Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143205.roa
File:                     AS143205.roa (raw, json)
Hash identifier:          WVeGN/ShjXp9opftxtt2ZGYodlny/ZsFKl0Bxlb1LBk=
Subject key identifier:   AE:24:69:BA:BF:22:77:E4:87:2D:E6:AF:50:EA:1C:36:C3:1F:29:2B
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       0F09DA0E5ECE1A1F1797275010BB95B261E8AF2F
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143205.roa
Signing time:             Wed 04 Mar 2026 06:06:47 +0000
ROA not before:           Wed 04 Mar 2026 06:01:47 +0000
ROA not after:            Wed 03 Mar 2027 06:06:47 +0000
asID:                     143205
IP address blocks:        240a:a22b::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:09:da:0e:5e:ce:1a:1f:17:97:27:50:10:bb:95:b2:61:e8:af:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:01:47 2026 GMT
            Not After : Mar  3 06:06:47 2027 GMT
        Subject: CN=AE2469BABF2277E4872DE6AF50EA1C36C31F292B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:63:1c:9c:49:e1:6e:b3:9c:69:93:14:21:a0:
                    1b:47:73:8a:d1:8f:ac:ee:1b:23:5f:ac:56:e7:aa:
                    a3:f4:ca:86:74:11:67:1e:2f:f3:0f:b3:b1:0c:bc:
                    6d:69:fb:bd:a1:c2:06:6b:7c:2b:cb:55:b6:f0:59:
                    04:ff:23:a5:27:5b:1d:c1:2a:d0:80:8e:b7:67:29:
                    23:30:1d:8d:fe:3f:28:cb:62:8b:e6:37:60:0e:3f:
                    23:b9:87:a4:47:ca:27:8d:88:cb:89:bf:2b:78:07:
                    96:e8:99:fd:00:9b:db:7a:e0:27:16:60:4d:fb:a1:
                    0e:bc:57:f0:69:3f:dd:36:0b:7b:e7:97:d2:3b:43:
                    13:8f:7f:2d:eb:dc:ea:a6:7c:3c:da:9b:55:b4:58:
                    30:5d:29:c5:41:a1:47:c9:85:f5:c1:9b:d7:48:8f:
                    4c:cb:25:86:00:e4:93:b7:53:4b:96:a8:9d:82:f4:
                    3f:9e:90:16:77:b7:70:1c:28:f9:74:ee:43:f1:9a:
                    c0:92:bf:5a:f6:98:d3:a7:28:0f:93:5a:88:f5:03:
                    da:dc:56:22:02:13:bf:54:f0:50:e2:a9:2e:c7:b6:
                    d6:3a:84:bf:b5:84:2a:fa:82:41:28:c4:f1:89:ca:
                    81:08:97:93:4d:4c:e3:c3:be:43:71:c3:64:d3:0a:
                    f1:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:24:69:BA:BF:22:77:E4:87:2D:E6:AF:50:EA:1C:36:C3:1F:29:2B
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143205.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a22b::/32

    Signature Algorithm: sha256WithRSAEncryption
         db:8b:16:94:2b:ab:b5:31:5e:fc:e4:e0:35:e2:cb:90:0a:1a:
         c1:4c:d0:ad:2d:d2:dc:39:3b:0d:27:82:7b:89:44:aa:ac:59:
         94:c7:af:19:b9:8f:24:63:e8:a3:a5:22:98:a1:3e:90:f5:03:
         d2:3a:d8:ed:55:c5:d8:62:16:3c:18:f5:61:71:4a:12:0e:48:
         3e:8f:42:09:18:ad:5a:c7:3b:3d:90:aa:46:83:0d:11:8c:c0:
         6a:de:88:22:3f:e7:89:e8:15:04:b2:90:f5:aa:43:14:04:88:
         7a:a3:8a:ad:97:84:26:7d:6b:90:ef:28:98:a4:61:89:e8:69:
         e0:b0:86:85:03:db:a9:fc:52:bc:8d:14:08:30:b6:9b:89:c6:
         06:79:3e:e8:51:35:5d:3e:d9:04:f6:1e:16:6e:81:a8:4b:9b:
         86:35:cb:39:f5:0a:04:a9:cc:42:6e:0a:db:81:a9:bd:7f:34:
         f1:de:75:4a:aa:fb:29:6c:cb:8c:ff:6e:34:fe:af:0f:34:e4:
         6c:00:d1:e3:0e:05:81:57:73:74:6a:8d:74:8b:46:15:e1:f1:
         b1:41:96:f8:d4:ce:ce:75:c4:d2:ce:fb:a8:6c:db:1a:09:bd:
         aa:de:77:f7:b5:a9:be:3b:24:77:e8:5a:92:3d:75:b9:31:f4:
         07:3f:0d:49
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUDwnaDl7OGh8XlydQELuVsmHory8wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDE0N1oX
DTI3MDMwMzA2MDY0N1owMzExMC8GA1UEAxMoQUUyNDY5QkFCRjIyNzdFNDg3MkRF
NkFGNTBFQTFDMzZDMzFGMjkyQjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALBjHJxJ4W6znGmTFCGgG0dzitGPrO4bI1+sVueqo/TKhnQRZx4v8w+zsQy8
bWn7vaHCBmt8K8tVtvBZBP8jpSdbHcEq0ICOt2cpIzAdjf4/KMtii+Y3YA4/I7mH
pEfKJ42Iy4m/K3gHluiZ/QCb23rgJxZgTfuhDrxX8Gk/3TYLe+eX0jtDE49/Levc
6qZ8PNqbVbRYMF0pxUGhR8mF9cGb10iPTMslhgDkk7dTS5aonYL0P56QFne3cBwo
+XTuQ/GawJK/WvaY06coD5NaiPUD2txWIgITv1TwUOKpLse21jqEv7WEKvqCQSjE
8YnKgQiXk01M48O+Q3HDZNMK8WUCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBSuJGm6
vyJ35Ict5q9Q6hw2wx8pKzAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MzIwNS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
oiswDQYJKoZIhvcNAQELBQADggEBANuLFpQrq7UxXvzk4DXiy5AKGsFM0K0t0tw5
Ow0ngnuJRKqsWZTHrxm5jyRj6KOlIpihPpD1A9I62O1VxdhiFjwY9WFxShIOSD6P
QgkYrVrHOz2QqkaDDRGMwGreiCI/54noFQSykPWqQxQEiHqjiq2XhCZ9a5DvKJik
YYnoaeCwhoUD26n8UryNFAgwtpuJxgZ5PuhRNV0+2QT2HhZugahLm4Y1yzn1CgSp
zEJuCtuBqb1/NPHedUqq+ylsy4z/bjT+rw805GwA0eMOBYFXc3RqjXSLRhXh8bFB
lvjUzs51xNLO+6hs2xoJvared/e1qb47JHfoWpI9dbkx9Ac/DUk=
-----END CERTIFICATE-----