Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143234.roa
File:                     AS143234.roa (raw, json)
Hash identifier:          xN1XJHIQuaoyN4eVKalw/rt9npfQEwxhectKqHiAMK0=
Subject key identifier:   BB:BE:40:CC:08:25:DC:D4:58:8C:A9:42:A9:8D:3C:E0:22:F8:69:14
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       1C4777C57307A20D67FCFCAB8E661AD585100A75
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143234.roa
Signing time:             Wed 04 Mar 2026 06:06:05 +0000
ROA not before:           Wed 04 Mar 2026 06:01:05 +0000
ROA not after:            Wed 03 Mar 2027 06:06:05 +0000
asID:                     143234
IP address blocks:        240a:a248::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1c:47:77:c5:73:07:a2:0d:67:fc:fc:ab:8e:66:1a:d5:85:10:0a:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:01:05 2026 GMT
            Not After : Mar  3 06:06:05 2027 GMT
        Subject: CN=BBBE40CC0825DCD4588CA942A98D3CE022F86914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:0a:b1:53:27:71:9f:1a:9b:8b:1b:6a:f8:c0:
                    b1:2f:45:f5:f5:4f:e8:95:cc:84:27:dd:93:76:e7:
                    6c:b2:10:63:f5:98:89:b0:c3:c8:6c:d3:24:f7:28:
                    51:39:8c:36:42:ff:d3:46:62:53:92:65:f9:62:d9:
                    c5:6e:30:cf:42:a1:dd:10:ac:3b:98:a2:f8:2c:1d:
                    bf:e5:74:a5:d9:40:54:b1:8c:39:24:3a:04:42:55:
                    1c:46:a9:94:90:22:62:1f:b9:06:2f:72:5c:fa:55:
                    a5:8f:23:f5:15:e0:28:24:54:00:4e:89:46:07:05:
                    bd:d9:6d:ec:6a:92:a3:42:ff:59:05:86:a3:01:10:
                    f1:6a:2a:5d:57:45:9f:c4:ed:92:75:65:01:a8:c1:
                    d9:ac:f6:a1:4f:5a:48:c6:55:a0:2d:32:68:8e:ea:
                    b5:67:93:0b:c6:5d:e2:9b:1d:57:61:9e:52:da:99:
                    c3:b6:08:df:23:c1:0b:0e:2e:9e:9c:99:db:45:2c:
                    19:e5:76:2e:be:fa:68:74:88:20:35:e8:1e:a2:f6:
                    c5:1e:66:f3:55:16:ec:78:03:e2:a8:0e:f9:66:3c:
                    ed:18:03:eb:09:12:e3:b0:bf:3f:aa:f7:48:d6:d0:
                    71:14:c0:5a:58:58:6d:2f:e9:f5:76:10:36:61:18:
                    29:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:BE:40:CC:08:25:DC:D4:58:8C:A9:42:A9:8D:3C:E0:22:F8:69:14
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143234.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a248::/32

    Signature Algorithm: sha256WithRSAEncryption
         d4:a5:74:36:cc:a9:41:ce:67:6a:23:81:46:7c:96:6f:0e:bd:
         9e:db:f9:03:f6:41:c3:d4:b3:2f:18:22:8a:26:32:39:fd:95:
         39:8f:b0:2c:03:f6:b3:57:3e:13:66:3d:9a:7a:ed:1a:f7:0a:
         ab:40:bb:81:ec:12:d3:32:b8:36:dc:0f:dc:44:5a:9e:69:23:
         e4:38:c5:cb:fe:1b:06:cd:17:0e:2d:3f:f1:5e:3a:ed:dc:5f:
         6f:1b:9a:12:4c:dd:71:c3:31:84:a9:84:97:42:71:fa:71:7d:
         59:0e:f2:be:db:c9:72:b4:a4:02:5d:3b:75:5a:70:d6:96:73:
         eb:09:30:6f:72:ad:5a:90:97:e7:c7:43:e5:d1:b9:c1:b0:da:
         fc:c6:ec:85:c6:12:9a:01:f7:23:be:99:5a:a5:b8:c2:88:fc:
         99:b5:aa:94:69:86:86:57:0e:97:bb:2d:b0:1c:af:de:b2:81:
         3a:4a:9e:c2:6c:27:01:61:fd:d2:c4:f5:c8:22:93:5c:39:ed:
         2b:04:40:3e:42:51:d1:f6:ad:3f:c2:3b:2f:87:a8:f5:01:69:
         60:0d:06:c8:84:a8:b1:a0:b9:c6:29:97:96:c8:93:bc:07:0b:
         33:ab:3f:17:5a:a1:ec:0a:ad:dc:aa:60:d8:bf:e1:35:41:1d:
         7c:5b:6f:88
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUHEd3xXMHog1n/PyrjmYa1YUQCnUwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDEwNVoX
DTI3MDMwMzA2MDYwNVowMzExMC8GA1UEAxMoQkJCRTQwQ0MwODI1RENENDU4OENB
OTQyQTk4RDNDRTAyMkY4NjkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANoKsVMncZ8am4sbavjAsS9F9fVP6JXMhCfdk3bnbLIQY/WYibDDyGzTJPco
UTmMNkL/00ZiU5Jl+WLZxW4wz0Kh3RCsO5ii+Cwdv+V0pdlAVLGMOSQ6BEJVHEap
lJAiYh+5Bi9yXPpVpY8j9RXgKCRUAE6JRgcFvdlt7GqSo0L/WQWGowEQ8WoqXVdF
n8TtknVlAajB2az2oU9aSMZVoC0yaI7qtWeTC8Zd4psdV2GeUtqZw7YI3yPBCw4u
npyZ20UsGeV2Lr76aHSIIDXoHqL2xR5m81UW7HgD4qgO+WY87RgD6wkS47C/P6r3
SNbQcRTAWlhYbS/p9XYQNmEYKZECAwEAAaOCAcUwggHBMB0GA1UdDgQWBBS7vkDM
CCXc1FiMqUKpjTzgIvhpFDAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MzIzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
okgwDQYJKoZIhvcNAQELBQADggEBANSldDbMqUHOZ2ojgUZ8lm8OvZ7b+QP2QcPU
sy8YIoomMjn9lTmPsCwD9rNXPhNmPZp67Rr3CqtAu4HsEtMyuDbcD9xEWp5pI+Q4
xcv+GwbNFw4tP/FeOu3cX28bmhJM3XHDMYSphJdCcfpxfVkO8r7byXK0pAJdO3Va
cNaWc+sJMG9yrVqQl+fHQ+XRucGw2vzG7IXGEpoB9yO+mVqluMKI/Jm1qpRphoZX
Dpe7LbAcr96ygTpKnsJsJwFh/dLE9cgik1w57SsEQD5CUdH2rT/COy+HqPUBaWAN
BsiEqLGgucYpl5bIk7wHCzOrPxdaoewKrdyqYNi/4TVBHXxbb4g=
-----END CERTIFICATE-----