Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143141.roa
File:                     AS143141.roa (raw, json)
Hash identifier:          0DAkqadb9f83HBlp/enPQG2WtExfCNqwMGxy2U9rQm0=
Subject key identifier:   F7:D6:B3:56:FF:11:BD:48:BC:32:C7:B9:B5:79:DE:1F:11:CB:C1:EF
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       CE25FE4BC9F114E0CC7F13A74E09AD336A640B
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143141.roa
Signing time:             Wed 04 Mar 2026 06:06:36 +0000
ROA not before:           Wed 04 Mar 2026 06:01:36 +0000
ROA not after:            Wed 03 Mar 2027 06:06:36 +0000
asID:                     143141
IP address blocks:        240a:a1eb::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            ce:25:fe:4b:c9:f1:14:e0:cc:7f:13:a7:4e:09:ad:33:6a:64:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:01:36 2026 GMT
            Not After : Mar  3 06:06:36 2027 GMT
        Subject: CN=F7D6B356FF11BD48BC32C7B9B579DE1F11CBC1EF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:84:7b:73:68:0a:2e:15:43:21:1d:3c:7f:bb:
                    e9:ae:7f:3e:83:55:a7:92:d3:8d:3a:97:ab:0b:63:
                    27:7d:4f:6b:af:92:03:68:89:59:a8:35:cc:29:80:
                    8f:75:a4:b9:16:22:a1:68:3b:93:22:03:3f:d5:27:
                    fa:74:76:f0:e6:dc:b2:c2:d6:9d:70:d3:0c:86:f7:
                    c3:df:83:5b:f7:a3:fa:75:41:80:0e:91:bb:fa:1d:
                    d7:84:c8:ee:0e:14:2d:c8:d3:1b:64:80:31:01:33:
                    da:44:de:e5:d6:9f:03:c3:6b:db:d8:f3:50:72:0e:
                    f1:ba:3c:ed:0e:fa:6d:1c:41:57:3d:30:0b:4f:3c:
                    99:02:ff:55:62:13:0c:df:d1:23:e1:71:95:73:e2:
                    b2:6a:4d:e5:fa:91:19:c4:74:49:b5:d8:51:b2:03:
                    66:79:23:f8:fc:c8:bf:14:5d:a8:6e:68:ec:d8:d7:
                    50:3d:d9:8f:e8:53:6f:e3:68:b7:77:be:9a:d0:d4:
                    c9:f7:c8:f6:30:d6:04:7b:84:8c:7c:3f:72:9f:19:
                    20:df:28:b6:74:ff:63:c5:fd:6e:68:54:bb:81:ae:
                    05:40:db:82:0b:2a:40:78:28:a7:66:6b:0a:38:15:
                    44:0d:34:a6:24:0d:12:5c:28:31:a9:96:21:95:c3:
                    ef:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:D6:B3:56:FF:11:BD:48:BC:32:C7:B9:B5:79:DE:1F:11:CB:C1:EF
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143141.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a1eb::/32

    Signature Algorithm: sha256WithRSAEncryption
         12:db:fe:c2:08:62:bc:d5:bd:cf:36:bb:4a:28:60:3d:fb:3c:
         f6:6c:42:7c:ac:20:eb:4a:3b:60:a2:0c:11:ca:c6:85:a2:a6:
         6e:8d:5d:b2:7b:31:1c:c1:19:d1:3b:1e:17:71:53:03:14:18:
         ae:c7:de:18:38:36:3c:48:58:cc:7f:01:38:71:22:01:3a:33:
         d3:06:a9:99:9a:08:05:42:ba:c9:cf:02:cf:e7:ca:99:33:80:
         1c:f6:f0:ed:b3:d9:7f:4c:f0:0c:19:f2:e3:5b:02:7c:14:11:
         07:a9:4d:68:5a:88:14:09:ee:ab:0f:5e:72:89:3d:28:f3:bc:
         aa:20:48:7c:86:35:ac:00:a2:c0:4d:a7:b2:fd:93:20:76:2c:
         28:32:08:09:99:f3:11:6e:b8:c9:f5:24:2e:3d:f4:9f:0a:2a:
         b8:a8:3b:a2:87:95:22:44:95:92:45:28:13:ce:d6:45:d9:10:
         cf:32:18:7f:ac:cf:a9:6e:e2:65:ac:8e:d1:59:d3:b6:b2:b5:
         f9:ed:bd:63:6d:b6:87:fb:74:d4:90:ba:a9:28:14:74:99:3f:
         77:4d:59:06:5f:58:6e:c3:a6:1e:6c:ab:6e:45:b6:8e:1a:7a:
         9f:25:4d:eb:3c:c7:db:cf:14:3c:f0:0a:4a:71:82:19:f6:42:
         85:ef:09:e3
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUAM4l/kvJ8RTgzH8Tp04JrTNqZAswDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDEzNloX
DTI3MDMwMzA2MDYzNlowMzExMC8GA1UEAxMoRjdENkIzNTZGRjExQkQ0OEJDMzJD
N0I5QjU3OURFMUYxMUNCQzFFRjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMaEe3NoCi4VQyEdPH+76a5/PoNVp5LTjTqXqwtjJ31Pa6+SA2iJWag1zCmA
j3WkuRYioWg7kyIDP9Un+nR28ObcssLWnXDTDIb3w9+DW/ej+nVBgA6Ru/od14TI
7g4ULcjTG2SAMQEz2kTe5dafA8Nr29jzUHIO8bo87Q76bRxBVz0wC088mQL/VWIT
DN/RI+FxlXPismpN5fqRGcR0SbXYUbIDZnkj+PzIvxRdqG5o7NjXUD3Zj+hTb+No
t3e+mtDUyffI9jDWBHuEjHw/cp8ZIN8otnT/Y8X9bmhUu4GuBUDbggsqQHgop2Zr
CjgVRA00piQNElwoMamWIZXD73sCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBT31rNW
/xG9SLwyx7m1ed4fEcvB7zAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MzE0MS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
oeswDQYJKoZIhvcNAQELBQADggEBABLb/sIIYrzVvc82u0ooYD37PPZsQnysIOtK
O2CiDBHKxoWipm6NXbJ7MRzBGdE7HhdxUwMUGK7H3hg4NjxIWMx/AThxIgE6M9MG
qZmaCAVCusnPAs/nypkzgBz28O2z2X9M8AwZ8uNbAnwUEQepTWhaiBQJ7qsPXnKJ
PSjzvKogSHyGNawAosBNp7L9kyB2LCgyCAmZ8xFuuMn1JC499J8KKrioO6KHlSJE
lZJFKBPO1kXZEM8yGH+sz6lu4mWsjtFZ07aytfntvWNttof7dNSQuqkoFHSZP3dN
WQZfWG7Dph5sq25Fto4aep8lTes8x9vPFDzwCkpxghn2QoXvCeM=
-----END CERTIFICATE-----