Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143154.roa
File:                     AS143154.roa (raw, json)
Hash identifier:          vrsHl1ivvP0ySb5IHNAOLkWAq+zPb4UJfUEokdKFTw8=
Subject key identifier:   D4:2A:5A:5B:54:B7:BA:98:66:EB:2B:E2:C6:C3:44:71:6B:3E:95:B4
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       63DE96405633DE4DB7083424C66CF37D8F7B853B
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143154.roa
Signing time:             Wed 04 Mar 2026 06:07:33 +0000
ROA not before:           Wed 04 Mar 2026 06:02:33 +0000
ROA not after:            Wed 03 Mar 2027 06:07:33 +0000
asID:                     143154
IP address blocks:        240a:a1f8::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:de:96:40:56:33:de:4d:b7:08:34:24:c6:6c:f3:7d:8f:7b:85:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:02:33 2026 GMT
            Not After : Mar  3 06:07:33 2027 GMT
        Subject: CN=D42A5A5B54B7BA9866EB2BE2C6C344716B3E95B4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:8c:e3:44:57:5b:6e:1c:bf:3a:26:2f:2d:3e:
                    f0:cc:1f:24:dd:20:a1:ef:ef:ea:c3:93:b7:e4:b1:
                    5c:9e:29:ad:e2:13:65:53:9a:1e:4b:1e:d3:43:c6:
                    a3:c3:bd:45:8a:24:e6:7f:a5:e5:a8:be:54:c3:c6:
                    bd:eb:8d:ee:0b:e2:d1:69:4b:d2:cf:9d:26:09:8b:
                    ab:1f:8b:82:3e:22:29:5b:e1:f1:9c:49:95:31:b3:
                    8c:db:13:36:42:32:02:57:6a:1d:30:2c:77:cf:6f:
                    b1:cb:10:4d:91:e2:fe:74:7a:30:fa:ca:4d:30:d7:
                    1b:b9:a9:c8:1e:31:b3:7d:7b:3a:88:e2:55:e1:e7:
                    d4:49:14:12:05:7d:40:39:0e:c3:e0:b7:23:e5:03:
                    ee:e1:04:b8:81:3a:21:13:8c:c2:cc:c5:67:c5:94:
                    b7:6a:b1:80:70:2e:67:ae:79:5d:2c:cc:18:fa:ca:
                    66:76:88:6e:d6:cd:da:8d:36:c4:3f:17:ba:3e:78:
                    ae:79:6d:ae:c3:8a:3e:8f:cf:7b:18:40:b0:5e:81:
                    0b:15:45:b7:f7:19:45:0e:d4:77:bf:fa:af:6e:7c:
                    0d:07:94:8d:47:b4:32:12:62:5b:3a:a4:73:bb:e0:
                    5b:75:5d:67:6b:88:f7:91:9e:14:dd:f6:6c:8c:10:
                    75:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:2A:5A:5B:54:B7:BA:98:66:EB:2B:E2:C6:C3:44:71:6B:3E:95:B4
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143154.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a1f8::/32

    Signature Algorithm: sha256WithRSAEncryption
         44:ea:76:fa:5b:33:a6:06:8f:f7:86:7a:c2:e1:d3:da:36:0a:
         93:bb:0d:af:8b:0d:ef:66:c0:0d:cb:a9:ca:c1:de:71:53:b8:
         e2:b1:93:3d:c9:a4:2f:cc:21:13:a0:75:20:a0:1f:6e:72:12:
         1d:8f:34:e5:6d:0d:f7:ed:64:8c:9a:b8:98:e8:1e:05:7a:47:
         45:15:cf:7d:ea:af:fb:31:e0:bc:80:fa:83:9d:2e:2d:22:96:
         1c:e3:18:5f:c1:25:aa:0a:d5:fc:c9:4e:23:05:d2:d0:ba:0e:
         48:d7:d2:a6:70:c5:55:fc:e1:a0:6f:55:2f:85:29:c2:4e:04:
         fb:6a:01:2f:63:fb:8e:6f:11:55:3c:4c:f3:9d:3c:e6:0e:67:
         cd:39:e0:4e:e5:d9:4e:a0:51:32:31:5d:2e:30:ee:e7:2e:3d:
         da:05:00:cc:12:79:88:ee:4b:b4:12:41:af:00:ee:70:01:a8:
         e9:9c:a8:70:b7:0c:4d:c7:57:6e:79:48:cc:ff:fa:f7:b3:6d:
         1f:ec:72:fe:93:4b:61:12:9d:e9:91:01:42:11:3c:fc:2d:21:
         bd:19:5e:c3:63:9c:a1:ee:7b:d2:d3:53:b6:1b:f6:5d:cd:d3:
         9c:d0:a1:4b:55:8c:5c:4f:b7:ae:ba:ef:bb:c4:23:f9:70:2e:
         e6:53:aa:a9
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUY96WQFYz3k23CDQkxmzzfY97hTswDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDIzM1oX
DTI3MDMwMzA2MDczM1owMzExMC8GA1UEAxMoRDQyQTVBNUI1NEI3QkE5ODY2RUIy
QkUyQzZDMzQ0NzE2QjNFOTVCNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALaM40RXW24cvzomLy0+8MwfJN0goe/v6sOTt+SxXJ4preITZVOaHkse00PG
o8O9RYok5n+l5ai+VMPGveuN7gvi0WlL0s+dJgmLqx+Lgj4iKVvh8ZxJlTGzjNsT
NkIyAldqHTAsd89vscsQTZHi/nR6MPrKTTDXG7mpyB4xs317OojiVeHn1EkUEgV9
QDkOw+C3I+UD7uEEuIE6IROMwszFZ8WUt2qxgHAuZ655XSzMGPrKZnaIbtbN2o02
xD8Xuj54rnltrsOKPo/PexhAsF6BCxVFt/cZRQ7Ud7/6r258DQeUjUe0MhJiWzqk
c7vgW3VdZ2uI95GeFN32bIwQdSECAwEAAaOCAcUwggHBMB0GA1UdDgQWBBTUKlpb
VLe6mGbrK+LGw0Rxaz6VtDAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MzE1NC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
ofgwDQYJKoZIhvcNAQELBQADggEBAETqdvpbM6YGj/eGesLh09o2CpO7Da+LDe9m
wA3LqcrB3nFTuOKxkz3JpC/MIROgdSCgH25yEh2PNOVtDfftZIyauJjoHgV6R0UV
z33qr/sx4LyA+oOdLi0ilhzjGF/BJaoK1fzJTiMF0tC6DkjX0qZwxVX84aBvVS+F
KcJOBPtqAS9j+45vEVU8TPOdPOYOZ8054E7l2U6gUTIxXS4w7ucuPdoFAMwSeYju
S7QSQa8A7nABqOmcqHC3DE3HV255SMz/+vezbR/scv6TS2ESnemRAUIRPPwtIb0Z
XsNjnKHue9LTU7Yb9l3N05zQoUtVjFxPt66677vEI/lwLuZTqqk=
-----END CERTIFICATE-----