Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143245.roa
File:                     AS143245.roa (raw, json)
Hash identifier:          LDe09+84txXKWZ9U4DJuaNN/X7ReuQaPrZnLYmUqbi8=
Subject key identifier:   C0:5D:67:70:0E:47:26:03:03:8A:DC:EC:F2:00:E4:C6:E1:9D:62:4A
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       51AE08640C8888D7C9FA31D0F29AD855C9CE8D29
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143245.roa
Signing time:             Wed 04 Mar 2026 06:05:53 +0000
ROA not before:           Wed 04 Mar 2026 06:00:53 +0000
ROA not after:            Wed 03 Mar 2027 06:05:53 +0000
asID:                     143245
IP address blocks:        240a:a253::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            51:ae:08:64:0c:88:88:d7:c9:fa:31:d0:f2:9a:d8:55:c9:ce:8d:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:00:53 2026 GMT
            Not After : Mar  3 06:05:53 2027 GMT
        Subject: CN=C05D67700E472603038ADCECF200E4C6E19D624A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:5e:da:b1:29:64:95:21:17:9d:dd:9f:cc:d1:
                    ec:f7:db:72:ea:f3:c9:58:f8:cd:21:ef:01:9c:96:
                    bc:81:f9:fd:d5:8a:91:d7:91:a9:39:fa:19:da:82:
                    c5:2c:75:91:92:7b:a2:ce:39:80:20:6f:7c:70:9b:
                    b2:18:ca:ab:5a:33:1b:ea:19:5f:a9:2d:e7:aa:69:
                    a3:04:2b:2e:4f:da:e8:a0:bb:c2:cf:5d:3e:90:da:
                    23:66:a4:28:8c:ed:e6:ff:e2:7e:8c:35:b1:e3:fe:
                    57:d4:ea:57:6f:2d:de:77:81:92:a8:4b:c0:2c:85:
                    d3:8f:9f:0e:ff:e3:be:2c:14:f5:5f:4a:a3:9f:94:
                    7a:84:d0:72:f0:53:29:05:74:38:37:df:d9:74:73:
                    47:41:49:cd:e1:4c:a8:36:fd:b7:f2:d0:4b:6d:e1:
                    80:f3:33:28:84:f3:18:db:2d:7b:16:c5:41:67:f2:
                    17:81:ff:76:e2:2b:d2:b4:12:32:ff:72:54:7c:89:
                    cd:b1:7c:85:d2:6e:b9:45:5f:eb:36:4f:08:c8:61:
                    c9:02:ae:09:a1:0a:37:cf:e4:37:f7:9c:55:03:61:
                    cd:7a:fb:03:de:e5:9a:9a:fb:5f:df:d0:ec:3e:4f:
                    03:25:69:39:91:2b:d3:2c:a3:57:4c:2e:2f:84:c5:
                    45:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:5D:67:70:0E:47:26:03:03:8A:DC:EC:F2:00:E4:C6:E1:9D:62:4A
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143245.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a253::/32

    Signature Algorithm: sha256WithRSAEncryption
         5a:2f:a0:23:9c:54:cb:3c:12:cc:6b:e6:4a:e8:f4:6f:a0:f4:
         78:48:54:f3:67:ad:57:02:b8:5a:74:6c:49:66:c9:32:1e:83:
         f2:3d:00:67:68:f2:14:ad:28:26:6a:37:4b:35:b1:52:1b:fa:
         fd:73:e0:f8:9b:2e:8f:89:9c:49:65:c0:85:e1:bb:83:4e:5b:
         bf:57:7f:80:58:16:e3:8a:d3:b0:57:d9:43:c6:ac:b8:97:a0:
         da:60:0a:56:fc:b1:ef:d0:f6:f7:dd:10:24:5c:e0:42:42:de:
         e4:ee:0d:e5:e4:5b:6f:84:96:e0:46:7a:ce:58:3f:73:13:57:
         e1:e6:90:a7:bf:84:ba:c9:77:be:61:c6:d3:89:62:02:75:84:
         9e:9d:3d:ee:74:7e:e2:08:08:02:39:88:d5:3f:82:76:46:f3:
         6c:01:2b:62:dd:fa:35:18:e3:0b:db:b4:07:b7:d5:3a:d4:4c:
         59:04:fd:6a:66:07:8a:2b:49:c0:63:28:da:97:18:20:71:ec:
         2c:b4:23:e2:3a:31:ae:ac:8a:3a:e3:09:86:01:45:f8:2d:a4:
         e4:3a:34:f3:06:0c:86:0d:b3:af:9f:30:df:8c:34:b3:74:00:
         31:e0:54:95:de:77:71:ce:1d:9e:52:7f:c6:f4:3d:1f:29:d0:
         a5:7a:37:c3
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUUa4IZAyIiNfJ+jHQ8prYVcnOjSkwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDA1M1oX
DTI3MDMwMzA2MDU1M1owMzExMC8GA1UEAxMoQzA1RDY3NzAwRTQ3MjYwMzAzOEFE
Q0VDRjIwMEU0QzZFMTlENjI0QTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL1e2rEpZJUhF53dn8zR7PfbcurzyVj4zSHvAZyWvIH5/dWKkdeRqTn6GdqC
xSx1kZJ7os45gCBvfHCbshjKq1ozG+oZX6kt56ppowQrLk/a6KC7ws9dPpDaI2ak
KIzt5v/ifow1seP+V9TqV28t3neBkqhLwCyF04+fDv/jviwU9V9Ko5+UeoTQcvBT
KQV0ODff2XRzR0FJzeFMqDb9t/LQS23hgPMzKITzGNstexbFQWfyF4H/duIr0rQS
Mv9yVHyJzbF8hdJuuUVf6zZPCMhhyQKuCaEKN8/kN/ecVQNhzXr7A97lmpr7X9/Q
7D5PAyVpOZEr0yyjV0wuL4TFRZUCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBTAXWdw
DkcmAwOK3OzyAOTG4Z1iSjAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MzI0NS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
olMwDQYJKoZIhvcNAQELBQADggEBAFovoCOcVMs8Esxr5kro9G+g9HhIVPNnrVcC
uFp0bElmyTIeg/I9AGdo8hStKCZqN0s1sVIb+v1z4PibLo+JnEllwIXhu4NOW79X
f4BYFuOK07BX2UPGrLiXoNpgClb8se/Q9vfdECRc4EJC3uTuDeXkW2+EluBGes5Y
P3MTV+HmkKe/hLrJd75hxtOJYgJ1hJ6dPe50fuIICAI5iNU/gnZG82wBK2Ld+jUY
4wvbtAe31TrUTFkE/WpmB4orScBjKNqXGCBx7Cy0I+I6Ma6sijrjCYYBRfgtpOQ6
NPMGDIYNs6+fMN+MNLN0ADHgVJXed3HOHZ5Sf8b0PR8p0KV6N8M=
-----END CERTIFICATE-----