Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143328.roa
File:                     AS143328.roa (raw, json)
Hash identifier:          7oeQr07P7LMrSIR5+3O7t2fsm/+UVKRJiI4VEOY4GGc=
Subject key identifier:   DC:03:83:42:45:C8:05:D4:FE:D4:86:A6:AE:5D:98:8D:3F:23:48:AF
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       471D0D185FE29195C56B0D3A540F36D831413ADB
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143328.roa
Signing time:             Wed 04 Mar 2026 06:07:52 +0000
ROA not before:           Wed 04 Mar 2026 06:02:52 +0000
ROA not after:            Wed 03 Mar 2027 06:07:52 +0000
asID:                     143328
IP address blocks:        240a:a2a6::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:1d:0d:18:5f:e2:91:95:c5:6b:0d:3a:54:0f:36:d8:31:41:3a:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:02:52 2026 GMT
            Not After : Mar  3 06:07:52 2027 GMT
        Subject: CN=DC03834245C805D4FED486A6AE5D988D3F2348AF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:21:37:3b:13:9b:f0:2f:e3:be:b2:e6:9b:e3:
                    90:0a:e3:ea:53:24:62:72:7b:0d:e9:97:83:25:cb:
                    b1:6c:26:ab:a7:fc:ed:5f:ab:f5:ed:00:b7:8d:92:
                    64:f0:1f:fd:e2:60:3f:b3:f2:b0:f7:a5:f1:21:51:
                    0f:fa:24:0e:f0:c2:dd:a4:42:52:d4:a9:7d:73:40:
                    e9:40:8a:ef:4b:2d:b4:f7:94:5e:aa:c1:9e:27:97:
                    45:be:17:2b:4d:1c:bb:7e:65:94:26:50:91:b6:72:
                    14:2a:5e:9b:ef:18:43:9b:c2:8f:55:87:e1:f3:73:
                    1c:0a:1a:0a:53:7b:76:ac:78:98:0c:38:89:c6:e5:
                    6c:1e:e9:63:2e:73:50:d3:bb:46:03:33:41:ff:4f:
                    6a:e1:ec:5c:a2:71:5a:d3:66:e7:ac:77:b8:92:d9:
                    6e:3d:84:93:fc:76:b4:30:0e:72:d2:8f:e6:ab:5e:
                    65:33:5b:a9:1d:df:aa:7a:3f:87:ca:f4:33:15:92:
                    35:d2:13:d3:f0:0b:47:ea:09:cb:73:a6:ab:2a:9b:
                    5e:e1:5b:ca:3c:d7:9e:dd:b8:c0:46:ad:a2:f6:48:
                    a3:81:71:88:14:c6:9f:ba:c5:72:9c:5b:e1:01:f6:
                    56:46:c8:d1:c7:ff:98:4b:07:24:49:00:82:e1:b7:
                    98:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:03:83:42:45:C8:05:D4:FE:D4:86:A6:AE:5D:98:8D:3F:23:48:AF
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143328.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a2a6::/32

    Signature Algorithm: sha256WithRSAEncryption
         d3:20:b9:a5:13:ac:df:99:4b:38:c0:9d:ec:6d:2a:33:be:81:
         ae:1b:75:ea:bf:e0:13:cf:b9:1e:65:6b:d4:92:c1:61:83:99:
         58:5e:37:bb:14:26:fd:a0:34:ac:39:48:8a:ff:e8:f0:07:c4:
         5e:51:9d:1d:b1:7d:8d:72:98:31:10:69:c4:f0:15:15:29:aa:
         ea:59:79:1f:46:cd:f1:52:ef:3e:63:c3:32:5f:90:e0:0c:51:
         3a:f1:03:bd:74:07:a1:a7:0c:13:36:dd:9d:2f:be:f4:ea:e2:
         87:1f:55:b3:5c:3d:42:71:4d:cd:71:3f:39:9b:e7:68:4d:c1:
         75:5f:ab:31:18:8a:78:3e:9d:78:1d:da:92:b6:6c:a0:7e:d9:
         86:dd:2a:be:9f:6a:06:df:e8:26:2b:7a:30:33:43:04:e9:5f:
         fd:b7:67:b5:63:80:84:3a:9b:92:ba:5a:a8:21:45:bf:e1:90:
         bd:a6:f3:0b:f1:8e:c8:bb:c6:77:25:6e:27:6e:5d:fa:f6:13:
         54:44:93:41:c7:5a:75:47:d0:64:17:38:24:3f:ef:2e:88:e4:
         68:d8:ab:6a:1b:c3:e4:27:03:7b:ab:4b:d7:ff:1b:9e:64:e6:
         19:0e:06:ec:c0:15:2f:f0:44:12:82:45:4e:38:f6:e3:28:d5:
         70:03:a8:0d
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIURx0NGF/ikZXFaw06VA822DFBOtswDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDI1MloX
DTI3MDMwMzA2MDc1MlowMzExMC8GA1UEAxMoREMwMzgzNDI0NUM4MDVENEZFRDQ4
NkE2QUU1RDk4OEQzRjIzNDhBRjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJ0hNzsTm/Av476y5pvjkArj6lMkYnJ7DemXgyXLsWwmq6f87V+r9e0At42S
ZPAf/eJgP7PysPel8SFRD/okDvDC3aRCUtSpfXNA6UCK70sttPeUXqrBnieXRb4X
K00cu35llCZQkbZyFCpem+8YQ5vCj1WH4fNzHAoaClN7dqx4mAw4icblbB7pYy5z
UNO7RgMzQf9PauHsXKJxWtNm56x3uJLZbj2Ek/x2tDAOctKP5qteZTNbqR3fqno/
h8r0MxWSNdIT0/ALR+oJy3OmqyqbXuFbyjzXnt24wEatovZIo4FxiBTGn7rFcpxb
4QH2VkbI0cf/mEsHJEkAguG3mB8CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBTcA4NC
RcgF1P7UhqauXZiNPyNIrzAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MzMyOC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
oqYwDQYJKoZIhvcNAQELBQADggEBANMguaUTrN+ZSzjAnextKjO+ga4bdeq/4BPP
uR5la9SSwWGDmVheN7sUJv2gNKw5SIr/6PAHxF5RnR2xfY1ymDEQacTwFRUpqupZ
eR9GzfFS7z5jwzJfkOAMUTrxA710B6GnDBM23Z0vvvTq4ocfVbNcPUJxTc1xPzmb
52hNwXVfqzEYing+nXgd2pK2bKB+2YbdKr6fagbf6CYrejAzQwTpX/23Z7VjgIQ6
m5K6WqghRb/hkL2m8wvxjsi7xnclbiduXfr2E1REk0HHWnVH0GQXOCQ/7y6I5GjY
q2obw+QnA3urS9f/G55k5hkOBuzAFS/wRBKCRU449uMo1XADqA0=
-----END CERTIFICATE-----