Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143186.roa
File:                     AS143186.roa (raw, json)
Hash identifier:          JR28PtlR2cF8K7sabdcJApCxVSmcxyzGPU2mmcI5xYc=
Subject key identifier:   A2:16:80:85:85:D9:08:86:21:2F:2A:E0:15:EB:3F:2E:08:18:DD:33
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       387F731F25A078D4DDEF8C1463BF7F0E4DF12329
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143186.roa
Signing time:             Wed 04 Mar 2026 06:07:25 +0000
ROA not before:           Wed 04 Mar 2026 06:02:25 +0000
ROA not after:            Wed 03 Mar 2027 06:07:25 +0000
asID:                     143186
IP address blocks:        240a:a218::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            38:7f:73:1f:25:a0:78:d4:dd:ef:8c:14:63:bf:7f:0e:4d:f1:23:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:02:25 2026 GMT
            Not After : Mar  3 06:07:25 2027 GMT
        Subject: CN=A216808585D90886212F2AE015EB3F2E0818DD33
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:4e:86:de:9f:58:9b:bb:f3:18:cd:c2:dc:66:
                    1f:a0:48:37:4b:7a:60:d9:05:1d:71:bd:0e:ab:6e:
                    6c:a5:08:fd:08:66:fc:46:e4:04:b9:f4:c8:4f:1a:
                    37:af:d4:2f:93:83:53:db:75:2a:69:c2:aa:50:40:
                    3e:79:13:76:01:2b:a9:b9:00:78:52:78:67:94:76:
                    88:8d:ad:af:e1:c7:3c:89:94:9a:42:de:12:75:c0:
                    d5:9d:90:3e:cc:84:62:12:96:78:28:3b:1d:60:ed:
                    9b:2c:92:51:36:5b:2b:f3:c5:fb:c4:56:c7:0a:bd:
                    df:84:c1:89:31:d4:96:63:e8:b0:87:54:70:4b:b0:
                    85:1f:96:a1:aa:40:5f:85:13:a0:6e:d5:dc:d6:09:
                    d6:17:64:7a:54:fd:74:4e:5e:d9:41:54:b7:29:ae:
                    21:2a:41:cd:fd:97:a7:1e:04:b8:29:e2:db:5a:d9:
                    a5:d4:1e:d1:62:d7:e6:fb:1b:d4:38:08:f9:ab:c5:
                    3a:89:98:d6:0a:2e:68:57:b3:67:b2:84:10:33:f7:
                    c0:c5:c0:60:df:3d:1c:39:76:71:fb:8e:65:28:58:
                    ef:29:ce:96:83:43:8f:2a:70:06:0f:64:fe:0f:36:
                    df:a3:92:89:d3:1d:53:36:9c:37:fb:30:ff:84:d6:
                    c0:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:16:80:85:85:D9:08:86:21:2F:2A:E0:15:EB:3F:2E:08:18:DD:33
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143186.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a218::/32

    Signature Algorithm: sha256WithRSAEncryption
         07:c1:0c:09:9e:be:cc:8e:e4:98:f4:bc:8a:2d:5c:cb:87:5a:
         c7:a2:ff:fe:8f:29:39:7a:48:bd:82:7e:8b:5b:fd:6d:54:d2:
         16:07:8e:37:a8:02:30:7d:72:fb:8e:11:19:f4:79:3e:c4:22:
         9a:83:b3:9a:39:a6:77:8e:22:44:c3:94:72:d6:60:f6:4b:db:
         fe:3c:b6:28:63:a8:3c:52:8c:48:ad:49:ed:e5:a9:b1:1b:8a:
         8a:63:98:e7:91:c3:d9:84:78:c9:93:02:af:5b:4f:7d:7a:7f:
         dc:cb:2a:1a:9d:d2:c7:7e:8c:91:26:ab:15:39:4a:cb:fd:70:
         37:a3:f5:cd:b2:89:68:ac:8e:f8:14:63:eb:d1:53:4b:5c:c1:
         62:1c:f2:4f:ec:5b:82:fd:1d:22:65:00:8f:8d:52:7d:78:64:
         b8:28:89:48:90:24:44:ca:3c:b1:13:15:ec:79:c2:69:56:5f:
         4c:16:6a:c3:ac:c5:91:b7:7f:82:e2:9d:bc:a0:87:59:b2:73:
         bd:72:d8:23:de:12:d1:01:36:6c:c5:e7:0b:62:23:bf:58:94:
         98:45:ca:70:c1:44:9a:a9:22:93:d4:8d:c2:3d:98:59:c7:9f:
         65:54:bc:77:4d:5b:62:6b:1d:fe:e0:75:21:46:a7:3c:2c:5a:
         aa:bf:88:ca
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUOH9zHyWgeNTd74wUY79/Dk3xIykwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDIyNVoX
DTI3MDMwMzA2MDcyNVowMzExMC8GA1UEAxMoQTIxNjgwODU4NUQ5MDg4NjIxMkYy
QUUwMTVFQjNGMkUwODE4REQzMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJVOht6fWJu78xjNwtxmH6BIN0t6YNkFHXG9DqtubKUI/Qhm/EbkBLn0yE8a
N6/UL5ODU9t1KmnCqlBAPnkTdgErqbkAeFJ4Z5R2iI2tr+HHPImUmkLeEnXA1Z2Q
PsyEYhKWeCg7HWDtmyySUTZbK/PF+8RWxwq934TBiTHUlmPosIdUcEuwhR+WoapA
X4UToG7V3NYJ1hdkelT9dE5e2UFUtymuISpBzf2Xpx4EuCni21rZpdQe0WLX5vsb
1DgI+avFOomY1gouaFezZ7KEEDP3wMXAYN89HDl2cfuOZShY7ynOloNDjypwBg9k
/g8236OSidMdUzacN/sw/4TWwCcCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBSiFoCF
hdkIhiEvKuAV6z8uCBjdMzAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MzE4Ni5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
ohgwDQYJKoZIhvcNAQELBQADggEBAAfBDAmevsyO5Jj0vIotXMuHWsei//6PKTl6
SL2Cfotb/W1U0hYHjjeoAjB9cvuOERn0eT7EIpqDs5o5pneOIkTDlHLWYPZL2/48
tihjqDxSjEitSe3lqbEbiopjmOeRw9mEeMmTAq9bT316f9zLKhqd0sd+jJEmqxU5
Ssv9cDej9c2yiWisjvgUY+vRU0tcwWIc8k/sW4L9HSJlAI+NUn14ZLgoiUiQJETK
PLETFex5wmlWX0wWasOsxZG3f4Linbygh1myc71y2CPeEtEBNmzF5wtiI79YlJhF
ynDBRJqpIpPUjcI9mFnHn2VUvHdNW2JrHf7gdSFGpzwsWqq/iMo=
-----END CERTIFICATE-----