Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143368.roa
File:                     AS143368.roa (raw, json)
Hash identifier:          lZfVzXgrHEkNU6T1q7t68MfUHy9DvFBAUmb3lOKBUr0=
Subject key identifier:   D5:F4:C4:F9:5A:DB:00:0F:E6:DC:F3:E5:6F:11:54:09:8D:09:1C:CF
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       63A973795E26170BFFC57EE3A81B90BDAB0D9776
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143368.roa
Signing time:             Wed 04 Mar 2026 06:07:17 +0000
ROA not before:           Wed 04 Mar 2026 06:02:17 +0000
ROA not after:            Wed 03 Mar 2027 06:07:17 +0000
asID:                     143368
IP address blocks:        240a:a2ce::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:a9:73:79:5e:26:17:0b:ff:c5:7e:e3:a8:1b:90:bd:ab:0d:97:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:02:17 2026 GMT
            Not After : Mar  3 06:07:17 2027 GMT
        Subject: CN=D5F4C4F95ADB000FE6DCF3E56F1154098D091CCF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:51:86:63:5e:01:70:8a:3e:5d:77:ec:67:a3:
                    eb:89:d9:68:57:b2:54:ee:b8:19:9e:f3:c3:58:7c:
                    e4:16:71:eb:73:2b:37:43:80:8f:18:ff:a2:fd:f9:
                    5a:ec:f7:95:20:5c:14:16:89:41:7a:0c:e2:e0:c1:
                    98:a0:15:5b:76:d5:49:b1:76:e5:e7:97:fb:68:b5:
                    67:7f:b5:1b:41:b0:59:3d:40:e1:35:99:4a:65:1f:
                    37:91:77:0f:f5:92:ff:91:ac:bc:f7:6f:28:80:bf:
                    7c:64:e5:3d:4c:e3:ac:7a:87:ce:23:98:a3:1b:52:
                    38:c3:c2:ee:bc:17:37:c6:32:b1:90:73:ff:91:f1:
                    ca:24:67:3b:81:0b:87:bc:20:bc:43:b5:4e:ff:b8:
                    59:fb:4a:96:fe:f4:17:a3:96:af:24:b2:9d:31:2d:
                    6b:9a:22:2f:b1:d0:f5:b5:8b:fd:e2:b8:e5:c6:85:
                    82:b3:0f:c6:26:d3:7c:1c:97:23:49:23:26:c5:09:
                    0a:21:16:9c:2b:57:7c:93:07:19:98:b0:7f:62:c8:
                    22:57:53:21:51:fe:bb:8f:a0:e9:b6:2d:08:d1:32:
                    ed:ab:cc:d6:83:93:b3:57:c3:58:57:43:6d:3a:aa:
                    56:c1:57:d3:c2:f2:20:1e:d8:77:e8:54:d5:5a:c2:
                    a8:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:F4:C4:F9:5A:DB:00:0F:E6:DC:F3:E5:6F:11:54:09:8D:09:1C:CF
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143368.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a2ce::/32

    Signature Algorithm: sha256WithRSAEncryption
         9d:f5:21:c7:0f:05:96:23:bd:3b:46:ff:55:07:04:3a:ff:61:
         87:d3:9c:b8:43:c8:78:e0:13:b0:a9:45:74:a7:4a:52:04:ca:
         0f:3c:0a:65:b5:4c:51:3d:6d:5e:6b:31:ec:67:3e:59:c8:76:
         c5:02:24:2a:dd:f4:b8:37:a7:af:b6:55:ee:6c:7f:d6:12:13:
         df:c2:fa:16:72:cf:44:63:79:8f:83:27:af:31:2a:28:9f:b9:
         fa:52:4f:ae:dc:c7:cb:00:23:f1:f4:33:33:15:9e:74:b1:de:
         db:c6:8f:dd:8f:0e:f2:3f:df:d2:08:a8:db:02:1c:3c:07:92:
         1a:78:75:0e:e2:47:80:90:73:2a:2d:73:08:da:33:04:4c:89:
         dd:e1:f2:53:2c:4d:c0:0e:2b:a7:c7:b4:c4:97:7c:c5:8b:8c:
         b3:a1:ef:ff:8c:c4:10:d4:ec:3e:5a:07:cc:8d:b4:ba:37:1f:
         96:e4:25:51:a2:eb:e6:7f:a5:9d:d0:3d:82:3e:56:51:88:17:
         b3:e3:58:42:0a:ec:02:37:84:b6:bf:29:74:64:13:52:b4:f3:
         0e:52:2b:de:52:02:00:f9:fe:7b:7d:ed:0b:e5:a7:cc:60:56:
         37:28:91:49:50:0b:c7:0e:34:19:2a:a5:88:b8:86:2c:02:41:
         1b:f3:40:22
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUY6lzeV4mFwv/xX7jqBuQvasNl3YwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDIxN1oX
DTI3MDMwMzA2MDcxN1owMzExMC8GA1UEAxMoRDVGNEM0Rjk1QURCMDAwRkU2RENG
M0U1NkYxMTU0MDk4RDA5MUNDRjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK1RhmNeAXCKPl137Gej64nZaFeyVO64GZ7zw1h85BZx63MrN0OAjxj/ov35
Wuz3lSBcFBaJQXoM4uDBmKAVW3bVSbF25eeX+2i1Z3+1G0GwWT1A4TWZSmUfN5F3
D/WS/5GsvPdvKIC/fGTlPUzjrHqHziOYoxtSOMPC7rwXN8YysZBz/5HxyiRnO4EL
h7wgvEO1Tv+4WftKlv70F6OWrySynTEta5oiL7HQ9bWL/eK45caFgrMPxibTfByX
I0kjJsUJCiEWnCtXfJMHGZiwf2LIIldTIVH+u4+g6bYtCNEy7avM1oOTs1fDWFdD
bTqqVsFX08LyIB7Yd+hU1VrCqBcCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBTV9MT5
WtsAD+bc8+VvEVQJjQkczzAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MzM2OC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
os4wDQYJKoZIhvcNAQELBQADggEBAJ31IccPBZYjvTtG/1UHBDr/YYfTnLhDyHjg
E7CpRXSnSlIEyg88CmW1TFE9bV5rMexnPlnIdsUCJCrd9Lg3p6+2Ve5sf9YSE9/C
+hZyz0RjeY+DJ68xKiifufpST67cx8sAI/H0MzMVnnSx3tvGj92PDvI/39IIqNsC
HDwHkhp4dQ7iR4CQcyotcwjaMwRMid3h8lMsTcAOK6fHtMSXfMWLjLOh7/+MxBDU
7D5aB8yNtLo3H5bkJVGi6+Z/pZ3QPYI+VlGIF7PjWEIK7AI3hLa/KXRkE1K08w5S
K95SAgD5/nt97Qvlp8xgVjcokUlQC8cONBkqpYi4hiwCQRvzQCI=
-----END CERTIFICATE-----