Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143192.roa
File:                     AS143192.roa (raw, json)
Hash identifier:          V/4VBBAytZ0nA4OUY+FOk/ECIbVe4N1q7z/lTz2/Q7g=
Subject key identifier:   BB:72:5C:98:A2:78:42:92:FA:91:85:73:24:B2:73:AF:6E:E6:3B:EB
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       12A227F9203F547FF3603C9E240D5D4C4D15C838
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143192.roa
Signing time:             Wed 04 Mar 2026 06:06:11 +0000
ROA not before:           Wed 04 Mar 2026 06:01:11 +0000
ROA not after:            Wed 03 Mar 2027 06:06:11 +0000
asID:                     143192
IP address blocks:        240a:a21e::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            12:a2:27:f9:20:3f:54:7f:f3:60:3c:9e:24:0d:5d:4c:4d:15:c8:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:01:11 2026 GMT
            Not After : Mar  3 06:06:11 2027 GMT
        Subject: CN=BB725C98A2784292FA91857324B273AF6EE63BEB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:5a:75:ab:db:a1:c7:60:a8:d2:d6:c9:0a:3e:
                    c3:5b:b7:2e:be:0a:0e:8b:7a:84:71:7f:c6:4f:4b:
                    43:84:fe:ab:41:ab:d8:0f:53:12:ca:00:ba:d3:8a:
                    b7:30:99:a5:c3:21:01:32:2c:a6:c7:ff:0a:69:ed:
                    79:62:8a:7b:dd:b8:54:ce:6e:77:79:05:cf:b3:33:
                    15:84:c8:8a:ca:ad:43:fa:90:b0:72:e0:c5:20:7e:
                    c5:ef:1c:3f:51:af:9d:d0:6f:f6:bc:88:79:2b:1f:
                    4a:0c:ca:fc:59:8b:f4:ea:74:fe:ee:27:4d:93:65:
                    9f:6c:6f:4d:6e:99:b0:17:ca:4a:41:48:67:ab:83:
                    a6:4c:2c:0b:7b:93:56:f2:c2:31:d0:31:61:dc:ea:
                    3e:76:6d:45:a3:5a:8c:42:d4:1c:1a:25:9b:ea:c6:
                    ab:ac:50:2e:7b:1e:68:0b:e2:7e:36:e5:22:c0:1e:
                    4b:af:67:72:93:0d:39:3d:6e:24:c6:75:17:b2:cb:
                    e7:09:49:dd:f7:e6:c4:c7:e3:ba:70:f0:de:1a:50:
                    d6:7f:91:fb:c8:eb:94:64:de:8c:ca:37:a9:31:4e:
                    64:e0:15:f2:5d:dc:01:b4:2e:ad:36:82:3c:e7:09:
                    f4:0c:f2:84:90:57:40:1b:0b:0b:47:b8:cb:ce:8a:
                    d3:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:72:5C:98:A2:78:42:92:FA:91:85:73:24:B2:73:AF:6E:E6:3B:EB
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143192.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a21e::/32

    Signature Algorithm: sha256WithRSAEncryption
         a0:60:43:fe:17:4e:e8:b9:e8:d7:b4:2a:60:92:96:d2:9d:63:
         ca:fa:a3:7d:99:d2:af:3b:83:9b:02:26:38:a9:da:08:b7:05:
         73:5a:dc:34:07:2f:55:84:c5:6d:0f:f6:c8:2b:a2:27:26:3c:
         eb:43:c6:ab:bf:20:a1:25:89:2b:91:1f:17:05:01:8b:48:79:
         64:43:a0:bc:9f:33:f7:ad:18:0f:f8:b1:d0:70:3f:3a:47:af:
         64:32:a4:af:68:0c:7e:07:d0:12:a7:56:07:e5:86:13:ec:91:
         56:3b:74:b4:3d:7d:b6:a0:30:43:9b:db:8b:8c:89:f8:c7:c1:
         b8:24:4d:30:93:c0:ea:f5:f7:1d:79:77:55:44:bd:24:aa:55:
         77:b6:63:55:73:01:4f:3e:29:e1:35:59:6b:0a:83:61:f1:a2:
         e7:61:c5:04:79:47:67:53:4c:66:28:71:b0:af:1e:b7:61:d7:
         50:3d:9a:9a:d5:04:7e:af:e9:7c:8c:87:09:eb:31:b8:ce:ea:
         67:39:b7:92:85:f0:57:98:f4:8b:cd:02:f6:73:13:ac:d1:eb:
         90:61:88:c1:0a:44:95:28:0a:8e:22:0e:63:25:2e:07:3c:a0:
         5e:e7:49:95:8a:f5:49:53:3b:f3:8d:1c:e7:8d:99:01:69:a6:
         28:8d:35:38
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUEqIn+SA/VH/zYDyeJA1dTE0VyDgwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDExMVoX
DTI3MDMwMzA2MDYxMVowMzExMC8GA1UEAxMoQkI3MjVDOThBMjc4NDI5MkZBOTE4
NTczMjRCMjczQUY2RUU2M0JFQjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANJadavbocdgqNLWyQo+w1u3Lr4KDot6hHF/xk9LQ4T+q0Gr2A9TEsoAutOK
tzCZpcMhATIspsf/CmnteWKKe924VM5ud3kFz7MzFYTIisqtQ/qQsHLgxSB+xe8c
P1GvndBv9ryIeSsfSgzK/FmL9Op0/u4nTZNln2xvTW6ZsBfKSkFIZ6uDpkwsC3uT
VvLCMdAxYdzqPnZtRaNajELUHBolm+rGq6xQLnseaAvifjblIsAeS69ncpMNOT1u
JMZ1F7LL5wlJ3ffmxMfjunDw3hpQ1n+R+8jrlGTejMo3qTFOZOAV8l3cAbQurTaC
POcJ9AzyhJBXQBsLC0e4y86K02UCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBS7clyY
onhCkvqRhXMksnOvbuY76zAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MzE5Mi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
oh4wDQYJKoZIhvcNAQELBQADggEBAKBgQ/4XTui56Ne0KmCSltKdY8r6o32Z0q87
g5sCJjip2gi3BXNa3DQHL1WExW0P9sgroicmPOtDxqu/IKEliSuRHxcFAYtIeWRD
oLyfM/etGA/4sdBwPzpHr2QypK9oDH4H0BKnVgflhhPskVY7dLQ9fbagMEOb24uM
ifjHwbgkTTCTwOr19x15d1VEvSSqVXe2Y1VzAU8+KeE1WWsKg2HxoudhxQR5R2dT
TGYocbCvHrdh11A9mprVBH6v6XyMhwnrMbjO6mc5t5KF8FeY9IvNAvZzE6zR65Bh
iMEKRJUoCo4iDmMlLgc8oF7nSZWK9UlTO/ONHOeNmQFppiiNNTg=
-----END CERTIFICATE-----