Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143128.roa
File:                     AS143128.roa (raw, json)
Hash identifier:          a7qYa4kaU5MrxtGTiuA4Ma4E33ZB4j+PVhdysvB4rJA=
Subject key identifier:   00:40:2F:91:FB:0E:0C:1E:87:A2:78:27:3C:D7:98:99:86:B3:11:B0
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       2BCCEB7D7A656BF8F7C5051F6C4C60184170C722
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143128.roa
Signing time:             Wed 04 Mar 2026 06:08:03 +0000
ROA not before:           Wed 04 Mar 2026 06:03:03 +0000
ROA not after:            Wed 03 Mar 2027 06:08:03 +0000
asID:                     143128
IP address blocks:        240a:a1de::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2b:cc:eb:7d:7a:65:6b:f8:f7:c5:05:1f:6c:4c:60:18:41:70:c7:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:03:03 2026 GMT
            Not After : Mar  3 06:08:03 2027 GMT
        Subject: CN=00402F91FB0E0C1E87A278273CD7989986B311B0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:bd:4a:f6:90:2d:b6:ca:0d:9e:5c:62:a4:87:
                    f6:4d:45:6a:3b:57:d8:da:86:27:b2:1f:9c:37:e7:
                    3c:77:6a:45:16:49:82:2f:e0:44:ad:9f:f3:32:d1:
                    eb:50:84:a8:98:95:96:2f:9e:26:19:31:ef:d3:7c:
                    c1:49:c9:bf:0f:71:43:c2:42:94:76:d1:91:e7:1b:
                    b5:f4:29:1c:46:9d:15:d3:70:e8:55:a5:e4:93:c1:
                    69:cd:5d:61:32:fd:e2:5c:f5:b0:29:d3:e8:27:22:
                    10:c7:41:58:55:f7:00:e8:96:22:b6:83:98:f7:9e:
                    00:b2:86:ae:92:0b:54:fd:80:20:ca:25:03:8f:54:
                    79:a0:31:8c:0e:6a:90:0e:0f:df:40:31:27:91:5a:
                    6b:20:c4:1a:76:ac:5b:a7:36:f5:dc:27:fb:fd:8f:
                    74:ed:79:56:c4:63:b6:0c:05:e4:ad:00:99:66:39:
                    6a:d8:25:86:60:f9:f6:57:57:64:f5:87:04:40:8c:
                    59:e9:40:7a:ad:9d:aa:b6:8a:1d:91:c7:e4:28:b5:
                    03:af:ca:70:9e:2a:15:11:18:c8:d2:5a:db:9f:d5:
                    e6:b4:fd:a2:ae:23:28:f9:44:c4:a3:56:bc:4d:b8:
                    ed:c2:e2:4d:c8:b3:00:c8:44:e2:da:82:8c:23:a4:
                    7f:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:40:2F:91:FB:0E:0C:1E:87:A2:78:27:3C:D7:98:99:86:B3:11:B0
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143128.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a1de::/32

    Signature Algorithm: sha256WithRSAEncryption
         19:ca:3b:98:1a:c9:54:7b:f4:95:02:72:26:e0:31:14:9f:d9:
         b9:8e:7d:3b:af:b3:fa:a6:50:a8:0e:e6:3f:34:15:4b:dc:c2:
         11:0e:30:fd:88:88:77:36:d4:c0:f2:e7:5a:b6:63:09:95:ec:
         ef:9b:69:88:7a:94:39:90:85:68:50:d5:37:ac:20:94:b0:58:
         98:f5:e2:b3:64:fd:45:ef:9f:64:cd:03:6f:b0:8a:e7:86:7f:
         2e:e3:ea:60:81:23:f4:51:26:9e:fd:28:c8:be:cb:1c:80:03:
         ba:a7:14:cb:11:ef:db:1c:ad:e3:12:b2:b3:5e:ae:28:1b:d0:
         13:6f:cb:3a:3f:c0:28:a5:ef:b3:ca:e9:9c:5c:f0:ba:36:78:
         a1:25:c5:d0:17:ac:8b:0d:4d:62:81:a3:0c:99:75:ed:c2:c1:
         31:73:f6:6a:65:3e:7e:9e:61:3a:11:ab:95:2a:64:a9:4e:58:
         e0:1d:7a:ed:61:de:83:eb:62:b0:0d:d0:eb:c6:e7:e4:70:d3:
         25:32:13:ea:15:8e:ab:bb:b3:39:f4:73:da:5f:aa:99:14:ec:
         74:fd:35:3f:55:95:c9:b7:bb:b7:34:7e:3e:7e:a7:af:cb:6f:
         4b:83:c1:17:15:71:6d:5c:f2:59:9f:cc:97:36:58:bc:ce:7f:
         3e:b0:73:ed
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUK8zrfXpla/j3xQUfbExgGEFwxyIwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDMwM1oX
DTI3MDMwMzA2MDgwM1owMzExMC8GA1UEAxMoMDA0MDJGOTFGQjBFMEMxRTg3QTI3
ODI3M0NENzk4OTk4NkIzMTFCMDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANq9SvaQLbbKDZ5cYqSH9k1FajtX2NqGJ7IfnDfnPHdqRRZJgi/gRK2f8zLR
61CEqJiVli+eJhkx79N8wUnJvw9xQ8JClHbRkecbtfQpHEadFdNw6FWl5JPBac1d
YTL94lz1sCnT6CciEMdBWFX3AOiWIraDmPeeALKGrpILVP2AIMolA49UeaAxjA5q
kA4P30AxJ5FaayDEGnasW6c29dwn+/2PdO15VsRjtgwF5K0AmWY5atglhmD59ldX
ZPWHBECMWelAeq2dqraKHZHH5Ci1A6/KcJ4qFREYyNJa25/V5rT9oq4jKPlExKNW
vE247cLiTcizAMhE4tqCjCOkfx0CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQAQC+R
+w4MHoeieCc815iZhrMRsDAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MzEyOC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
od4wDQYJKoZIhvcNAQELBQADggEBABnKO5gayVR79JUCcibgMRSf2bmOfTuvs/qm
UKgO5j80FUvcwhEOMP2IiHc21MDy51q2YwmV7O+baYh6lDmQhWhQ1TesIJSwWJj1
4rNk/UXvn2TNA2+wiueGfy7j6mCBI/RRJp79KMi+yxyAA7qnFMsR79screMSsrNe
rigb0BNvyzo/wCil77PK6Zxc8Lo2eKElxdAXrIsNTWKBowyZde3CwTFz9mplPn6e
YToRq5UqZKlOWOAdeu1h3oPrYrAN0OvG5+Rw0yUyE+oVjqu7szn0c9pfqpkU7HT9
NT9Vlcm3u7c0fj5+p6/Lb0uDwRcVcW1c8lmfzJc2WLzOfz6wc+0=
-----END CERTIFICATE-----