Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143324.roa
File:                     AS143324.roa (raw, json)
Hash identifier:          vNGMin75jo/orFiUyrOnZET/97izx7PwH5mRs0WuUyg=
Subject key identifier:   75:E6:F3:05:D4:C5:67:73:63:DF:F9:97:AD:19:E8:F2:AB:D5:24:57
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       3C3C0BD3E15025CB39E9DF35F95E9B591F257C9D
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143324.roa
Signing time:             Wed 04 Mar 2026 06:05:37 +0000
ROA not before:           Wed 04 Mar 2026 06:00:37 +0000
ROA not after:            Wed 03 Mar 2027 06:05:37 +0000
asID:                     143324
IP address blocks:        240a:a2a2::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:3c:0b:d3:e1:50:25:cb:39:e9:df:35:f9:5e:9b:59:1f:25:7c:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:00:37 2026 GMT
            Not After : Mar  3 06:05:37 2027 GMT
        Subject: CN=75E6F305D4C5677363DFF997AD19E8F2ABD52457
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:4a:b6:65:4b:7d:00:e2:df:d4:96:7a:26:d1:
                    ca:4d:50:e5:54:15:32:08:b6:1a:d5:c7:77:4b:c1:
                    ca:8e:fc:a9:f4:86:4c:ee:b6:6f:d9:1b:04:41:ae:
                    6f:3c:35:37:85:2a:f7:2d:29:92:30:69:d4:cc:a0:
                    f6:21:b1:e5:5d:20:6f:ee:c2:ad:da:1f:a8:7f:bc:
                    91:70:47:0d:8c:52:cf:df:64:0d:7f:dd:0c:d6:f3:
                    dd:7b:d2:46:b9:f6:d9:d5:a7:e7:e8:69:ed:ff:bd:
                    22:67:87:9a:98:18:a4:83:7e:54:61:92:6b:18:55:
                    30:c2:9b:28:b5:95:49:1e:ce:54:47:c3:43:f8:52:
                    b6:2b:5d:48:c4:44:43:5c:0d:35:9f:29:da:78:df:
                    a9:89:1a:b8:04:2a:e1:95:e2:ea:3b:c8:10:34:67:
                    28:3c:47:88:3a:e7:31:d6:69:4b:d0:e8:e3:86:ed:
                    7d:b8:0d:9d:40:49:44:be:2f:f9:d3:43:d7:30:dd:
                    7f:95:0f:be:6a:85:e0:1b:82:48:86:30:9e:46:a4:
                    6c:39:57:69:d1:22:3c:cf:94:e6:3f:05:f0:73:e6:
                    92:4d:3d:58:b9:9b:ef:9a:77:64:20:19:72:b5:76:
                    d9:d1:31:d5:88:70:69:84:65:9b:fa:b5:3b:97:71:
                    1f:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:E6:F3:05:D4:C5:67:73:63:DF:F9:97:AD:19:E8:F2:AB:D5:24:57
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143324.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a2a2::/32

    Signature Algorithm: sha256WithRSAEncryption
         a4:2a:b7:18:3f:bc:57:a4:b3:3c:ea:a1:72:b0:67:38:67:61:
         e5:5e:9d:12:2a:5b:d1:15:b8:e5:8c:0a:e3:a6:cc:92:0a:4f:
         a4:09:27:33:c2:20:e1:8f:49:8d:ad:ab:07:db:c8:45:7c:0d:
         37:ce:f8:f4:a5:00:45:bf:23:da:32:c9:05:87:12:57:78:f1:
         8c:59:3a:07:a9:82:13:b5:40:c5:60:64:cd:66:29:38:d4:4f:
         1e:da:f1:d4:35:84:b9:b3:da:f2:46:7d:29:16:2b:ed:bf:bd:
         3c:f7:82:07:bf:3c:51:b1:3b:61:c4:fe:15:c7:30:f0:b0:68:
         2c:76:cc:5e:50:23:f9:11:af:58:3b:85:62:ff:be:83:70:26:
         6f:b3:9a:a6:71:99:5f:e2:1b:fb:4a:d8:d3:15:83:0c:9f:c4:
         67:bd:84:7e:28:8e:01:24:38:a2:38:8b:90:b5:f9:75:2f:62:
         8b:cf:96:d7:14:ef:35:8c:c3:a3:d2:86:c2:59:ea:cb:60:60:
         e9:96:6f:1a:86:52:60:ce:af:bf:d4:bb:f9:59:29:20:b1:02:
         f2:bf:6a:e0:82:b1:e9:1d:12:6d:34:36:4b:59:61:35:3c:da:
         65:83:fb:3a:f7:4c:85:0c:e4:9b:bb:24:7a:6c:86:05:d3:ed:
         44:ff:ca:3a
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUPDwL0+FQJcs56d81+V6bWR8lfJ0wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDAzN1oX
DTI3MDMwMzA2MDUzN1owMzExMC8GA1UEAxMoNzVFNkYzMDVENEM1Njc3MzYzREZG
OTk3QUQxOUU4RjJBQkQ1MjQ1NzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALpKtmVLfQDi39SWeibRyk1Q5VQVMgi2GtXHd0vByo78qfSGTO62b9kbBEGu
bzw1N4Uq9y0pkjBp1Myg9iGx5V0gb+7CrdofqH+8kXBHDYxSz99kDX/dDNbz3XvS
Rrn22dWn5+hp7f+9ImeHmpgYpIN+VGGSaxhVMMKbKLWVSR7OVEfDQ/hStitdSMRE
Q1wNNZ8p2njfqYkauAQq4ZXi6jvIEDRnKDxHiDrnMdZpS9Do44btfbgNnUBJRL4v
+dND1zDdf5UPvmqF4BuCSIYwnkakbDlXadEiPM+U5j8F8HPmkk09WLmb75p3ZCAZ
crV22dEx1YhwaYRlm/q1O5dxH7cCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBR15vMF
1MVnc2Pf+ZetGejyq9UkVzAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MzMyNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
oqIwDQYJKoZIhvcNAQELBQADggEBAKQqtxg/vFekszzqoXKwZzhnYeVenRIqW9EV
uOWMCuOmzJIKT6QJJzPCIOGPSY2tqwfbyEV8DTfO+PSlAEW/I9oyyQWHEld48YxZ
OgepghO1QMVgZM1mKTjUTx7a8dQ1hLmz2vJGfSkWK+2/vTz3gge/PFGxO2HE/hXH
MPCwaCx2zF5QI/kRr1g7hWL/voNwJm+zmqZxmV/iG/tK2NMVgwyfxGe9hH4ojgEk
OKI4i5C1+XUvYovPltcU7zWMw6PShsJZ6stgYOmWbxqGUmDOr7/Uu/lZKSCxAvK/
auCCsekdEm00NktZYTU82mWD+zr3TIUM5Ju7JHpshgXT7UT/yjo=
-----END CERTIFICATE-----