Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143321.roa
File:                     AS143321.roa (raw, json)
Hash identifier:          lbyfo20GZz2fbuyhvs+jgKiWYBqD1UGJWZppvaFpAYk=
Subject key identifier:   6A:01:1E:BC:AE:76:43:D8:31:9B:C6:F0:C1:C5:A5:58:84:F1:93:C8
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       21EF3836D2B52808302DD21131D0A1B6F250621E
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143321.roa
Signing time:             Wed 04 Mar 2026 06:05:13 +0000
ROA not before:           Wed 04 Mar 2026 06:00:13 +0000
ROA not after:            Wed 03 Mar 2027 06:05:13 +0000
asID:                     143321
IP address blocks:        240a:a29f::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:ef:38:36:d2:b5:28:08:30:2d:d2:11:31:d0:a1:b6:f2:50:62:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:00:13 2026 GMT
            Not After : Mar  3 06:05:13 2027 GMT
        Subject: CN=6A011EBCAE7643D8319BC6F0C1C5A55884F193C8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:18:15:ce:13:ae:86:aa:41:27:9e:47:2c:74:
                    26:c7:2a:91:a2:85:ba:f0:07:ca:49:5e:b9:cd:be:
                    4f:72:85:f8:e5:85:4a:fd:d8:4d:94:b3:5a:13:ad:
                    c5:f3:4c:37:c5:4d:85:43:0d:54:9c:fd:b5:c4:0d:
                    74:66:a0:80:f8:da:20:f1:38:08:91:9e:75:13:0b:
                    d4:80:a9:79:bf:98:7b:39:e8:af:d3:74:d2:36:08:
                    4d:8f:52:c7:38:f7:52:b6:53:52:38:25:7b:41:be:
                    fc:4f:1e:7d:6c:24:58:b1:1c:7f:0a:81:ed:52:aa:
                    bd:7f:bc:fe:96:42:16:1a:75:d4:d7:96:da:1f:d3:
                    61:b0:40:24:94:32:74:a3:07:00:b4:2c:22:de:6d:
                    ce:ee:c9:6a:ec:4c:61:1a:8e:b8:eb:37:17:d7:93:
                    17:dd:83:a3:bc:57:de:ed:6a:5a:07:3a:d5:21:3f:
                    77:8f:51:0c:d0:fa:1d:6b:b9:10:d9:f5:c6:6c:81:
                    1a:28:0d:54:11:48:8c:c8:e5:99:0a:c1:26:4a:33:
                    78:a3:d1:56:15:fe:ec:12:38:67:db:a3:34:98:99:
                    84:eb:58:c3:1b:cf:bf:1c:32:f3:b1:14:20:45:c5:
                    08:70:1d:47:ad:65:a7:d7:b7:f0:da:a9:c6:bf:f3:
                    a8:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:01:1E:BC:AE:76:43:D8:31:9B:C6:F0:C1:C5:A5:58:84:F1:93:C8
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143321.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a29f::/32

    Signature Algorithm: sha256WithRSAEncryption
         67:e1:70:99:a3:9c:02:be:12:c1:84:11:63:9c:e3:9e:29:ee:
         0f:43:ab:23:70:54:62:06:40:3e:49:c8:25:24:08:4a:ac:ba:
         8b:f1:d7:cf:33:5f:e3:77:21:53:e2:0a:44:92:aa:79:33:4f:
         ed:de:ad:98:36:3b:ef:09:32:16:64:6c:66:b0:fe:e1:f4:ae:
         aa:1f:a6:54:a7:23:9f:a9:46:68:38:b1:19:3e:5d:6b:8f:91:
         60:b0:d6:d7:d3:02:22:c2:66:f7:cb:99:76:66:da:43:92:8d:
         f0:12:e7:61:62:4e:da:d4:b3:7b:8c:f7:e9:c8:26:69:1a:c8:
         14:8b:af:2a:8e:cb:a9:d7:3c:7f:e6:75:cb:fb:64:b2:83:2d:
         b6:6d:1f:86:0b:93:af:a7:98:4e:20:dc:e1:84:08:bb:62:b3:
         fd:4a:48:a5:06:98:0c:9c:ba:f6:7a:9b:cc:c0:30:b2:ba:19:
         f4:36:09:23:18:1c:90:7f:70:fb:f5:5f:d2:ba:e6:a7:0b:dc:
         98:15:e9:ed:c4:81:53:30:42:70:64:b2:ee:c6:66:56:62:a3:
         c0:a2:77:8e:b9:0b:19:43:05:55:5f:26:33:cd:84:42:34:2e:
         42:cf:62:9b:02:6a:1a:78:b6:5c:fa:50:7e:06:0f:4f:c1:45:
         ac:cf:45:a0
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUIe84NtK1KAgwLdIRMdChtvJQYh4wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDAxM1oX
DTI3MDMwMzA2MDUxM1owMzExMC8GA1UEAxMoNkEwMTFFQkNBRTc2NDNEODMxOUJD
NkYwQzFDNUE1NTg4NEYxOTNDODCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAIgYFc4TroaqQSeeRyx0JscqkaKFuvAHykleuc2+T3KF+OWFSv3YTZSzWhOt
xfNMN8VNhUMNVJz9tcQNdGaggPjaIPE4CJGedRML1ICpeb+Yeznor9N00jYITY9S
xzj3UrZTUjgle0G+/E8efWwkWLEcfwqB7VKqvX+8/pZCFhp11NeW2h/TYbBAJJQy
dKMHALQsIt5tzu7JauxMYRqOuOs3F9eTF92Do7xX3u1qWgc61SE/d49RDND6HWu5
ENn1xmyBGigNVBFIjMjlmQrBJkozeKPRVhX+7BI4Z9ujNJiZhOtYwxvPvxwy87EU
IEXFCHAdR61lp9e38Nqpxr/zqEECAwEAAaOCAcUwggHBMB0GA1UdDgQWBBRqAR68
rnZD2DGbxvDBxaVYhPGTyDAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MzMyMS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
op8wDQYJKoZIhvcNAQELBQADggEBAGfhcJmjnAK+EsGEEWOc454p7g9DqyNwVGIG
QD5JyCUkCEqsuovx188zX+N3IVPiCkSSqnkzT+3erZg2O+8JMhZkbGaw/uH0rqof
plSnI5+pRmg4sRk+XWuPkWCw1tfTAiLCZvfLmXZm2kOSjfAS52FiTtrUs3uM9+nI
JmkayBSLryqOy6nXPH/mdcv7ZLKDLbZtH4YLk6+nmE4g3OGECLtis/1KSKUGmAyc
uvZ6m8zAMLK6GfQ2CSMYHJB/cPv1X9K65qcL3JgV6e3EgVMwQnBksu7GZlZio8Ci
d465CxlDBVVfJjPNhEI0LkLPYpsCahp4tlz6UH4GD0/BRazPRaA=
-----END CERTIFICATE-----