Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143137.roa
File:                     AS143137.roa (raw, json)
Hash identifier:          p2BVT0AXYXs5y+w1BkY52IzCbznTSaUjTGIDMlBF30c=
Subject key identifier:   20:C9:B9:DE:3A:43:52:78:6F:9D:8D:57:D8:A5:C2:58:BE:2E:98:BE
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       1890BBEAD56B6CB91AE4E74A0CA52125016C434D
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143137.roa
Signing time:             Wed 04 Mar 2026 06:06:25 +0000
ROA not before:           Wed 04 Mar 2026 06:01:25 +0000
ROA not after:            Wed 03 Mar 2027 06:06:25 +0000
asID:                     143137
IP address blocks:        240a:a1e7::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:90:bb:ea:d5:6b:6c:b9:1a:e4:e7:4a:0c:a5:21:25:01:6c:43:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:01:25 2026 GMT
            Not After : Mar  3 06:06:25 2027 GMT
        Subject: CN=20C9B9DE3A4352786F9D8D57D8A5C258BE2E98BE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:8e:9d:a8:88:05:2c:27:5f:04:2f:1e:b3:d8:
                    2c:b0:72:d9:2e:a1:54:a2:be:86:3b:e7:08:3a:ef:
                    c1:ad:eb:ad:9e:b1:c7:ab:f7:20:b3:9d:3c:70:62:
                    b1:48:37:fc:b7:68:05:eb:d9:4f:b1:73:df:b3:1f:
                    63:4b:f4:e9:e5:cc:66:4e:f5:ac:86:68:53:79:ad:
                    38:47:a4:49:62:a3:6b:1c:47:5d:0c:f1:f3:aa:4a:
                    2b:a2:1b:ba:11:44:ee:5f:87:c4:4d:f1:99:9d:f6:
                    9b:55:95:2c:13:17:49:90:0e:22:05:38:73:e5:df:
                    cb:1b:cb:31:a7:f1:10:13:7e:c1:69:e1:c8:62:12:
                    ee:16:d8:3a:49:03:29:91:ed:94:8a:11:67:c2:a4:
                    2a:e2:b0:2a:14:45:7e:6e:ac:93:ca:a6:7f:66:fc:
                    07:3b:4e:e6:66:0d:a3:62:a7:7f:72:2b:bb:97:ae:
                    28:5b:98:be:c7:36:43:56:64:b4:61:81:d6:fc:62:
                    fb:c8:70:be:20:5d:d4:b0:53:a7:62:74:9e:0f:34:
                    21:af:ce:6c:8c:b4:f1:80:57:83:28:d4:0f:dd:22:
                    9b:53:8e:71:9a:57:ab:40:1b:ba:35:ac:05:e2:0f:
                    c5:88:b2:a4:b8:38:71:e1:2b:6a:24:29:a5:27:39:
                    05:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:C9:B9:DE:3A:43:52:78:6F:9D:8D:57:D8:A5:C2:58:BE:2E:98:BE
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143137.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a1e7::/32

    Signature Algorithm: sha256WithRSAEncryption
         3d:92:c2:8f:eb:9e:fa:f5:45:04:50:d7:0f:b0:19:ed:1c:ad:
         f2:64:3d:cb:b1:36:2f:67:73:ff:fb:b2:66:23:59:f0:a5:af:
         80:14:50:90:b2:54:ec:61:18:99:52:39:79:6a:1d:f5:b0:d5:
         09:8a:05:93:93:c6:24:16:42:ab:57:d1:3b:8d:0f:c0:84:10:
         92:1b:87:a4:81:2b:42:34:4c:3c:01:04:62:3e:7a:ec:9f:b8:
         e8:9f:53:c1:7d:2b:e5:93:f0:85:98:71:a5:6d:4d:3a:36:62:
         cb:af:2d:77:31:e9:8c:08:3f:ff:8c:14:8c:99:26:e4:32:89:
         0a:5b:0b:e6:14:84:e4:0f:98:9d:ed:0f:39:3b:76:bd:17:28:
         8e:36:9d:e2:a8:d2:81:ab:cd:a1:a9:33:a3:1c:c3:22:5c:ca:
         46:b1:30:31:54:58:75:0f:16:57:07:12:bf:e1:7f:00:b7:38:
         3c:7b:6b:49:b3:5e:d5:8a:86:14:e9:18:bf:88:d1:f5:ee:a4:
         6c:59:6b:ba:f1:cb:ec:a7:d5:61:36:10:37:00:6f:3a:da:bb:
         80:3b:26:0e:43:3b:19:7b:66:5b:b7:82:5d:7b:33:c9:b5:ad:
         fe:da:62:f1:f7:78:88:7e:d6:d3:e2:cc:31:65:0c:a5:0f:7e:
         5d:81:c6:c2
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUGJC76tVrbLka5OdKDKUhJQFsQ00wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDEyNVoX
DTI3MDMwMzA2MDYyNVowMzExMC8GA1UEAxMoMjBDOUI5REUzQTQzNTI3ODZGOUQ4
RDU3RDhBNUMyNThCRTJFOThCRTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOCOnaiIBSwnXwQvHrPYLLBy2S6hVKK+hjvnCDrvwa3rrZ6xx6v3ILOdPHBi
sUg3/LdoBevZT7Fz37MfY0v06eXMZk71rIZoU3mtOEekSWKjaxxHXQzx86pKK6Ib
uhFE7l+HxE3xmZ32m1WVLBMXSZAOIgU4c+XfyxvLMafxEBN+wWnhyGIS7hbYOkkD
KZHtlIoRZ8KkKuKwKhRFfm6sk8qmf2b8BztO5mYNo2Knf3Iru5euKFuYvsc2Q1Zk
tGGB1vxi+8hwviBd1LBTp2J0ng80Ia/ObIy08YBXgyjUD90im1OOcZpXq0AbujWs
BeIPxYiypLg4ceEraiQppSc5BU8CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQgybne
OkNSeG+djVfYpcJYvi6YvjAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MzEzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
oecwDQYJKoZIhvcNAQELBQADggEBAD2Swo/rnvr1RQRQ1w+wGe0crfJkPcuxNi9n
c//7smYjWfClr4AUUJCyVOxhGJlSOXlqHfWw1QmKBZOTxiQWQqtX0TuND8CEEJIb
h6SBK0I0TDwBBGI+euyfuOifU8F9K+WT8IWYcaVtTTo2YsuvLXcx6YwIP/+MFIyZ
JuQyiQpbC+YUhOQPmJ3tDzk7dr0XKI42neKo0oGrzaGpM6McwyJcykaxMDFUWHUP
FlcHEr/hfwC3ODx7a0mzXtWKhhTpGL+I0fXupGxZa7rxy+yn1WE2EDcAbzrau4A7
Jg5DOxl7Zlu3gl17M8m1rf7aYvH3eIh+1tPizDFlDKUPfl2BxsI=
-----END CERTIFICATE-----