Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143252.roa
File:                     AS143252.roa (raw, json)
Hash identifier:          4Vhqkr9ZKH70BGw8Pn+F9WtZnAetHkh0SmeR/3ogtiU=
Subject key identifier:   98:5E:77:A0:3F:E2:1A:8D:D8:29:D8:B5:51:C8:D7:70:41:E1:8E:A5
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       50D5C70DCE21DCA32E8E55BD56448D79039EC4C3
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143252.roa
Signing time:             Wed 04 Mar 2026 06:05:48 +0000
ROA not before:           Wed 04 Mar 2026 06:00:48 +0000
ROA not after:            Wed 03 Mar 2027 06:05:48 +0000
asID:                     143252
IP address blocks:        240a:a25a::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            50:d5:c7:0d:ce:21:dc:a3:2e:8e:55:bd:56:44:8d:79:03:9e:c4:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:00:48 2026 GMT
            Not After : Mar  3 06:05:48 2027 GMT
        Subject: CN=985E77A03FE21A8DD829D8B551C8D77041E18EA5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:92:10:ca:cb:b6:5b:84:f0:cd:0a:68:8a:02:
                    bd:34:a1:00:f3:af:2d:ec:92:11:fb:5e:7d:78:71:
                    0a:53:83:e5:b7:2c:3d:91:67:f4:58:17:7d:3a:9b:
                    36:61:5a:40:69:47:1c:3b:76:b4:f4:6e:31:70:f9:
                    5b:60:dc:8a:7f:9c:5c:11:28:12:f7:b0:5b:76:cc:
                    24:35:5d:96:f7:f4:87:db:4a:cd:d2:48:02:3d:02:
                    ea:97:14:48:5f:83:92:cf:69:33:83:c7:e2:1f:59:
                    37:82:45:65:89:c3:1a:a8:cf:39:c0:a7:1a:c5:eb:
                    a4:17:d1:c3:7f:0b:e0:d4:6e:84:9f:bb:53:8b:82:
                    45:12:20:08:71:13:de:b0:7b:73:9a:00:08:0b:81:
                    3b:aa:09:93:0d:6e:57:fd:b6:37:44:10:14:31:4f:
                    23:fc:9f:9d:dc:e6:5a:ca:3d:2a:99:f3:3a:ff:a4:
                    d4:d7:16:ae:49:58:cf:3e:25:84:d5:2d:26:3f:85:
                    ae:2f:4e:69:5b:66:9b:6e:24:73:af:1b:c7:b6:dc:
                    fb:98:c0:8a:93:1b:1b:d4:f6:d3:a6:1b:5d:2f:a1:
                    bf:41:5a:10:c0:81:a3:29:ec:54:41:7b:2b:0c:12:
                    d6:82:bd:9a:e9:bc:f4:84:6f:d6:26:61:7f:be:02:
                    8b:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:5E:77:A0:3F:E2:1A:8D:D8:29:D8:B5:51:C8:D7:70:41:E1:8E:A5
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143252.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a25a::/32

    Signature Algorithm: sha256WithRSAEncryption
         42:6c:99:1d:c0:a9:2e:1d:3b:b1:91:29:0e:b3:78:80:5f:8a:
         a3:e4:64:25:0e:13:06:33:fc:84:47:95:46:2b:bc:df:01:20:
         93:6b:b7:ad:e4:16:d5:63:17:0f:58:48:15:2c:21:d4:b4:80:
         71:ab:bc:78:e8:63:f2:8e:3d:1a:57:98:86:4f:1c:4f:b1:40:
         25:0d:3b:08:6b:7f:c2:3f:dd:87:97:06:1b:d1:28:81:e4:81:
         d5:c3:3a:cd:af:d8:b2:d9:c5:d5:f9:45:73:c9:8d:8d:91:b9:
         bb:18:0b:f2:55:cb:9c:8d:a6:d3:5f:c3:e5:2a:17:d7:9f:48:
         93:07:7b:7f:97:e2:8c:84:f8:06:6f:0a:14:b0:bc:1a:06:e9:
         6b:5a:b7:5f:1f:5c:33:88:8f:78:3b:b5:9a:05:ac:3d:22:37:
         04:4c:aa:44:8e:b9:69:db:cb:a2:32:5d:6c:bf:fd:cc:ab:0f:
         41:0f:1d:75:39:75:35:1f:6c:b3:79:a6:11:3e:78:4d:9f:e0:
         d5:a1:1f:98:3d:19:ef:53:f0:6e:1a:7a:78:72:88:61:c1:94:
         72:5c:b4:da:ce:fd:00:90:13:b7:89:87:a8:0d:8b:cb:0c:8f:
         06:cd:cc:44:00:fc:09:fc:ac:84:40:60:dd:58:be:c4:9b:64:
         05:a2:1c:90
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUUNXHDc4h3KMujlW9VkSNeQOexMMwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDA0OFoX
DTI3MDMwMzA2MDU0OFowMzExMC8GA1UEAxMoOTg1RTc3QTAzRkUyMUE4REQ4MjlE
OEI1NTFDOEQ3NzA0MUUxOEVBNTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKSSEMrLtluE8M0KaIoCvTShAPOvLeySEftefXhxClOD5bcsPZFn9FgXfTqb
NmFaQGlHHDt2tPRuMXD5W2Dcin+cXBEoEvewW3bMJDVdlvf0h9tKzdJIAj0C6pcU
SF+Dks9pM4PH4h9ZN4JFZYnDGqjPOcCnGsXrpBfRw38L4NRuhJ+7U4uCRRIgCHET
3rB7c5oACAuBO6oJkw1uV/22N0QQFDFPI/yfndzmWso9KpnzOv+k1NcWrklYzz4l
hNUtJj+Fri9OaVtmm24kc68bx7bc+5jAipMbG9T206YbXS+hv0FaEMCBoynsVEF7
KwwS1oK9mum89IRv1iZhf74Ci6cCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBSYXneg
P+Iajdgp2LVRyNdwQeGOpTAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MzI1Mi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
olowDQYJKoZIhvcNAQELBQADggEBAEJsmR3AqS4dO7GRKQ6zeIBfiqPkZCUOEwYz
/IRHlUYrvN8BIJNrt63kFtVjFw9YSBUsIdS0gHGrvHjoY/KOPRpXmIZPHE+xQCUN
Owhrf8I/3YeXBhvRKIHkgdXDOs2v2LLZxdX5RXPJjY2RubsYC/JVy5yNptNfw+Uq
F9efSJMHe3+X4oyE+AZvChSwvBoG6Wtat18fXDOIj3g7tZoFrD0iNwRMqkSOuWnb
y6IyXWy//cyrD0EPHXU5dTUfbLN5phE+eE2f4NWhH5g9Ge9T8G4aenhyiGHBlHJc
tNrO/QCQE7eJh6gNi8sMjwbNzEQA/An8rIRAYN1YvsSbZAWiHJA=
-----END CERTIFICATE-----