Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143308.roa
File:                     AS143308.roa (raw, json)
Hash identifier:          RYqPQ2+nVJNtxqMCK/czIyZIdrgXQS/6qnnhvcaD0yM=
Subject key identifier:   1F:E0:22:B6:35:C4:0A:A5:21:11:0F:EF:BF:4A:80:8A:25:A1:EA:2B
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       5B2032636C76EEE27449C916401582C4582A1F10
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143308.roa
Signing time:             Wed 04 Mar 2026 06:07:08 +0000
ROA not before:           Wed 04 Mar 2026 06:02:08 +0000
ROA not after:            Wed 03 Mar 2027 06:07:08 +0000
asID:                     143308
IP address blocks:        240a:a292::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5b:20:32:63:6c:76:ee:e2:74:49:c9:16:40:15:82:c4:58:2a:1f:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:02:08 2026 GMT
            Not After : Mar  3 06:07:08 2027 GMT
        Subject: CN=1FE022B635C40AA521110FEFBF4A808A25A1EA2B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:3e:8e:cf:90:d3:2e:a3:7f:80:71:62:b4:46:
                    9a:65:9c:09:e6:b5:0f:ed:87:5a:ae:36:ab:ae:e9:
                    b7:5e:ed:52:1e:4a:97:9e:14:b8:b5:65:33:71:eb:
                    12:f7:48:3b:22:28:f7:43:86:87:7b:d0:bf:cd:51:
                    9f:db:2f:7e:28:a2:0e:90:3d:c5:11:43:5f:b5:b8:
                    1a:9a:74:93:00:73:c4:9d:ea:50:73:0d:5b:16:bd:
                    7b:1b:6c:3f:d6:90:26:20:fd:b9:4b:73:56:84:05:
                    ae:09:36:a4:fa:29:4b:50:19:94:3b:8b:05:5c:c4:
                    ef:91:0a:eb:14:56:b7:0e:7a:86:19:a0:0c:87:c0:
                    35:9b:31:23:b1:1c:c0:f1:48:82:1e:de:cf:07:b2:
                    c7:8c:0d:ca:05:64:e7:a4:57:54:d8:dd:1f:90:7f:
                    2c:24:8f:d7:c1:1f:73:d6:e7:2b:95:f4:99:6a:1a:
                    63:c4:88:73:90:69:8a:e4:b2:f9:96:1e:25:56:fb:
                    e9:d5:54:6c:f7:8b:ba:c4:3a:75:42:bc:fd:72:b5:
                    03:42:1f:b6:c7:42:5a:e3:a5:37:b9:d9:2e:09:97:
                    22:0b:6c:5e:24:3b:be:6b:13:bc:61:42:2d:50:30:
                    ae:e1:a7:76:17:05:2e:df:6e:9d:4d:bf:fc:e2:4b:
                    9e:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:E0:22:B6:35:C4:0A:A5:21:11:0F:EF:BF:4A:80:8A:25:A1:EA:2B
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143308.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a292::/32

    Signature Algorithm: sha256WithRSAEncryption
         6a:f4:17:8e:a6:e4:75:0d:94:02:8e:6d:13:df:79:ee:ba:bf:
         60:7c:15:81:1c:39:b9:8f:8b:f4:6a:d0:4a:73:34:42:c2:66:
         13:b7:b1:2d:62:d2:03:71:d6:18:64:87:02:51:d4:4b:fc:14:
         0e:20:8e:03:c3:8d:a0:fa:7f:aa:58:e3:0d:48:31:28:c1:0b:
         4b:12:53:11:16:74:7f:43:54:3a:ed:d0:c3:81:0e:51:c6:01:
         c6:50:a1:9a:65:ee:3a:a0:a6:87:80:31:75:26:01:db:7f:c8:
         62:2a:8a:07:2b:7c:11:af:2b:d5:43:28:ad:0c:ab:51:4c:c7:
         34:63:0d:67:87:af:03:67:99:db:09:bc:90:f4:b8:14:0f:79:
         f5:da:2f:b8:e3:0e:9a:e2:92:41:32:c7:f0:b6:16:c4:3d:4b:
         aa:cd:e5:65:02:d6:5e:87:82:48:77:eb:c3:ec:6d:21:4f:4d:
         da:83:3a:01:c6:fc:52:1c:6a:da:ff:60:33:4e:f0:53:82:5a:
         be:63:38:d1:2d:78:1b:5a:05:cf:64:12:cf:88:2d:6c:b9:85:
         97:1d:80:fa:03:76:ba:42:dc:f8:3c:58:b6:8b:38:8b:4a:86:
         c6:f2:d8:50:83:cc:e2:fd:39:8e:86:6a:8d:7c:14:2b:81:c0:
         20:0e:36:11
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUWyAyY2x27uJ0SckWQBWCxFgqHxAwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDIwOFoX
DTI3MDMwMzA2MDcwOFowMzExMC8GA1UEAxMoMUZFMDIyQjYzNUM0MEFBNTIxMTEw
RkVGQkY0QTgwOEEyNUExRUEyQjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKs+js+Q0y6jf4BxYrRGmmWcCea1D+2HWq42q67pt17tUh5Kl54UuLVlM3Hr
EvdIOyIo90OGh3vQv81Rn9svfiiiDpA9xRFDX7W4Gpp0kwBzxJ3qUHMNWxa9exts
P9aQJiD9uUtzVoQFrgk2pPopS1AZlDuLBVzE75EK6xRWtw56hhmgDIfANZsxI7Ec
wPFIgh7ezweyx4wNygVk56RXVNjdH5B/LCSP18Efc9bnK5X0mWoaY8SIc5BpiuSy
+ZYeJVb76dVUbPeLusQ6dUK8/XK1A0IftsdCWuOlN7nZLgmXIgtsXiQ7vmsTvGFC
LVAwruGndhcFLt9unU2//OJLnqMCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQf4CK2
NcQKpSERD++/SoCKJaHqKzAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MzMwOC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
opIwDQYJKoZIhvcNAQELBQADggEBAGr0F46m5HUNlAKObRPfee66v2B8FYEcObmP
i/Rq0EpzNELCZhO3sS1i0gNx1hhkhwJR1Ev8FA4gjgPDjaD6f6pY4w1IMSjBC0sS
UxEWdH9DVDrt0MOBDlHGAcZQoZpl7jqgpoeAMXUmAdt/yGIqigcrfBGvK9VDKK0M
q1FMxzRjDWeHrwNnmdsJvJD0uBQPefXaL7jjDprikkEyx/C2FsQ9S6rN5WUC1l6H
gkh368PsbSFPTdqDOgHG/FIcatr/YDNO8FOCWr5jONEteBtaBc9kEs+ILWy5hZcd
gPoDdrpC3Pg8WLaLOItKhsby2FCDzOL9OY6Gao18FCuBwCAONhE=
-----END CERTIFICATE-----