Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143188.roa
File:                     AS143188.roa (raw, json)
Hash identifier:          U4KLM/rXvSLbt7X/3kFPCQ8naKRBZfdrjnWzeXBQpi0=
Subject key identifier:   E2:14:78:72:0A:83:FD:6C:DB:C5:CF:C5:6F:FB:40:03:DE:09:1C:87
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       4FAFA4605DFF32572FEEDB3D1B73447E19FBA504
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143188.roa
Signing time:             Wed 04 Mar 2026 06:06:22 +0000
ROA not before:           Wed 04 Mar 2026 06:01:22 +0000
ROA not after:            Wed 03 Mar 2027 06:06:22 +0000
asID:                     143188
IP address blocks:        240a:a21a::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4f:af:a4:60:5d:ff:32:57:2f:ee:db:3d:1b:73:44:7e:19:fb:a5:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:01:22 2026 GMT
            Not After : Mar  3 06:06:22 2027 GMT
        Subject: CN=E21478720A83FD6CDBC5CFC56FFB4003DE091C87
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:75:b4:39:17:22:4b:ec:a5:e6:fd:09:f4:a6:
                    97:00:db:a5:54:10:27:fd:8a:93:39:34:19:52:06:
                    d3:b6:4e:17:63:e2:6c:4c:04:77:10:38:86:d5:a6:
                    c3:e9:b6:f8:2a:92:67:b5:38:97:2d:70:c5:c3:54:
                    a2:89:9a:2e:0d:e5:46:5a:19:ba:b3:90:ae:b5:c8:
                    bb:c2:df:b4:71:42:ea:4c:cb:43:5e:66:18:3d:16:
                    e3:37:d9:90:b6:7d:df:8c:61:e9:95:83:db:74:a7:
                    fc:13:9e:00:f5:e9:e3:8d:eb:a3:41:94:f9:12:c9:
                    f9:43:0c:a7:ca:5c:e2:34:a8:c4:46:de:28:8e:e4:
                    d5:2a:72:33:40:de:da:78:d5:60:f5:c9:b9:2a:f1:
                    4d:eb:5a:19:d5:64:07:47:19:b6:69:7e:cc:cb:a9:
                    81:59:25:5c:1b:19:02:d4:1f:7e:20:14:88:a8:13:
                    35:f2:fa:2d:dc:d8:70:63:81:ff:9f:c7:76:02:b4:
                    e5:df:57:88:57:07:f8:66:71:3e:b9:c1:bd:4f:01:
                    45:51:d8:d0:6e:04:12:4b:78:97:ec:c9:dd:21:79:
                    64:44:57:fd:59:56:4f:55:e8:94:84:69:78:c7:df:
                    11:1d:5e:35:f0:95:0b:36:d9:9b:e9:27:ee:14:b1:
                    44:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:14:78:72:0A:83:FD:6C:DB:C5:CF:C5:6F:FB:40:03:DE:09:1C:87
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143188.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a21a::/32

    Signature Algorithm: sha256WithRSAEncryption
         5a:ab:d6:2c:96:af:f5:5b:f5:76:51:8b:92:0a:99:91:60:27:
         fb:c7:c8:88:c9:01:d9:98:7f:f7:98:a9:3a:d3:ee:9e:76:20:
         9c:ce:af:24:65:52:6a:8f:83:b0:af:07:32:73:56:24:59:30:
         6d:57:07:db:09:ad:37:9f:50:8a:d9:f8:75:dd:4f:f3:f8:95:
         8d:c9:31:38:74:e1:ea:ea:10:70:e3:44:25:55:c4:80:b0:36:
         b8:97:d6:f0:a5:a2:b7:2f:5c:58:12:a9:9f:08:0c:53:79:a5:
         4a:48:48:60:0b:e0:d6:33:ea:f2:27:81:11:06:bd:57:43:74:
         af:20:c7:41:73:4b:2b:27:05:77:8d:ba:68:b6:2f:c0:26:8e:
         0f:d6:82:08:69:b7:c3:d5:dc:0b:f2:96:58:bc:d8:1d:09:f4:
         cc:f7:0a:03:98:40:66:20:d7:8d:52:fc:e2:91:cc:43:4f:58:
         e9:84:af:1a:32:cb:9d:40:9a:5a:8f:ee:55:cc:d3:f2:56:79:
         51:c1:7d:96:3a:6d:b1:e2:f8:52:83:54:83:a4:c0:ad:1d:e0:
         82:ce:16:cb:27:16:61:12:5c:f2:bb:ba:99:aa:64:21:11:08:
         75:49:c2:95:33:ad:37:dd:20:5a:e8:d0:69:62:b6:21:a9:1d:
         b9:ec:75:5b
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUT6+kYF3/Mlcv7ts9G3NEfhn7pQQwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDEyMloX
DTI3MDMwMzA2MDYyMlowMzExMC8GA1UEAxMoRTIxNDc4NzIwQTgzRkQ2Q0RCQzVD
RkM1NkZGQjQwMDNERTA5MUM4NzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALB1tDkXIkvspeb9CfSmlwDbpVQQJ/2Kkzk0GVIG07ZOF2PibEwEdxA4htWm
w+m2+CqSZ7U4ly1wxcNUoomaLg3lRloZurOQrrXIu8LftHFC6kzLQ15mGD0W4zfZ
kLZ934xh6ZWD23Sn/BOeAPXp443ro0GU+RLJ+UMMp8pc4jSoxEbeKI7k1SpyM0De
2njVYPXJuSrxTetaGdVkB0cZtml+zMupgVklXBsZAtQffiAUiKgTNfL6LdzYcGOB
/5/HdgK05d9XiFcH+GZxPrnBvU8BRVHY0G4EEkt4l+zJ3SF5ZERX/VlWT1XolIRp
eMffER1eNfCVCzbZm+kn7hSxRK0CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBTiFHhy
CoP9bNvFz8Vv+0AD3gkchzAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MzE4OC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
ohowDQYJKoZIhvcNAQELBQADggEBAFqr1iyWr/Vb9XZRi5IKmZFgJ/vHyIjJAdmY
f/eYqTrT7p52IJzOryRlUmqPg7CvBzJzViRZMG1XB9sJrTefUIrZ+HXdT/P4lY3J
MTh04erqEHDjRCVVxICwNriX1vClorcvXFgSqZ8IDFN5pUpISGAL4NYz6vIngREG
vVdDdK8gx0FzSysnBXeNumi2L8Amjg/Wgghpt8PV3Avylli82B0J9Mz3CgOYQGYg
141S/OKRzENPWOmErxoyy51AmlqP7lXM0/JWeVHBfZY6bbHi+FKDVIOkwK0d4ILO
FssnFmESXPK7upmqZCERCHVJwpUzrTfdIFro0GlitiGpHbnsdVs=
-----END CERTIFICATE-----