Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143288.roa
File:                     AS143288.roa (raw, json)
Hash identifier:          NorYKj3YNfm1QdpTr9CDRNitX9icV7BVWtTcjR2lllE=
Subject key identifier:   33:CF:29:4B:51:81:20:25:4E:F2:CE:C1:32:E1:B7:54:C7:61:4B:05
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       4EC9D1FA9B09478562C1BF7318246C6EAC959CE6
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143288.roa
Signing time:             Wed 04 Mar 2026 06:07:28 +0000
ROA not before:           Wed 04 Mar 2026 06:02:28 +0000
ROA not after:            Wed 03 Mar 2027 06:07:28 +0000
asID:                     143288
IP address blocks:        240a:a27e::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4e:c9:d1:fa:9b:09:47:85:62:c1:bf:73:18:24:6c:6e:ac:95:9c:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:02:28 2026 GMT
            Not After : Mar  3 06:07:28 2027 GMT
        Subject: CN=33CF294B518120254EF2CEC132E1B754C7614B05
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:5c:5d:5c:01:5a:f3:b9:de:10:f1:71:85:0f:
                    eb:02:52:15:04:c6:39:ef:8b:d8:9b:3a:ca:a0:e4:
                    57:2d:37:2a:20:c8:08:a3:62:80:14:b2:0f:4a:07:
                    07:0f:47:5c:de:77:b9:3a:92:d6:ab:d4:6e:62:92:
                    51:d4:bc:5c:77:cc:da:ae:c8:4a:eb:14:be:46:5c:
                    a9:d0:dc:d5:14:cf:27:0a:60:c2:c7:5f:13:76:e8:
                    da:4a:cb:b0:e7:fe:d9:10:0f:57:e9:82:c8:fe:2f:
                    b2:52:32:47:30:20:f1:01:e9:e4:8a:38:dc:04:5a:
                    e2:5a:43:a9:95:f0:95:ea:5b:6b:95:9f:ee:9d:1a:
                    28:f2:5d:c0:62:12:6d:97:ff:35:4a:97:45:e0:1e:
                    0a:95:ed:dd:01:c4:de:f8:04:26:24:27:c2:99:4b:
                    be:7d:98:f8:46:08:f2:ee:da:1c:ca:e1:65:06:91:
                    03:fd:78:6a:26:f3:1e:da:fb:e8:60:fb:b0:52:16:
                    fd:aa:31:15:23:8e:d2:33:b8:a3:99:08:0e:c4:9f:
                    3c:0b:50:a1:ea:fd:6b:99:04:f9:cb:6f:d0:cc:d3:
                    58:95:e3:f7:7a:51:3e:4e:a8:32:ec:77:6c:90:da:
                    2a:5f:f9:bb:d4:8f:11:50:26:77:f0:59:01:1c:73:
                    57:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:CF:29:4B:51:81:20:25:4E:F2:CE:C1:32:E1:B7:54:C7:61:4B:05
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143288.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a27e::/32

    Signature Algorithm: sha256WithRSAEncryption
         2a:24:d2:d9:0c:59:72:d3:63:8c:1c:d0:d8:ad:56:b7:69:0c:
         3f:6d:9f:c8:93:18:06:3a:06:82:01:8f:fa:d1:04:e8:c7:e3:
         4a:2d:fb:23:68:e0:5f:85:47:d7:5c:c9:19:da:c5:e3:c6:58:
         28:98:63:2b:f6:43:01:5e:76:3e:c7:18:49:b1:e7:b8:3b:95:
         b0:7e:14:22:cc:93:a0:41:8c:87:13:a7:11:0a:c7:d5:98:a9:
         5f:2a:f2:75:8d:40:ab:2c:64:2b:e0:8c:84:97:9a:f5:7a:9b:
         df:9f:a1:9f:2b:6b:1d:0b:6e:a3:b6:e6:91:4b:ce:9f:fc:2c:
         2c:00:34:8b:3f:bd:d3:43:dc:61:f7:78:ce:ab:37:af:de:ee:
         ac:51:ee:64:7a:0d:9d:66:0d:91:37:8b:c2:9f:f9:f6:dc:13:
         46:32:67:55:34:5a:99:29:90:1f:2e:1a:06:28:c5:e5:4d:e3:
         3b:ca:c5:ad:d7:39:18:28:50:64:44:be:1c:05:23:e2:64:41:
         ca:e4:04:e4:01:01:24:91:45:52:8e:d1:ce:56:1d:3e:de:38:
         c3:81:cd:82:b5:78:0e:ee:d5:dc:7b:f4:91:97:b7:22:4c:21:
         22:19:73:e9:d9:c7:17:27:4d:af:da:70:97:e4:9b:d9:46:8a:
         8d:5a:d1:cc
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUTsnR+psJR4Viwb9zGCRsbqyVnOYwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDIyOFoX
DTI3MDMwMzA2MDcyOFowMzExMC8GA1UEAxMoMzNDRjI5NEI1MTgxMjAyNTRFRjJD
RUMxMzJFMUI3NTRDNzYxNEIwNTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANNcXVwBWvO53hDxcYUP6wJSFQTGOe+L2Js6yqDkVy03KiDICKNigBSyD0oH
Bw9HXN53uTqS1qvUbmKSUdS8XHfM2q7ISusUvkZcqdDc1RTPJwpgwsdfE3bo2krL
sOf+2RAPV+mCyP4vslIyRzAg8QHp5Io43ARa4lpDqZXwlepba5Wf7p0aKPJdwGIS
bZf/NUqXReAeCpXt3QHE3vgEJiQnwplLvn2Y+EYI8u7aHMrhZQaRA/14aibzHtr7
6GD7sFIW/aoxFSOO0jO4o5kIDsSfPAtQoer9a5kE+ctv0MzTWJXj93pRPk6oMux3
bJDaKl/5u9SPEVAmd/BZARxzVzUCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQzzylL
UYEgJU7yzsEy4bdUx2FLBTAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MzI4OC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
on4wDQYJKoZIhvcNAQELBQADggEBACok0tkMWXLTY4wc0NitVrdpDD9tn8iTGAY6
BoIBj/rRBOjH40ot+yNo4F+FR9dcyRnaxePGWCiYYyv2QwFedj7HGEmx57g7lbB+
FCLMk6BBjIcTpxEKx9WYqV8q8nWNQKssZCvgjISXmvV6m9+foZ8rax0LbqO25pFL
zp/8LCwANIs/vdND3GH3eM6rN6/e7qxR7mR6DZ1mDZE3i8Kf+fbcE0YyZ1U0Wpkp
kB8uGgYoxeVN4zvKxa3XORgoUGREvhwFI+JkQcrkBOQBASSRRVKO0c5WHT7eOMOB
zYK1eA7u1dx79JGXtyJMISIZc+nZxxcnTa/acJfkm9lGio1a0cw=
-----END CERTIFICATE-----