Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143347.roa
File:                     AS143347.roa (raw, json)
Hash identifier:          OTNg+k2X/MZ11LMWuftOb7rtCbhxH4G2v8g/HQcvlpA=
Subject key identifier:   83:6A:C0:6A:1D:C5:16:59:2E:70:FD:FF:28:97:5B:DB:52:0A:98:8E
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       11575F35F2A704DF866312192B5BACA24F4B8290
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143347.roa
Signing time:             Wed 04 Mar 2026 06:05:41 +0000
ROA not before:           Wed 04 Mar 2026 06:00:41 +0000
ROA not after:            Wed 03 Mar 2027 06:05:41 +0000
asID:                     143347
IP address blocks:        240a:a2b9::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:57:5f:35:f2:a7:04:df:86:63:12:19:2b:5b:ac:a2:4f:4b:82:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:00:41 2026 GMT
            Not After : Mar  3 06:05:41 2027 GMT
        Subject: CN=836AC06A1DC516592E70FDFF28975BDB520A988E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:13:9d:e5:e9:b9:dd:e7:7b:e1:3e:cb:0d:d6:
                    87:5f:37:4c:f1:11:8b:62:eb:fe:88:01:db:37:fd:
                    4d:92:6f:71:d1:76:28:e5:db:8f:c0:9d:f7:28:84:
                    21:28:22:62:1f:5a:11:36:01:b2:46:f7:db:be:1d:
                    dd:fd:dc:b4:08:42:62:b0:65:df:4e:52:41:18:5f:
                    fd:b3:30:b9:3e:ae:88:8b:24:1e:50:d7:c0:c1:1b:
                    da:ae:5f:c8:aa:ad:0a:0f:fc:a9:ef:c2:39:1c:8d:
                    19:d3:ef:35:98:b7:2a:60:a2:77:55:a5:a6:ed:a0:
                    dd:24:53:b3:78:2f:c2:b0:3b:92:8f:1a:2c:73:0d:
                    a6:3c:65:ef:d8:52:90:58:b3:16:c1:ff:d3:cf:ea:
                    1a:c5:af:0b:c5:09:d3:81:8c:d3:ac:da:0d:28:c8:
                    83:e8:a5:f2:6b:04:c4:db:70:15:d3:f0:86:d9:71:
                    46:a6:37:83:61:b7:c5:7c:23:40:dd:51:39:33:fc:
                    da:78:66:ac:ab:cf:d2:38:ba:b0:46:e4:dd:08:cc:
                    e2:e9:b7:5d:23:bd:2b:1e:ac:99:80:95:c1:20:7a:
                    2c:f9:cb:fc:d3:da:fb:59:c8:50:9c:c8:f1:2f:4f:
                    7b:a1:84:af:72:69:d6:2a:29:9c:00:c2:9c:3e:30:
                    22:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:6A:C0:6A:1D:C5:16:59:2E:70:FD:FF:28:97:5B:DB:52:0A:98:8E
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143347.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a2b9::/32

    Signature Algorithm: sha256WithRSAEncryption
         4a:77:c9:3c:5d:37:b1:8c:80:6a:99:6a:75:29:74:61:98:6b:
         1d:93:82:fa:3b:f8:2f:c7:00:e5:d4:a9:b5:65:6d:b5:d9:dd:
         3d:fe:06:25:d2:93:ee:0a:92:66:ce:1f:49:c0:4e:3b:ca:73:
         50:c3:ea:21:89:65:ba:fe:4c:a7:be:1f:11:8e:c6:5a:29:b4:
         0b:01:1a:1c:7a:ab:24:57:1a:58:56:89:29:fc:94:73:35:70:
         e7:70:2d:db:db:7a:07:43:13:94:95:80:bf:08:03:2c:9d:57:
         0c:e5:8a:a0:ed:09:90:8c:72:d8:64:b9:f5:dd:13:f8:7c:f0:
         a6:e8:9c:64:8c:79:3f:03:35:cb:4b:57:70:a7:c6:e0:2d:f0:
         e4:5d:a3:11:d1:7e:e2:95:4e:3a:6b:bc:d4:ad:fe:ac:d6:ab:
         b3:aa:ec:03:16:07:61:d6:e1:0e:39:80:fd:f7:bf:5d:2d:6c:
         87:e0:d0:e6:b7:d5:c7:00:56:71:65:57:55:d1:fb:70:03:5b:
         21:a9:3f:b3:a7:27:8f:7c:a2:e9:28:b3:02:7b:cd:d2:74:25:
         cd:db:de:76:da:49:28:34:53:28:55:02:ab:59:c7:a3:ef:4d:
         de:e1:93:bc:d8:4f:50:07:14:6d:56:c8:8f:72:e2:d9:08:a5:
         ca:62:30:5a
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUEVdfNfKnBN+GYxIZK1usok9LgpAwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDA0MVoX
DTI3MDMwMzA2MDU0MVowMzExMC8GA1UEAxMoODM2QUMwNkExREM1MTY1OTJFNzBG
REZGMjg5NzVCREI1MjBBOTg4RTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAM4TneXpud3ne+E+yw3Wh183TPERi2Lr/ogB2zf9TZJvcdF2KOXbj8Cd9yiE
ISgiYh9aETYBskb3274d3f3ctAhCYrBl305SQRhf/bMwuT6uiIskHlDXwMEb2q5f
yKqtCg/8qe/CORyNGdPvNZi3KmCid1Wlpu2g3SRTs3gvwrA7ko8aLHMNpjxl79hS
kFizFsH/08/qGsWvC8UJ04GM06zaDSjIg+il8msExNtwFdPwhtlxRqY3g2G3xXwj
QN1ROTP82nhmrKvP0ji6sEbk3QjM4um3XSO9Kx6smYCVwSB6LPnL/NPa+1nIUJzI
8S9Pe6GEr3Jp1iopnADCnD4wIskCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBSDasBq
HcUWWS5w/f8ol1vbUgqYjjAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MzM0Ny5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
orkwDQYJKoZIhvcNAQELBQADggEBAEp3yTxdN7GMgGqZanUpdGGYax2Tgvo7+C/H
AOXUqbVlbbXZ3T3+BiXSk+4KkmbOH0nATjvKc1DD6iGJZbr+TKe+HxGOxloptAsB
Ghx6qyRXGlhWiSn8lHM1cOdwLdvbegdDE5SVgL8IAyydVwzliqDtCZCMcthkufXd
E/h88KbonGSMeT8DNctLV3CnxuAt8ORdoxHRfuKVTjprvNSt/qzWq7Oq7AMWB2HW
4Q45gP33v10tbIfg0Oa31ccAVnFlV1XR+3ADWyGpP7OnJ498oukoswJ7zdJ0Jc3b
3nbaSSg0UyhVAqtZx6PvTd7hk7zYT1AHFG1WyI9y4tkIpcpiMFo=
-----END CERTIFICATE-----