Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143260.roa
File:                     AS143260.roa (raw, json)
Hash identifier:          IZTrER7GMvUUCEqEOEGO/+pgG51COzP+Mua5TzlpLQs=
Subject key identifier:   A9:30:D3:C5:D0:FC:EC:A8:3C:85:4C:3E:5B:37:A6:BD:F3:BB:F6:01
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       25E6AE6225A001B6FB6B7496CBD865681F807B86
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143260.roa
Signing time:             Wed 04 Mar 2026 06:07:52 +0000
ROA not before:           Wed 04 Mar 2026 06:02:52 +0000
ROA not after:            Wed 03 Mar 2027 06:07:52 +0000
asID:                     143260
IP address blocks:        240a:a262::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:e6:ae:62:25:a0:01:b6:fb:6b:74:96:cb:d8:65:68:1f:80:7b:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:02:52 2026 GMT
            Not After : Mar  3 06:07:52 2027 GMT
        Subject: CN=A930D3C5D0FCECA83C854C3E5B37A6BDF3BBF601
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:4d:c9:a6:97:1f:2a:62:aa:82:6d:ca:13:24:
                    fe:e8:23:fc:f2:6b:ac:d6:a8:dd:24:38:f1:88:b5:
                    31:bb:67:df:e8:0c:53:05:f3:7c:a5:3a:16:42:e4:
                    31:0e:1e:eb:38:3e:c6:2e:60:06:f8:23:3c:75:f2:
                    57:f4:79:4c:40:79:00:2d:12:59:0c:19:22:e9:74:
                    87:7b:f0:45:e9:0a:77:77:af:0e:d5:1b:d4:10:27:
                    03:e3:00:0a:e2:2f:5c:ef:ca:57:43:a9:1c:49:33:
                    91:35:ac:63:69:ec:aa:e2:b9:f5:74:d8:cd:2a:c5:
                    5e:84:80:3d:f7:38:5f:99:f5:98:c5:69:6c:d8:e0:
                    77:c4:34:d9:6d:e4:a7:e2:b4:81:ec:a1:6f:03:66:
                    2a:28:8a:05:5c:4a:eb:ab:07:4e:9e:d8:9c:49:2f:
                    29:29:09:02:f7:cb:a2:17:81:83:a6:6b:ed:4a:d0:
                    f0:13:60:f5:67:0d:98:4d:91:d5:5b:34:fd:9d:98:
                    e6:86:89:04:ea:00:1e:7c:b1:4b:93:6b:a7:45:6e:
                    8f:1d:68:17:e8:6b:67:ef:5d:ae:04:81:42:e1:40:
                    2b:60:38:c8:ce:ad:44:77:b9:73:65:7f:65:77:28:
                    aa:1b:5f:86:c9:70:9c:97:6a:5b:1a:f3:9d:cc:b9:
                    9b:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:30:D3:C5:D0:FC:EC:A8:3C:85:4C:3E:5B:37:A6:BD:F3:BB:F6:01
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143260.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a262::/32

    Signature Algorithm: sha256WithRSAEncryption
         34:7f:13:cf:8d:f5:ea:a3:4f:3d:72:c3:de:b1:79:0b:bf:66:
         99:2b:ba:27:a4:55:3c:26:fa:aa:48:21:31:74:bd:7a:04:a1:
         9a:5b:8b:c9:33:63:60:ab:75:61:f3:a4:1e:6d:2e:39:51:2e:
         62:ab:ac:af:72:95:cb:82:5a:21:ec:ba:23:13:77:57:a1:23:
         c1:bb:40:55:f8:2b:b4:ff:e1:7f:bb:7d:f4:c5:6e:d1:1f:1c:
         da:83:19:f8:b8:de:94:48:dc:dd:c2:89:e1:ca:84:0d:f9:f1:
         3b:8b:d0:9b:74:b3:86:66:08:0a:ee:d6:14:5f:1f:b3:a9:68:
         13:b1:51:8a:2b:82:98:cb:66:5b:2b:39:2c:1c:16:36:db:e6:
         ce:0d:ed:d2:a7:8b:8f:be:7a:e6:b2:ba:32:a0:1b:25:10:a1:
         53:de:6d:d8:f2:06:37:27:e6:48:c6:e0:c1:0d:eb:d9:bb:73:
         ec:1e:b4:e9:2b:72:bf:28:b4:f0:74:f0:50:7a:20:76:7e:10:
         4b:98:5e:39:77:f2:15:66:7b:0d:a2:eb:8c:0e:20:3f:81:b8:
         c7:ec:25:ad:99:6a:60:a7:23:da:83:36:f3:74:e6:49:5d:b1:
         97:e0:81:5f:c0:9f:f2:68:e1:ed:84:3a:3b:ce:38:ca:ed:92:
         f0:01:1f:00
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUJeauYiWgAbb7a3SWy9hlaB+Ae4YwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDI1MloX
DTI3MDMwMzA2MDc1MlowMzExMC8GA1UEAxMoQTkzMEQzQzVEMEZDRUNBODNDODU0
QzNFNUIzN0E2QkRGM0JCRjYwMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKhNyaaXHypiqoJtyhMk/ugj/PJrrNao3SQ48Yi1Mbtn3+gMUwXzfKU6FkLk
MQ4e6zg+xi5gBvgjPHXyV/R5TEB5AC0SWQwZIul0h3vwRekKd3evDtUb1BAnA+MA
CuIvXO/KV0OpHEkzkTWsY2nsquK59XTYzSrFXoSAPfc4X5n1mMVpbNjgd8Q02W3k
p+K0geyhbwNmKiiKBVxK66sHTp7YnEkvKSkJAvfLoheBg6Zr7UrQ8BNg9WcNmE2R
1Vs0/Z2Y5oaJBOoAHnyxS5Nrp0Vujx1oF+hrZ+9drgSBQuFAK2A4yM6tRHe5c2V/
ZXcoqhtfhslwnJdqWxrzncy5m2sCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBSpMNPF
0PzsqDyFTD5bN6a987v2ATAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MzI2MC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
omIwDQYJKoZIhvcNAQELBQADggEBADR/E8+N9eqjTz1yw96xeQu/ZpkruiekVTwm
+qpIITF0vXoEoZpbi8kzY2CrdWHzpB5tLjlRLmKrrK9ylcuCWiHsuiMTd1ehI8G7
QFX4K7T/4X+7ffTFbtEfHNqDGfi43pRI3N3CieHKhA358TuL0Jt0s4ZmCAru1hRf
H7OpaBOxUYorgpjLZlsrOSwcFjbb5s4N7dKni4++euayujKgGyUQoVPebdjyBjcn
5kjG4MEN69m7c+wetOkrcr8otPB08FB6IHZ+EEuYXjl38hVmew2i64wOID+BuMfs
Ja2ZamCnI9qDNvN05kldsZfggV/An/Jo4e2EOjvOOMrtkvABHwA=
-----END CERTIFICATE-----