97:e0:86:dc:d6:b6:ad:29:3c:d5:18:63:dd:81:
                    78:07:dd:10:3c:aa:fe:f6:6f:41:25:19:ed:ea:6a:
                    53:f1:08:bc:cf:11:9a:4d:15:5d:86:b8:c1:0b:14:
                    90:55:2a:95:8b:f7:a8:04:4f:01:0c:ed:cd:a3:bc:
                    b7:61:86:8a:77:04:3e:8d:a2:da:f7:1e:18:56:df:
                    56:1a:d6:b0:73:4f:ad:67:51:7a:83:1d:8f:51:25:
                    10:65:63:7b:02:a4:bb:e1:9b:42:63:8c:4a:cb:8a:
                    f1:63:d3:da:44:0e:1d:b2:c6:ee:db:39:c1:4b:ca:
                    ab:74:f2:dc:e0:44:15:ad:d4:31:6c:0b:88:4b:72:
                    99:f8:c8:cc:e3:30:99:38:d8:1e:30:9e:34:d4:81:
                    77:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:F6:6B:43:3B:60:E6:46:56:5B:78:95:7F:CE:D1:F5:93:96:A9:92
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143126.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a1dc::/32

    Signature Algorithm: sha256WithRSAEncryption
         1c:09:2b:35:0a:05:60:63:45:a6:c3:ff:0e:a9:ec:e9:d1:a1:
         7e:fc:05:f0:4f:72:e8:76:05:6a:b5:5c:67:f2:63:9b:4d:9d:
         56:3b:76:e2:e0:3e:21:3c:ee:b0:58:f8:2d:30:7c:62:a4:a0:
         38:74:f8:65:e4:ba:51:55:c7:21:ba:19:4d:4e:c5:3e:64:38:
         50:a7:52:94:f5:a5:2f:cb:6f:53:73:19:b3:24:56:61:ee:8c:
         26:eb:15:56:0d:ce:c3:46:62:e0:d8:c2:76:34:6f:75:70:63:
         cf:41:b1:3f:6b:5b:f7:a2:eb:83:c0:99:52:9b:a5:2c:58:66:
         d1:af:eb:60:fe:a0:78:ac:82:3b:e2:ee:ff:f8:28:0b:fc:44:
         c5:57:36:09:b7:f7:fa:e4:16:79:1c:af:80:76:cd:4f:c4:70:
         bd:2d:33:cb:07:62:53:d8:bc:2e:2d:b3:c5:cf:ae:51:f0:8e:
         dc:06:e8:94:cf:4e:b1:e7:c5:b9:aa:ac:8b:22:6d:32:69:05:
         89:d1:ee:62:b6:c2:67:9d:00:c6:b1:b0:96:b5:05:14:8b:bb:
         02:21:30:0a:38:52:82:02:ee:e6:eb:32:c6:09:32:be:a0:2c:
         84:f8:d1:0e:f8:68:bb:86:e4:09:26:a0:d4:d0:de:4b:5f:87:
         22:65:5f:9b
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUev8uAJwuzhLi34fx/41ywEdhK/gwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDI1OVoX
DTI3MDMwMzA2MDc1OVowMzExMC8GA1UEAxMoQTdGNjZCNDMzQjYwRTY0NjU2NUI3
ODk1N0ZDRUQxRjU5Mzk2QTk5MjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMe7R8VHEdHd4bIXQQpkH3LVHPO8aLjlt7p2v3pqLzTTcudRQPpP+efb1l6l
7fxJt/YnNllT+bJFvsCVeKmWYWgbDJo2C14/urrXpf9vU5cWOQZPogP0SpvtTKAN
rett02RIZ/zX/+r5eJfghtzWtq0pPNUYY92BeAfdEDyq/vZvQSUZ7epqU/EIvM8R
mk0VXYa4wQsUkFUqlYv3qARPAQztzaO8t2GGincEPo2i2vceGFbfVhrWsHNPrWdR
eoMdj1ElEGVjewKku+GbQmOMSsuK8WPT2kQOHbLG7ts5wUvKq3Ty3OBEFa3UMWwL
iEtymfjIzOMwmTjYHjCeNNSBd5UCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBSn9mtD
O2DmRlZbeJV/ztH1k5apkjAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MzEyNi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
odwwDQYJKoZIhvcNAQELBQADggEBABwJKzUKBWBjRabD/w6p7OnRoX78BfBPcuh2
BWq1XGfyY5tNnVY7duLgPiE87rBY+C0wfGKkoDh0+GXkulFVxyG6GU1OxT5kOFCn
UpT1pS/Lb1NzGbMkVmHujCbrFVYNzsNGYuDYwnY0b3VwY89BsT9rW/ei64PAmVKb
pSxYZtGv62D+oHisgjvi7v/4KAv8RMVXNgm39/rkFnkcr4B2zU/EcL0tM8sHYlPY
vC4ts8XPrlHwjtwG6JTPTrHnxbmqrIsibTJpBYnR7mK2wmedAMaxsJa1BRSLuwIh
MAo4UoIC7ubrMsYJMr6gLIT40Q74aLuG5AkmoNTQ3ktfhyJlX5s=
-----END CERTIFICATE-----