Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143180.roa
File:                     AS143180.roa (raw, json)
Hash identifier:          E97bGEKEQiA1YSCi0iETER74iB188k0ZuYDCjsoD1y4=
Subject key identifier:   B4:91:E3:B3:6A:36:2A:93:F7:C0:03:B1:57:BD:1B:1A:46:F4:67:AD
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       365CE8A532FCABAF6F9138A1CEF8DDD39B5E5179
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143180.roa
Signing time:             Wed 04 Mar 2026 06:06:24 +0000
ROA not before:           Wed 04 Mar 2026 06:01:24 +0000
ROA not after:            Wed 03 Mar 2027 06:06:24 +0000
asID:                     143180
IP address blocks:        240a:a212::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            36:5c:e8:a5:32:fc:ab:af:6f:91:38:a1:ce:f8:dd:d3:9b:5e:51:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:01:24 2026 GMT
            Not After : Mar  3 06:06:24 2027 GMT
        Subject: CN=B491E3B36A362A93F7C003B157BD1B1A46F467AD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:c4:b8:31:d5:8e:8d:d5:d0:ab:e4:8a:69:e5:
                    a5:2a:e9:a2:49:ee:da:70:31:1c:eb:bf:85:ea:56:
                    97:ef:f9:9a:01:85:c5:53:09:27:04:e7:4f:74:f1:
                    2a:98:cf:b4:e0:9b:8a:bb:d1:bd:63:dd:f2:74:cc:
                    d3:11:05:01:22:26:e7:18:28:5b:c4:40:9f:41:b5:
                    19:6f:97:31:47:b0:dc:f9:b9:45:0c:a6:87:11:2b:
                    8d:9c:5e:6e:7b:c1:88:64:d3:17:f5:2f:e6:1f:fb:
                    2e:e9:48:d0:dc:94:18:9a:35:73:15:21:5a:6f:17:
                    7f:1d:e7:e9:b7:9d:46:10:13:dc:9a:fb:67:e5:05:
                    af:0b:fc:c5:9a:5d:69:f4:97:f6:41:14:7b:d6:9b:
                    b0:59:4e:4d:f4:1f:cd:0d:df:24:1b:d1:09:9e:12:
                    9c:12:de:77:30:f0:7a:bb:e8:69:ff:13:ef:92:ea:
                    57:4b:33:4a:5d:33:72:28:6b:e7:75:d7:ba:b5:94:
                    df:37:46:9f:d1:33:42:84:a7:6e:45:75:3e:a6:41:
                    97:c7:49:93:8b:5c:20:79:b2:e7:97:d5:6b:1e:1f:
                    da:e8:f7:04:e8:03:0a:25:1b:ca:47:47:75:5f:20:
                    d6:78:11:cd:be:a1:23:06:4f:63:46:5b:b0:80:90:
                    94:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:91:E3:B3:6A:36:2A:93:F7:C0:03:B1:57:BD:1B:1A:46:F4:67:AD
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143180.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a212::/32

    Signature Algorithm: sha256WithRSAEncryption
         b5:89:07:9f:60:38:7b:b8:5c:c1:c6:4e:3e:b1:2f:04:00:41:
         48:24:1b:e7:00:59:0e:c6:f2:9e:b1:0f:08:f5:59:c2:cd:b3:
         fe:fa:ee:7a:4d:c9:d0:51:b6:05:ac:29:0c:0b:93:db:7d:8c:
         f0:9c:ee:bf:ef:22:21:6d:cc:f8:9b:06:61:8e:49:95:35:30:
         12:d7:20:6d:8d:f8:ab:cc:12:03:73:3d:a7:28:b6:54:34:fb:
         8f:8e:17:39:0f:1e:2a:93:c9:cc:61:bf:61:77:8d:fa:47:9f:
         69:30:c8:f0:07:3e:19:7b:b8:92:2a:4b:02:57:2c:7e:b0:ec:
         c1:1e:de:6f:30:8c:03:39:1a:65:0d:44:34:31:ee:98:ec:bc:
         59:c0:d6:15:e6:75:c9:60:d4:6f:e8:18:ad:5b:0a:db:8d:1b:
         a3:e4:ba:59:db:41:87:36:ae:36:23:f3:f4:7e:f8:26:66:ec:
         2f:69:58:5b:2d:50:69:6a:b6:0e:9d:32:4d:c5:c8:71:df:ce:
         1a:36:ec:89:91:7b:d1:8a:b6:74:3f:8e:8a:00:51:2f:66:9b:
         a6:7d:b4:a5:fb:f5:97:ba:bf:9d:81:38:08:22:1c:15:b8:d0:
         da:e9:80:dd:89:a7:5b:76:fd:a8:8d:49:1d:c8:cf:8f:89:12:
         b5:c7:76:79
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUNlzopTL8q69vkTihzvjd05teUXkwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDEyNFoX
DTI3MDMwMzA2MDYyNFowMzExMC8GA1UEAxMoQjQ5MUUzQjM2QTM2MkE5M0Y3QzAw
M0IxNTdCRDFCMUE0NkY0NjdBRDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKXEuDHVjo3V0KvkimnlpSrpoknu2nAxHOu/hepWl+/5mgGFxVMJJwTnT3Tx
KpjPtOCbirvRvWPd8nTM0xEFASIm5xgoW8RAn0G1GW+XMUew3Pm5RQymhxErjZxe
bnvBiGTTF/Uv5h/7LulI0NyUGJo1cxUhWm8Xfx3n6bedRhAT3Jr7Z+UFrwv8xZpd
afSX9kEUe9absFlOTfQfzQ3fJBvRCZ4SnBLedzDwervoaf8T75LqV0szSl0zcihr
53XXurWU3zdGn9EzQoSnbkV1PqZBl8dJk4tcIHmy55fVax4f2uj3BOgDCiUbykdH
dV8g1ngRzb6hIwZPY0ZbsICQlPUCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBS0keOz
ajYqk/fAA7FXvRsaRvRnrTAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MzE4MC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
ohIwDQYJKoZIhvcNAQELBQADggEBALWJB59gOHu4XMHGTj6xLwQAQUgkG+cAWQ7G
8p6xDwj1WcLNs/767npNydBRtgWsKQwLk9t9jPCc7r/vIiFtzPibBmGOSZU1MBLX
IG2N+KvMEgNzPacotlQ0+4+OFzkPHiqTycxhv2F3jfpHn2kwyPAHPhl7uJIqSwJX
LH6w7MEe3m8wjAM5GmUNRDQx7pjsvFnA1hXmdclg1G/oGK1bCtuNG6PkulnbQYc2
rjYj8/R++CZm7C9pWFstUGlqtg6dMk3FyHHfzho27ImRe9GKtnQ/jooAUS9mm6Z9
tKX79Ze6v52BOAgiHBW40NrpgN2Jp1t2/aiNSR3Iz4+JErXHdnk=
-----END CERTIFICATE-----