Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143139.roa
File:                     AS143139.roa (raw, json)
Hash identifier:          91h8NadA3DNPN4/+IU8iGEgTL2TU82BaZbnor5nR2/w=
Subject key identifier:   21:2F:2A:D7:72:58:98:B4:B8:63:66:8E:0B:5C:CF:A9:C1:E6:07:0A
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       78FF9299F499B98DE56DEAA2B7FAF04FBAFDD152
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143139.roa
Signing time:             Wed 04 Mar 2026 06:05:52 +0000
ROA not before:           Wed 04 Mar 2026 06:00:52 +0000
ROA not after:            Wed 03 Mar 2027 06:05:52 +0000
asID:                     143139
IP address blocks:        240a:a1e9::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            78:ff:92:99:f4:99:b9:8d:e5:6d:ea:a2:b7:fa:f0:4f:ba:fd:d1:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:00:52 2026 GMT
            Not After : Mar  3 06:05:52 2027 GMT
        Subject: CN=212F2AD7725898B4B863668E0B5CCFA9C1E6070A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:4a:9b:e6:d2:b4:b8:cc:7e:7c:0d:91:6d:49:
                    23:6c:06:e6:02:6e:2e:08:e6:4a:dd:04:f2:14:51:
                    42:63:0a:62:1a:b2:89:a0:ee:8a:e9:7d:39:49:a0:
                    23:4a:88:c5:4a:4d:2b:45:2a:36:31:8e:1c:a8:24:
                    a0:6f:6c:29:ae:11:eb:62:88:4a:f0:7d:f4:56:01:
                    28:e5:59:2c:96:fe:23:2d:f1:59:ac:c8:c6:55:44:
                    21:46:f9:7c:87:6e:8b:17:9c:be:7b:94:22:5c:95:
                    29:0f:d7:fc:65:e6:bf:72:77:43:e1:46:1e:a2:e3:
                    e9:ae:52:ee:7f:15:03:cc:09:7c:a4:1b:be:36:60:
                    c5:85:a1:1d:f6:cd:d6:4a:77:d9:09:4e:d4:34:2c:
                    b7:7a:c4:31:d4:aa:f0:83:17:ed:99:61:56:17:3f:
                    78:bb:05:80:17:d8:13:bd:77:6f:e8:9b:34:7d:d9:
                    e2:17:92:29:df:94:78:9e:78:a2:25:8a:78:61:b8:
                    fa:dc:25:61:f6:6e:9f:f5:2b:c3:21:fc:65:1a:eb:
                    b0:f4:f5:30:49:de:16:03:86:82:79:07:d3:b6:97:
                    2f:cc:93:f6:7a:57:a2:84:7a:3f:bb:62:a2:3f:b3:
                    5f:01:d2:23:dd:37:2c:66:8f:ae:01:19:4e:81:b1:
                    f3:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:2F:2A:D7:72:58:98:B4:B8:63:66:8E:0B:5C:CF:A9:C1:E6:07:0A
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143139.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a1e9::/32

    Signature Algorithm: sha256WithRSAEncryption
         9c:8a:60:eb:05:a5:15:7a:fd:ce:c8:81:23:ea:af:a5:c9:16:
         bb:f4:3a:c4:0e:a7:98:60:63:76:8d:2e:cf:c5:4e:fe:0d:fd:
         0c:c3:e8:71:d7:3f:d8:83:2d:8d:ff:16:04:8e:a7:60:d2:c8:
         51:64:54:bb:1e:96:67:1f:7d:f3:29:4f:c9:51:b0:eb:a4:18:
         da:b2:14:6d:53:ed:5a:39:e8:5e:8a:cb:82:29:34:b0:d4:5a:
         57:ce:15:9b:42:05:84:40:e6:1f:9b:cb:9b:41:e3:40:2e:91:
         ca:b7:a6:14:d9:84:bf:04:da:60:81:db:ff:cc:17:09:22:cc:
         71:28:40:58:fc:d5:a5:ee:2a:d1:59:b0:25:47:c1:f9:3e:dc:
         91:d9:32:10:74:af:c0:7f:d5:98:86:88:10:ba:c3:fd:d8:7f:
         61:57:ab:bf:21:a4:a9:86:7e:b3:ff:4a:69:22:1b:e0:4e:de:
         b5:2e:bf:b0:84:a6:d4:49:88:be:51:65:8e:48:ed:6d:2c:a2:
         76:ef:c7:3e:f1:6a:e9:22:d7:21:c7:8d:eb:6d:ca:73:7e:93:
         a6:f5:59:9a:99:ed:bb:e9:cd:8e:cd:23:f6:8b:32:ea:58:21:
         f7:a7:31:00:ca:7e:5c:64:3c:54:cf:9d:19:44:69:1e:55:0f:
         c1:2c:fc:59
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUeP+SmfSZuY3lbeqit/rwT7r90VIwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDA1MloX
DTI3MDMwMzA2MDU1MlowMzExMC8GA1UEAxMoMjEyRjJBRDc3MjU4OThCNEI4NjM2
NjhFMEI1Q0NGQTlDMUU2MDcwQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMpKm+bStLjMfnwNkW1JI2wG5gJuLgjmSt0E8hRRQmMKYhqyiaDuiul9OUmg
I0qIxUpNK0UqNjGOHKgkoG9sKa4R62KISvB99FYBKOVZLJb+Iy3xWazIxlVEIUb5
fIduixecvnuUIlyVKQ/X/GXmv3J3Q+FGHqLj6a5S7n8VA8wJfKQbvjZgxYWhHfbN
1kp32QlO1DQst3rEMdSq8IMX7ZlhVhc/eLsFgBfYE713b+ibNH3Z4heSKd+UeJ54
oiWKeGG4+twlYfZun/UrwyH8ZRrrsPT1MEneFgOGgnkH07aXL8yT9npXooR6P7ti
oj+zXwHSI903LGaPrgEZToGx83UCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQhLyrX
cliYtLhjZo4LXM+pweYHCjAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MzEzOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
oekwDQYJKoZIhvcNAQELBQADggEBAJyKYOsFpRV6/c7IgSPqr6XJFrv0OsQOp5hg
Y3aNLs/FTv4N/QzD6HHXP9iDLY3/FgSOp2DSyFFkVLselmcfffMpT8lRsOukGNqy
FG1T7Vo56F6Ky4IpNLDUWlfOFZtCBYRA5h+by5tB40Aukcq3phTZhL8E2mCB2//M
FwkizHEoQFj81aXuKtFZsCVHwfk+3JHZMhB0r8B/1ZiGiBC6w/3Yf2FXq78hpKmG
frP/SmkiG+BO3rUuv7CEptRJiL5RZY5I7W0sonbvxz7xauki1yHHjettynN+k6b1
WZqZ7bvpzY7NI/aLMupYIfenMQDKflxkPFTPnRlEaR5VD8Es/Fk=
-----END CERTIFICATE-----