Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143296.roa
File:                     AS143296.roa (raw, json)
Hash identifier:          frbjlEt/2qgR4uqMqJtzb4Yb9LErTUwekAoczU2A2Og=
Subject key identifier:   C4:71:46:44:FB:A0:6C:99:52:68:FA:DC:E3:F8:C3:0B:23:47:5A:D1
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       2FA35362C21AB44873801429B03F13128A8DB586
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143296.roa
Signing time:             Wed 04 Mar 2026 06:06:08 +0000
ROA not before:           Wed 04 Mar 2026 06:01:08 +0000
ROA not after:            Wed 03 Mar 2027 06:06:08 +0000
asID:                     143296
IP address blocks:        240a:a286::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2f:a3:53:62:c2:1a:b4:48:73:80:14:29:b0:3f:13:12:8a:8d:b5:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:01:08 2026 GMT
            Not After : Mar  3 06:06:08 2027 GMT
        Subject: CN=C4714644FBA06C995268FADCE3F8C30B23475AD1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:96:17:ed:38:e6:33:1d:7f:dc:69:7f:7e:06:
                    5b:91:d4:f3:b7:eb:1c:be:cb:e3:b2:fc:13:93:50:
                    7d:a7:e1:c6:da:27:f1:7c:76:19:07:45:8c:cb:a3:
                    96:94:74:c7:7d:78:0b:5c:fe:1b:73:9e:3f:bf:2c:
                    a5:d8:e4:40:1d:d1:a5:b0:bb:a3:2a:89:cc:db:52:
                    59:9d:92:04:5a:6b:b8:a6:39:5c:06:e6:9b:d9:b4:
                    85:cc:a8:be:6d:a5:ef:f6:5b:0e:2e:21:c5:07:e3:
                    60:f3:27:4c:c3:82:d5:cf:7f:2b:7d:6f:99:ed:df:
                    42:95:80:3b:e7:50:fa:a4:3d:6f:da:f3:4f:43:6b:
                    27:54:2b:68:f2:df:46:9f:6d:09:ed:fd:cd:3d:74:
                    8f:1f:01:62:64:d8:87:9e:40:ef:95:58:f8:e4:6f:
                    12:97:2b:1a:8d:d4:a8:28:16:a2:c2:2f:ac:54:67:
                    d0:6d:e8:48:02:30:4a:e6:8b:e6:9e:4c:9c:23:f4:
                    44:33:17:d0:d4:45:aa:92:ca:03:b9:06:b1:1a:86:
                    ed:85:c4:1e:bb:57:d0:28:b0:47:43:9f:79:bf:96:
                    77:33:c1:de:65:75:7c:5d:1b:e4:3b:37:23:c5:cd:
                    96:15:4c:85:e0:3e:c8:97:95:28:1e:a1:96:b2:05:
                    30:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:71:46:44:FB:A0:6C:99:52:68:FA:DC:E3:F8:C3:0B:23:47:5A:D1
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143296.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a286::/32

    Signature Algorithm: sha256WithRSAEncryption
         7d:53:3d:2a:c1:18:ae:f1:c8:9f:ad:e3:d9:ce:e5:bd:8b:7a:
         8d:09:ad:c9:f5:45:bd:5f:0e:c2:d0:53:6b:5c:86:2b:18:67:
         36:f5:cb:b0:e8:94:c9:b4:2c:4b:47:b3:29:8a:31:72:70:ec:
         a5:7f:71:58:55:db:07:99:bb:59:d0:50:f5:6d:4c:03:53:09:
         ea:64:d6:e4:a3:e0:8d:1a:57:65:90:ac:07:2a:45:c8:6d:ba:
         c2:a3:73:39:33:07:56:5f:10:e4:cd:2d:39:56:4e:ea:1b:95:
         50:e4:aa:8a:99:17:ef:33:30:3d:eb:2f:0f:dc:fa:19:b2:a6:
         b4:6b:c0:3b:6c:dc:ee:43:98:a2:82:30:09:69:46:5b:f2:80:
         22:34:1d:02:83:7e:84:c9:07:c0:7d:eb:f1:f8:50:53:35:4e:
         4f:bd:a9:64:26:ce:ad:53:be:d9:db:c4:a1:e4:b8:04:48:5c:
         8f:9b:79:83:5b:a7:13:59:de:a6:f5:6e:37:4c:18:87:c1:b8:
         d3:b7:8e:96:53:58:5b:00:40:3b:70:db:0a:ca:28:ec:c4:cd:
         4e:40:7e:97:52:58:5f:a7:04:01:e3:20:ba:49:b6:03:69:ef:
         bb:90:4e:a9:bc:8d:31:06:8f:d6:24:65:22:7d:f7:fa:38:74:
         78:1b:c4:52
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUL6NTYsIatEhzgBQpsD8TEoqNtYYwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDEwOFoX
DTI3MDMwMzA2MDYwOFowMzExMC8GA1UEAxMoQzQ3MTQ2NDRGQkEwNkM5OTUyNjhG
QURDRTNGOEMzMEIyMzQ3NUFEMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALCWF+045jMdf9xpf34GW5HU87frHL7L47L8E5NQfafhxton8Xx2GQdFjMuj
lpR0x314C1z+G3OeP78spdjkQB3RpbC7oyqJzNtSWZ2SBFpruKY5XAbmm9m0hcyo
vm2l7/ZbDi4hxQfjYPMnTMOC1c9/K31vme3fQpWAO+dQ+qQ9b9rzT0NrJ1QraPLf
Rp9tCe39zT10jx8BYmTYh55A75VY+ORvEpcrGo3UqCgWosIvrFRn0G3oSAIwSuaL
5p5MnCP0RDMX0NRFqpLKA7kGsRqG7YXEHrtX0CiwR0Ofeb+WdzPB3mV1fF0b5Ds3
I8XNlhVMheA+yJeVKB6hlrIFMJECAwEAAaOCAcUwggHBMB0GA1UdDgQWBBTEcUZE
+6BsmVJo+tzj+MMLI0da0TAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MzI5Ni5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
ooYwDQYJKoZIhvcNAQELBQADggEBAH1TPSrBGK7xyJ+t49nO5b2Leo0Jrcn1Rb1f
DsLQU2tchisYZzb1y7DolMm0LEtHsymKMXJw7KV/cVhV2weZu1nQUPVtTANTCepk
1uSj4I0aV2WQrAcqRchtusKjczkzB1ZfEOTNLTlWTuoblVDkqoqZF+8zMD3rLw/c
+hmyprRrwDts3O5DmKKCMAlpRlvygCI0HQKDfoTJB8B96/H4UFM1Tk+9qWQmzq1T
vtnbxKHkuARIXI+beYNbpxNZ3qb1bjdMGIfBuNO3jpZTWFsAQDtw2wrKKOzEzU5A
fpdSWF+nBAHjILpJtgNp77uQTqm8jTEGj9YkZSJ99/o4dHgbxFI=
-----END CERTIFICATE-----