Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143365.roa
File:                     AS143365.roa (raw, json)
Hash identifier:          u4Wx84YYvPeIdwHOwA0BBMsVYSeEp/MqXuTgU3VKSs0=
Subject key identifier:   4A:11:A0:CC:71:A4:4A:1E:91:43:64:F5:70:F2:D9:11:C9:F0:48:5B
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       5D4584C41B02879086407FACAF0B7238BB4AB941
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143365.roa
Signing time:             Wed 04 Mar 2026 06:07:37 +0000
ROA not before:           Wed 04 Mar 2026 06:02:37 +0000
ROA not after:            Wed 03 Mar 2027 06:07:37 +0000
asID:                     143365
IP address blocks:        240a:a2cb::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5d:45:84:c4:1b:02:87:90:86:40:7f:ac:af:0b:72:38:bb:4a:b9:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:02:37 2026 GMT
            Not After : Mar  3 06:07:37 2027 GMT
        Subject: CN=4A11A0CC71A44A1E914364F570F2D911C9F0485B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:3c:bb:c9:23:64:48:89:44:55:08:f8:0c:fe:
                    5f:1f:ac:b4:a2:66:46:49:79:c1:a2:39:13:7b:34:
                    42:56:cd:f2:11:2d:04:fe:42:38:e0:ff:d8:76:40:
                    db:9c:c0:15:43:c2:22:f9:87:1e:b0:b9:d6:4d:d3:
                    a7:cb:a5:61:27:fd:0f:f8:b2:49:eb:80:ef:14:04:
                    28:58:16:89:35:75:4a:e7:fe:f8:2d:da:2d:1d:58:
                    36:e4:37:d5:b7:dd:17:dc:5c:03:1a:e4:f2:f9:42:
                    38:cb:ce:a9:f1:04:0f:88:24:e2:3c:6f:23:5b:bd:
                    ea:e8:8a:b9:67:92:0c:5f:9f:2a:35:50:f7:37:96:
                    12:8b:1a:0e:53:90:95:5a:79:71:93:74:d4:8b:d4:
                    75:3b:ca:14:f5:ae:09:40:62:5f:cd:ca:94:08:e1:
                    f8:0a:ac:a2:65:c7:be:96:4f:02:2c:d7:b7:05:43:
                    f0:79:d5:24:d8:be:39:b0:fd:f4:61:69:b4:9c:e4:
                    0e:ef:61:b1:39:73:71:5a:2b:2d:e0:49:0b:1e:db:
                    03:1c:45:17:bc:df:2b:d9:49:ed:e5:0d:0c:f2:34:
                    75:13:66:cc:d2:e3:4a:42:c6:2c:a4:c5:af:cb:6e:
                    fe:b2:66:14:78:25:60:58:76:13:ac:9a:a4:44:61:
                    ac:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:11:A0:CC:71:A4:4A:1E:91:43:64:F5:70:F2:D9:11:C9:F0:48:5B
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143365.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a2cb::/32

    Signature Algorithm: sha256WithRSAEncryption
         45:c7:e2:96:dc:04:22:02:58:d0:4a:55:66:01:80:30:92:5d:
         2f:6c:aa:7e:05:c7:9f:a3:05:44:25:35:16:e1:bb:40:24:2f:
         90:ed:d2:7c:73:42:a1:79:a2:2d:71:cc:3d:12:71:a2:63:65:
         ab:69:7a:c3:bf:8f:2d:4f:0b:e7:b3:7e:bf:04:ed:8f:a7:6d:
         a5:35:df:12:c4:1d:5d:bc:81:0a:09:f8:d5:3d:e9:8d:e8:55:
         5b:ea:a2:e8:5c:c8:ad:33:39:cb:c3:b0:58:8b:34:5a:7e:56:
         7e:1f:b8:7d:89:57:62:4c:b5:9e:54:2a:ad:ae:bd:10:3c:b9:
         e5:87:86:ad:98:61:62:21:3f:9f:60:11:03:3e:77:ad:57:67:
         49:26:8d:1d:85:28:40:67:37:0b:ca:19:d8:e5:c2:23:ff:b5:
         1f:58:41:7a:7e:d9:09:ab:ac:c3:a7:49:45:49:01:51:86:a0:
         b8:9b:f3:76:1f:91:87:43:ef:16:09:cc:28:e6:37:ab:24:fc:
         02:a0:ea:a6:90:1c:3f:b5:69:53:b4:47:cc:04:ed:4b:28:02:
         17:3f:8d:bc:be:cf:98:a0:03:15:c5:2c:f4:c7:6d:3c:90:50:
         dd:34:1b:7c:d4:d9:07:b8:71:df:a3:ac:55:16:ba:23:20:17:
         ff:4c:60:c5
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUXUWExBsCh5CGQH+srwtyOLtKuUEwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDIzN1oX
DTI3MDMwMzA2MDczN1owMzExMC8GA1UEAxMoNEExMUEwQ0M3MUE0NEExRTkxNDM2
NEY1NzBGMkQ5MTFDOUYwNDg1QjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALQ8u8kjZEiJRFUI+Az+Xx+stKJmRkl5waI5E3s0QlbN8hEtBP5COOD/2HZA
25zAFUPCIvmHHrC51k3Tp8ulYSf9D/iySeuA7xQEKFgWiTV1Suf++C3aLR1YNuQ3
1bfdF9xcAxrk8vlCOMvOqfEED4gk4jxvI1u96uiKuWeSDF+fKjVQ9zeWEosaDlOQ
lVp5cZN01IvUdTvKFPWuCUBiX83KlAjh+AqsomXHvpZPAizXtwVD8HnVJNi+ObD9
9GFptJzkDu9hsTlzcVorLeBJCx7bAxxFF7zfK9lJ7eUNDPI0dRNmzNLjSkLGLKTF
r8tu/rJmFHglYFh2E6yapERhrAsCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBRKEaDM
caRKHpFDZPVw8tkRyfBIWzAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MzM2NS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
osswDQYJKoZIhvcNAQELBQADggEBAEXH4pbcBCICWNBKVWYBgDCSXS9sqn4Fx5+j
BUQlNRbhu0AkL5Dt0nxzQqF5oi1xzD0ScaJjZatpesO/jy1PC+ezfr8E7Y+nbaU1
3xLEHV28gQoJ+NU96Y3oVVvqouhcyK0zOcvDsFiLNFp+Vn4fuH2JV2JMtZ5UKq2u
vRA8ueWHhq2YYWIhP59gEQM+d61XZ0kmjR2FKEBnNwvKGdjlwiP/tR9YQXp+2Qmr
rMOnSUVJAVGGoLib83YfkYdD7xYJzCjmN6sk/AKg6qaQHD+1aVO0R8wE7UsoAhc/
jby+z5igAxXFLPTHbTyQUN00G3zU2Qe4cd+jrFUWuiMgF/9MYMU=
-----END CERTIFICATE-----