Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143255.roa
File:                     AS143255.roa (raw, json)
Hash identifier:          Y23MHibRywP6vvuayg3eL2JHdf5jt5NbpOdils159kQ=
Subject key identifier:   49:D4:6C:E2:CD:C9:CA:BA:82:BD:E6:A3:82:80:5D:99:6E:8F:85:80
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       4D4D471DE6C6B02A0526ECCF8A9B7C6D375DD0F8
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143255.roa
Signing time:             Wed 04 Mar 2026 06:06:29 +0000
ROA not before:           Wed 04 Mar 2026 06:01:29 +0000
ROA not after:            Wed 03 Mar 2027 06:06:29 +0000
asID:                     143255
IP address blocks:        240a:a25d::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:4d:47:1d:e6:c6:b0:2a:05:26:ec:cf:8a:9b:7c:6d:37:5d:d0:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:01:29 2026 GMT
            Not After : Mar  3 06:06:29 2027 GMT
        Subject: CN=49D46CE2CDC9CABA82BDE6A382805D996E8F8580
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:e0:a9:5e:48:d9:4c:82:c7:ec:d0:3f:9b:e3:
                    28:34:50:68:ce:f2:15:d4:66:9c:49:e3:32:a7:38:
                    9e:21:ae:b3:5e:48:dd:d4:39:6d:8c:3c:98:37:01:
                    6d:57:04:00:f4:18:6d:45:83:c1:15:30:ef:c6:2c:
                    9b:dd:f0:42:dc:f5:74:80:9d:34:d9:8d:87:b9:1f:
                    13:07:c3:bf:77:05:05:2b:0f:75:3c:c2:45:7f:c1:
                    ff:b1:dd:10:9c:3d:92:d9:f7:da:d8:11:79:e0:07:
                    4d:32:6b:63:8e:74:8b:90:1b:49:2a:49:6f:a2:51:
                    d6:29:b7:37:5d:42:13:fa:76:13:78:7f:3d:dc:fd:
                    4f:04:7d:65:bb:d8:25:ef:fd:8c:cb:03:bf:fc:97:
                    93:67:d7:8e:41:9a:43:89:a9:f3:6b:da:4a:7d:bb:
                    1d:21:47:87:39:ae:6d:1a:fb:71:7f:50:b4:60:82:
                    27:59:f5:41:c0:31:0a:97:e6:ca:12:6d:3e:28:13:
                    18:5d:61:1a:0a:09:d6:2d:27:d3:d3:3e:98:9f:ce:
                    d3:a1:db:a7:0b:96:6c:6c:ad:d0:8b:88:cc:77:1b:
                    95:6e:61:d2:33:11:69:24:00:4a:e9:35:68:a6:f4:
                    71:0e:52:63:79:be:18:40:62:ec:b6:fa:7d:ee:47:
                    d2:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:D4:6C:E2:CD:C9:CA:BA:82:BD:E6:A3:82:80:5D:99:6E:8F:85:80
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143255.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a25d::/32

    Signature Algorithm: sha256WithRSAEncryption
         ad:3b:2a:30:02:b9:14:98:10:f4:2e:38:c5:15:1e:98:83:b2:
         d1:c0:52:5c:c2:85:1a:b0:30:89:e0:09:15:be:f2:8b:da:53:
         12:05:b6:2d:2d:65:ed:e0:44:bc:48:9a:7a:5e:1c:63:04:41:
         42:be:96:84:3e:70:87:84:28:9c:72:5f:6a:89:d5:d0:13:04:
         25:28:fb:71:0f:aa:0a:f4:f7:21:4d:b8:f3:e2:ca:e9:51:be:
         26:0b:4e:4d:65:5e:7d:7c:8f:dd:f4:05:53:69:de:c9:3f:64:
         d4:81:87:bf:ab:c6:03:a0:77:5e:4b:36:59:4c:40:27:3f:5c:
         ba:07:01:26:fd:3f:47:e1:9b:49:90:72:fd:c1:20:f6:2e:e0:
         a9:5a:8f:50:1a:1a:74:03:6a:e5:9e:87:3d:f9:2a:b1:b6:6e:
         9f:12:32:78:da:e6:2f:07:70:92:42:33:4a:6e:39:db:e2:11:
         7d:5f:23:60:40:db:bb:4b:cb:4f:ed:a1:4f:a1:a4:5b:fa:6a:
         3b:2e:20:19:45:62:b7:22:4c:af:33:8f:4c:87:0f:ac:ec:f7:
         3d:f9:77:40:d7:43:36:d4:d5:f8:37:9a:cc:c1:67:66:1a:dc:
         3d:17:c2:f4:cd:35:71:96:38:3d:d0:87:85:bb:19:9b:69:99:
         38:cf:15:bd
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUTU1HHebGsCoFJuzPipt8bTdd0PgwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDEyOVoX
DTI3MDMwMzA2MDYyOVowMzExMC8GA1UEAxMoNDlENDZDRTJDREM5Q0FCQTgyQkRF
NkEzODI4MDVEOTk2RThGODU4MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALPgqV5I2UyCx+zQP5vjKDRQaM7yFdRmnEnjMqc4niGus15I3dQ5bYw8mDcB
bVcEAPQYbUWDwRUw78Ysm93wQtz1dICdNNmNh7kfEwfDv3cFBSsPdTzCRX/B/7Hd
EJw9ktn32tgReeAHTTJrY450i5AbSSpJb6JR1im3N11CE/p2E3h/Pdz9TwR9ZbvY
Je/9jMsDv/yXk2fXjkGaQ4mp82vaSn27HSFHhzmubRr7cX9QtGCCJ1n1QcAxCpfm
yhJtPigTGF1hGgoJ1i0n09M+mJ/O06HbpwuWbGyt0IuIzHcblW5h0jMRaSQASuk1
aKb0cQ5SY3m+GEBi7Lb6fe5H0s0CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBRJ1Gzi
zcnKuoK95qOCgF2Zbo+FgDAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MzI1NS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
ol0wDQYJKoZIhvcNAQELBQADggEBAK07KjACuRSYEPQuOMUVHpiDstHAUlzChRqw
MIngCRW+8ovaUxIFti0tZe3gRLxImnpeHGMEQUK+loQ+cIeEKJxyX2qJ1dATBCUo
+3EPqgr09yFNuPPiyulRviYLTk1lXn18j930BVNp3sk/ZNSBh7+rxgOgd15LNllM
QCc/XLoHASb9P0fhm0mQcv3BIPYu4Klaj1AaGnQDauWehz35KrG2bp8SMnja5i8H
cJJCM0puOdviEX1fI2BA27tLy0/toU+hpFv6ajsuIBlFYrciTK8zj0yHD6zs9z35
d0DXQzbU1fg3mszBZ2Ya3D0XwvTNNXGWOD3Qh4W7GZtpmTjPFb0=
-----END CERTIFICATE-----