Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143322.roa
File:                     AS143322.roa (raw, json)
Hash identifier:          uixWR9wge8VeR0Yk7EaRCI7VxQEWwPwhELi5Fr+ERX0=
Subject key identifier:   45:7A:19:DA:BC:64:9D:8D:8A:90:82:64:03:9A:BC:BE:EE:4F:CD:12
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       58C240796FF50419F8CC3D71B0A18E3301EF6936
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143322.roa
Signing time:             Wed 04 Mar 2026 06:07:36 +0000
ROA not before:           Wed 04 Mar 2026 06:02:36 +0000
ROA not after:            Wed 03 Mar 2027 06:07:36 +0000
asID:                     143322
IP address blocks:        240a:a2a0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:c2:40:79:6f:f5:04:19:f8:cc:3d:71:b0:a1:8e:33:01:ef:69:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:02:36 2026 GMT
            Not After : Mar  3 06:07:36 2027 GMT
        Subject: CN=457A19DABC649D8D8A908264039ABCBEEE4FCD12
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:dc:2c:41:29:39:5d:45:1b:3c:ed:e0:81:cf:
                    9f:1f:78:e9:78:9e:a4:0b:26:4b:cb:08:b3:c2:33:
                    46:12:8b:4a:50:15:04:c1:f5:ff:25:9c:54:ff:4c:
                    ef:93:bc:c9:87:ef:1d:b1:32:38:f5:2e:83:0b:4e:
                    42:56:69:9b:fd:db:2b:a3:ed:23:ad:9f:6a:31:2d:
                    e0:17:67:4e:2d:f5:f4:5f:26:1f:68:25:b1:56:83:
                    9f:8c:d4:21:00:6b:c1:7d:a3:75:e5:f5:a9:4f:dc:
                    f2:56:78:48:ce:b5:0b:f5:a1:cc:7a:c4:d1:39:10:
                    da:f6:9d:1f:d1:c2:18:4a:9c:b2:eb:36:bd:5e:8a:
                    6f:6c:c2:a2:43:68:55:84:82:02:a6:6e:33:68:46:
                    af:10:58:a3:bd:31:c6:80:72:ce:aa:3f:cf:d7:b6:
                    84:3d:9a:08:9d:27:48:f3:f7:91:21:e2:88:c0:4b:
                    2d:e5:09:09:a6:b5:4c:88:d4:99:f9:f5:84:ad:f7:
                    68:7a:cf:3d:49:41:5f:b4:52:ce:40:60:0b:a1:89:
                    b9:69:55:e0:dd:5c:38:ca:5e:61:71:69:60:57:0e:
                    47:26:43:ce:34:a8:e3:51:f6:53:e2:6c:85:86:3c:
                    4d:45:c0:02:d7:75:92:50:9f:ed:cd:05:3a:fd:de:
                    df:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:7A:19:DA:BC:64:9D:8D:8A:90:82:64:03:9A:BC:BE:EE:4F:CD:12
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143322.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a2a0::/32

    Signature Algorithm: sha256WithRSAEncryption
         ad:f2:99:ce:6e:87:bf:d5:32:da:8c:81:59:68:fe:14:a5:31:
         76:cf:d4:a5:29:b4:49:4b:65:29:06:6e:23:8d:7a:8c:c8:05:
         be:8d:06:27:44:fa:65:9f:3d:15:0b:dc:d9:2b:a3:b2:58:85:
         83:8d:84:00:78:04:4f:fa:f5:be:88:19:e6:81:b7:3b:07:70:
         35:fa:3c:c5:3e:a2:de:66:77:48:c1:f8:b0:e2:7b:76:d9:8d:
         24:39:b0:f9:26:1b:35:db:79:da:79:01:23:d2:4e:1c:74:ef:
         df:e4:e9:f0:2f:bf:55:22:88:86:29:f4:65:71:63:02:8e:01:
         e6:08:93:a6:9b:b9:58:25:38:b8:07:6e:67:22:2f:29:34:5b:
         78:22:8c:b6:9c:43:3c:85:e3:01:c1:6b:3a:35:bc:c5:d2:49:
         24:42:06:5c:18:1c:49:60:ed:d8:75:ce:12:43:97:08:d9:4f:
         c8:ac:c0:34:21:a6:11:1d:b9:48:a5:5a:f6:7d:5c:dd:a3:c3:
         a6:4d:50:4d:23:38:2f:12:36:30:06:cd:08:b9:9b:81:89:b7:
         d5:b8:4d:07:c8:75:1c:3a:a4:3b:3f:e8:dd:f5:a0:fa:25:85:
         1b:f1:96:b4:e3:cc:15:c7:0d:2b:65:69:7e:cf:0e:b6:aa:ae:
         02:43:07:85
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUWMJAeW/1BBn4zD1xsKGOMwHvaTYwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDIzNloX
DTI3MDMwMzA2MDczNlowMzExMC8GA1UEAxMoNDU3QTE5REFCQzY0OUQ4RDhBOTA4
MjY0MDM5QUJDQkVFRTRGQ0QxMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOTcLEEpOV1FGzzt4IHPnx946XiepAsmS8sIs8IzRhKLSlAVBMH1/yWcVP9M
75O8yYfvHbEyOPUugwtOQlZpm/3bK6PtI62fajEt4BdnTi319F8mH2glsVaDn4zU
IQBrwX2jdeX1qU/c8lZ4SM61C/WhzHrE0TkQ2vadH9HCGEqcsus2vV6Kb2zCokNo
VYSCAqZuM2hGrxBYo70xxoByzqo/z9e2hD2aCJ0nSPP3kSHiiMBLLeUJCaa1TIjU
mfn1hK33aHrPPUlBX7RSzkBgC6GJuWlV4N1cOMpeYXFpYFcORyZDzjSo41H2U+Js
hYY8TUXAAtd1klCf7c0FOv3e3/ECAwEAAaOCAcUwggHBMB0GA1UdDgQWBBRFehna
vGSdjYqQgmQDmry+7k/NEjAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MzMyMi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
oqAwDQYJKoZIhvcNAQELBQADggEBAK3ymc5uh7/VMtqMgVlo/hSlMXbP1KUptElL
ZSkGbiONeozIBb6NBidE+mWfPRUL3Nkro7JYhYONhAB4BE/69b6IGeaBtzsHcDX6
PMU+ot5md0jB+LDie3bZjSQ5sPkmGzXbedp5ASPSThx079/k6fAvv1UiiIYp9GVx
YwKOAeYIk6abuVglOLgHbmciLyk0W3gijLacQzyF4wHBazo1vMXSSSRCBlwYHElg
7dh1zhJDlwjZT8iswDQhphEduUilWvZ9XN2jw6ZNUE0jOC8SNjAGzQi5m4GJt9W4
TQfIdRw6pDs/6N31oPolhRvxlrTjzBXHDStlaX7PDraqrgJDB4U=
-----END CERTIFICATE-----