Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143374.roa
File:                     AS143374.roa (raw, json)
Hash identifier:          4U53pVFMzA5OZVZ9o5KI1TFekIDitP9cNSRQtr5YHJs=
Subject key identifier:   86:47:28:DF:FE:86:FA:66:69:C9:07:17:48:E2:B7:4A:E3:CE:8E:73
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       398560F3165674C0FF05F596A020DA9C128EBBC0
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143374.roa
Signing time:             Wed 04 Mar 2026 06:07:46 +0000
ROA not before:           Wed 04 Mar 2026 06:02:46 +0000
ROA not after:            Wed 03 Mar 2027 06:07:46 +0000
asID:                     143374
IP address blocks:        240a:a2d4::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:85:60:f3:16:56:74:c0:ff:05:f5:96:a0:20:da:9c:12:8e:bb:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:02:46 2026 GMT
            Not After : Mar  3 06:07:46 2027 GMT
        Subject: CN=864728DFFE86FA6669C9071748E2B74AE3CE8E73
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f4:a5:f1:9c:d8:a6:1d:4a:a6:c1:bf:13:19:7c:
                    9c:09:fc:e3:e8:be:bb:0a:0c:01:94:5b:20:f2:4d:
                    d7:4a:5a:f7:bc:76:e0:38:67:43:37:0d:55:ab:e7:
                    bd:76:8f:95:bd:09:c0:47:bb:cb:68:73:d7:90:d3:
                    ab:67:f6:da:a0:a4:97:ea:8a:7d:7a:90:59:9e:67:
                    63:97:d7:4b:eb:29:5f:54:51:b3:7d:4f:e5:f0:a7:
                    22:fb:af:3c:63:19:54:5a:ae:ef:40:63:40:fe:2f:
                    be:56:87:d6:e8:c8:a1:e9:5a:f0:05:6e:a0:fd:08:
                    f7:91:3d:db:2c:f5:66:45:55:5e:38:24:5f:ca:4c:
                    15:42:39:62:a0:38:97:1f:1d:5f:06:5a:85:96:fe:
                    9f:c3:0e:22:3a:22:96:e5:b2:08:3e:ec:8a:ff:dc:
                    04:f4:c9:04:e9:8a:de:cb:3d:34:6d:71:29:f8:09:
                    b0:a3:55:33:55:6f:77:ac:ab:f7:1f:26:01:8c:7b:
                    53:ce:73:f8:23:d6:0b:c2:3b:b0:95:5c:ea:f6:16:
                    89:12:7c:0a:16:8f:f7:cb:59:fc:cb:55:3f:dc:4d:
                    19:7e:95:8a:e2:d7:60:af:5e:aa:df:0d:ad:64:0e:
                    4f:55:e2:e2:2d:52:98:b5:50:14:0e:16:bc:74:29:
                    d8:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:47:28:DF:FE:86:FA:66:69:C9:07:17:48:E2:B7:4A:E3:CE:8E:73
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143374.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a2d4::/32

    Signature Algorithm: sha256WithRSAEncryption
         bd:37:74:de:b5:28:87:63:4b:69:ac:7b:2e:9b:ee:06:25:7a:
         9a:f4:e2:bc:f7:94:2c:a4:72:62:66:5b:da:13:ca:be:61:63:
         5e:2f:93:2e:1d:8d:f1:73:c7:4a:e6:22:33:6b:c0:8e:67:a3:
         e0:2e:c9:71:be:29:24:f4:df:a9:46:43:50:18:a9:6e:1e:60:
         15:fa:af:1f:ae:7a:fb:6a:21:37:54:81:ea:85:cf:cf:4b:cf:
         f3:79:d8:23:e6:4a:63:8c:44:1f:a0:f1:90:00:3a:50:30:57:
         f1:6a:53:62:62:7c:4d:0f:68:42:09:02:d6:47:65:37:7a:13:
         6b:aa:67:b5:f4:eb:f7:30:5f:e5:c1:72:60:03:7d:9a:58:81:
         64:9d:b6:7a:c6:8f:08:88:a8:ae:c0:f9:83:0c:dd:17:62:3e:
         40:57:87:f6:7f:35:cc:b6:64:37:ac:e5:08:dc:00:ab:ac:a0:
         d0:3b:82:9c:46:a8:d9:c0:ce:65:7f:ce:c3:24:a7:db:ee:96:
         67:22:da:25:66:99:3e:df:f7:f3:a0:18:82:55:d5:08:e3:5b:
         fe:66:6e:1e:83:25:39:5b:5f:70:2a:54:1d:12:97:51:eb:91:
         f7:12:b7:0a:9b:53:d8:ee:bf:42:fe:ed:ed:e8:2a:66:b0:3b:
         c3:9c:f4:74
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUOYVg8xZWdMD/BfWWoCDanBKOu8AwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDI0NloX
DTI3MDMwMzA2MDc0NlowMzExMC8GA1UEAxMoODY0NzI4REZGRTg2RkE2NjY5Qzkw
NzE3NDhFMkI3NEFFM0NFOEU3MzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAPSl8ZzYph1KpsG/Exl8nAn84+i+uwoMAZRbIPJN10pa97x24DhnQzcNVavn
vXaPlb0JwEe7y2hz15DTq2f22qCkl+qKfXqQWZ5nY5fXS+spX1RRs31P5fCnIvuv
PGMZVFqu70BjQP4vvlaH1ujIoela8AVuoP0I95E92yz1ZkVVXjgkX8pMFUI5YqA4
lx8dXwZahZb+n8MOIjoiluWyCD7siv/cBPTJBOmK3ss9NG1xKfgJsKNVM1Vvd6yr
9x8mAYx7U85z+CPWC8I7sJVc6vYWiRJ8ChaP98tZ/MtVP9xNGX6ViuLXYK9eqt8N
rWQOT1Xi4i1SmLVQFA4WvHQp2E8CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBSGRyjf
/ob6ZmnJBxdI4rdK486OczAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MzM3NC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
otQwDQYJKoZIhvcNAQELBQADggEBAL03dN61KIdjS2msey6b7gYlepr04rz3lCyk
cmJmW9oTyr5hY14vky4djfFzx0rmIjNrwI5no+AuyXG+KST036lGQ1AYqW4eYBX6
rx+uevtqITdUgeqFz89Lz/N52CPmSmOMRB+g8ZAAOlAwV/FqU2JifE0PaEIJAtZH
ZTd6E2uqZ7X06/cwX+XBcmADfZpYgWSdtnrGjwiIqK7A+YMM3RdiPkBXh/Z/Ncy2
ZDes5QjcAKusoNA7gpxGqNnAzmV/zsMkp9vulmci2iVmmT7f9/OgGIJV1QjjW/5m
bh6DJTlbX3AqVB0Sl1HrkfcStwqbU9juv0L+7e3oKmawO8Oc9HQ=
-----END CERTIFICATE-----