Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143183.roa
File:                     AS143183.roa (raw, json)
Hash identifier:          IZy2RPbVHJj0VQB6C0TgggaOvMyz0PTBBl8toZ8Mo7U=
Subject key identifier:   09:54:53:DD:54:0B:67:C3:B5:75:E4:C0:32:57:3E:18:18:70:65:3E
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       15F58373EAE3D2CF553B604347A430633377AEC0
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143183.roa
Signing time:             Wed 04 Mar 2026 06:05:49 +0000
ROA not before:           Wed 04 Mar 2026 06:00:49 +0000
ROA not after:            Wed 03 Mar 2027 06:05:49 +0000
asID:                     143183
IP address blocks:        240a:a215::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            15:f5:83:73:ea:e3:d2:cf:55:3b:60:43:47:a4:30:63:33:77:ae:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:00:49 2026 GMT
            Not After : Mar  3 06:05:49 2027 GMT
        Subject: CN=095453DD540B67C3B575E4C032573E181870653E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:78:7e:87:34:98:dc:19:fc:61:ca:6d:33:83:
                    8d:e6:69:45:c6:3f:01:09:64:8e:58:13:cc:b1:d9:
                    15:27:a1:4b:6d:5d:10:fa:98:e3:bd:a4:b0:b2:13:
                    42:41:81:b0:b8:f0:86:ff:ed:d7:bb:ed:28:90:de:
                    6c:ad:93:ec:65:84:4d:9d:f1:6c:d6:33:8b:1b:a2:
                    f3:6f:01:6c:88:b5:7d:12:59:fb:63:a6:ec:9c:04:
                    31:10:89:58:8a:35:14:24:a2:f4:de:66:5b:cb:fc:
                    a4:d7:82:93:c6:f3:82:01:4c:95:a5:62:79:75:55:
                    03:ef:00:1f:db:cf:5b:cd:30:8d:32:58:85:71:e5:
                    6f:55:5b:aa:dc:c8:c1:90:01:96:95:86:7c:c9:0c:
                    c2:4c:2a:67:9b:c1:ca:2f:b5:76:d2:1e:ad:a5:f6:
                    7c:81:00:40:52:d6:d5:ab:3e:b0:08:5f:8f:26:e6:
                    03:ad:4a:f6:97:48:0e:c0:8b:d9:90:ad:a3:02:49:
                    2d:a9:bd:13:60:a2:4e:f6:73:56:48:1f:cd:27:cf:
                    fb:4d:fb:b3:8b:26:ea:d0:5c:13:6e:fe:6d:42:0c:
                    d5:27:73:0b:71:86:1f:6a:ae:7d:b7:86:00:ba:2c:
                    20:8f:96:cb:d9:12:69:76:80:60:ff:f9:e2:c8:06:
                    74:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:54:53:DD:54:0B:67:C3:B5:75:E4:C0:32:57:3E:18:18:70:65:3E
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143183.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a215::/32

    Signature Algorithm: sha256WithRSAEncryption
         38:ea:17:dd:38:1b:ba:99:93:72:e2:02:cc:cf:bc:02:6c:fa:
         e0:c5:81:a1:ec:91:30:62:ce:d2:c8:e7:ba:e2:44:47:17:14:
         2b:60:82:a7:cd:dd:70:ac:7e:39:df:bb:72:a5:17:23:35:b3:
         6a:75:a4:f4:6f:15:b1:fd:e9:18:6d:ca:bb:27:fc:0f:b2:5c:
         bf:32:8e:ae:f6:1d:3a:84:f6:6c:22:b3:fd:a4:46:f9:64:29:
         0d:69:b7:40:9f:ad:2f:b1:80:2d:4e:30:9c:67:e6:71:bf:ca:
         88:37:ee:01:91:f0:ef:b0:b1:e9:d1:93:00:c6:9f:65:35:35:
         82:07:26:c9:cf:c4:10:fc:b1:98:d5:af:90:c8:3e:6e:f4:c7:
         37:bf:89:c2:92:e2:4f:10:8e:9e:c6:0a:7c:9c:99:38:f9:0a:
         13:8b:80:9b:4c:77:f8:e6:7c:d9:1a:15:14:7a:60:41:48:52:
         9a:eb:c8:38:5a:ce:6b:a0:51:fb:67:7a:ab:5c:f8:4b:b1:50:
         07:b1:06:1e:1e:81:8c:9f:e1:cf:c6:fe:fd:d3:16:e2:18:9a:
         47:4e:af:17:84:27:ab:c3:f6:89:96:fc:13:81:c2:33:5b:1b:
         8e:83:47:a4:a5:99:a8:81:b0:f0:40:05:ee:f0:f1:27:2e:e8:
         0b:96:8d:c8
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUFfWDc+rj0s9VO2BDR6QwYzN3rsAwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDA0OVoX
DTI3MDMwMzA2MDU0OVowMzExMC8GA1UEAxMoMDk1NDUzREQ1NDBCNjdDM0I1NzVF
NEMwMzI1NzNFMTgxODcwNjUzRTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJ94foc0mNwZ/GHKbTODjeZpRcY/AQlkjlgTzLHZFSehS21dEPqY472ksLIT
QkGBsLjwhv/t17vtKJDebK2T7GWETZ3xbNYzixui828BbIi1fRJZ+2Om7JwEMRCJ
WIo1FCSi9N5mW8v8pNeCk8bzggFMlaVieXVVA+8AH9vPW80wjTJYhXHlb1VbqtzI
wZABlpWGfMkMwkwqZ5vByi+1dtIeraX2fIEAQFLW1as+sAhfjybmA61K9pdIDsCL
2ZCtowJJLam9E2CiTvZzVkgfzSfP+037s4sm6tBcE27+bUIM1SdzC3GGH2qufbeG
ALosII+Wy9kSaXaAYP/54sgGdG0CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQJVFPd
VAtnw7V15MAyVz4YGHBlPjAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MzE4My5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
ohUwDQYJKoZIhvcNAQELBQADggEBADjqF904G7qZk3LiAszPvAJs+uDFgaHskTBi
ztLI57riREcXFCtggqfN3XCsfjnfu3KlFyM1s2p1pPRvFbH96Rhtyrsn/A+yXL8y
jq72HTqE9mwis/2kRvlkKQ1pt0CfrS+xgC1OMJxn5nG/yog37gGR8O+wsenRkwDG
n2U1NYIHJsnPxBD8sZjVr5DIPm70xze/icKS4k8Qjp7GCnycmTj5ChOLgJtMd/jm
fNkaFRR6YEFIUprryDhazmugUftneqtc+EuxUAexBh4egYyf4c/G/v3TFuIYmkdO
rxeEJ6vD9omW/BOBwjNbG46DR6SlmaiBsPBABe7w8Scu6AuWjcg=
-----END CERTIFICATE-----