Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143385.roa
File:                     AS143385.roa (raw, json)
Hash identifier:          O4Snu2DaPwtv10uSvp5tp/IS1/8wzcU60AKTSdBtOjI=
Subject key identifier:   9F:F8:E0:E0:A0:38:B5:38:9F:83:D2:A2:D3:E4:34:3C:72:4A:1C:8F
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       415C8F3B38B8CAB4AB94F27847D628BDBDBA4DB3
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143385.roa
Signing time:             Wed 04 Mar 2026 06:07:42 +0000
ROA not before:           Wed 04 Mar 2026 06:02:42 +0000
ROA not after:            Wed 03 Mar 2027 06:07:42 +0000
asID:                     143385
IP address blocks:        240a:a2df::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:5c:8f:3b:38:b8:ca:b4:ab:94:f2:78:47:d6:28:bd:bd:ba:4d:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:02:42 2026 GMT
            Not After : Mar  3 06:07:42 2027 GMT
        Subject: CN=9FF8E0E0A038B5389F83D2A2D3E4343C724A1C8F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:d3:88:d5:c2:a4:d6:6d:80:d9:29:ed:f4:de:
                    66:c2:a8:7b:b8:67:01:37:86:fd:ac:9c:e5:d7:fd:
                    fc:67:b0:2a:a5:68:c0:fd:53:15:1e:18:c3:e8:ca:
                    fe:1e:6a:fc:fa:24:ea:b3:6c:b9:6e:78:f5:cc:4a:
                    dc:82:84:2e:ae:61:85:37:13:92:43:d1:2d:fd:df:
                    9d:60:11:30:be:12:bc:eb:e4:d6:ff:e9:03:95:32:
                    a2:19:f4:e5:c6:b1:8a:4e:3e:43:27:99:ca:91:b2:
                    8b:02:aa:f5:33:37:3e:c4:d6:eb:20:a2:b8:03:e6:
                    dc:ac:b5:4c:bc:ef:f9:4d:7a:13:14:7d:35:72:24:
                    b0:46:57:86:c4:e5:b8:52:e3:6b:a2:22:09:aa:d1:
                    72:9c:80:20:4c:4b:c2:c5:24:8e:8e:4e:1c:83:13:
                    3e:99:b6:5e:5a:62:de:2a:ad:6e:73:a9:a1:e0:a3:
                    46:31:e7:ab:21:7f:d1:4b:cf:dc:97:2d:49:26:ce:
                    71:1c:6b:80:07:49:56:dc:52:75:21:ff:d0:4a:a4:
                    5e:38:27:ad:9d:fd:26:16:34:7f:26:a7:e1:c6:60:
                    ce:ad:b9:ac:93:60:c1:c8:96:03:28:59:72:d4:49:
                    30:f1:f3:3e:0d:d1:f3:49:4b:97:a8:6c:08:63:c3:
                    d3:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:F8:E0:E0:A0:38:B5:38:9F:83:D2:A2:D3:E4:34:3C:72:4A:1C:8F
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143385.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a2df::/32

    Signature Algorithm: sha256WithRSAEncryption
         6a:68:52:5e:6b:00:10:f9:0c:0b:fa:95:4e:2a:ba:ba:3c:c5:
         3f:d2:97:56:19:06:dd:94:81:e7:37:81:0d:39:e3:5a:a9:04:
         d1:6d:b6:2b:f1:c5:fb:85:ec:2a:93:db:64:95:dc:7c:b1:e9:
         8a:a7:bf:9e:84:56:3d:e6:e0:5a:18:56:03:5f:53:cf:87:7f:
         8e:da:16:1c:d2:b9:9b:2e:1e:11:24:a6:40:7f:2c:39:0e:b3:
         64:3a:54:b9:be:75:23:c8:e5:85:86:53:a5:d8:ea:b6:d4:bc:
         4d:91:b5:c6:90:2c:d3:0e:a7:89:0d:67:91:c2:d3:07:39:56:
         b2:1d:b7:c6:99:c3:47:e4:3e:ee:23:05:b3:b6:ee:a5:5a:29:
         5d:e9:3f:db:59:5f:f0:f5:54:3f:ca:9a:0c:f6:46:7b:ae:ab:
         4e:62:40:f8:ac:a0:54:dc:04:e7:10:70:4f:6a:5e:dc:66:88:
         a9:ba:8d:b1:89:89:7c:05:ee:00:82:b9:7a:88:e8:47:49:f3:
         10:ee:c8:9b:27:49:68:dc:22:7b:a5:bb:b3:79:31:14:db:cc:
         bd:db:97:94:5a:da:68:c3:16:99:73:78:f2:33:da:73:5a:7d:
         89:5b:48:9b:e5:9b:67:f2:7a:45:2a:8a:18:59:0a:11:83:1b:
         48:6d:3b:9e
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUQVyPOzi4yrSrlPJ4R9Yovb26TbMwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDI0MloX
DTI3MDMwMzA2MDc0MlowMzExMC8GA1UEAxMoOUZGOEUwRTBBMDM4QjUzODlGODNE
MkEyRDNFNDM0M0M3MjRBMUM4RjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJnTiNXCpNZtgNkp7fTeZsKoe7hnATeG/ayc5df9/GewKqVowP1TFR4Yw+jK
/h5q/Pok6rNsuW549cxK3IKELq5hhTcTkkPRLf3fnWARML4SvOvk1v/pA5Uyohn0
5caxik4+QyeZypGyiwKq9TM3PsTW6yCiuAPm3Ky1TLzv+U16ExR9NXIksEZXhsTl
uFLja6IiCarRcpyAIExLwsUkjo5OHIMTPpm2Xlpi3iqtbnOpoeCjRjHnqyF/0UvP
3JctSSbOcRxrgAdJVtxSdSH/0EqkXjgnrZ39JhY0fyan4cZgzq25rJNgwciWAyhZ
ctRJMPHzPg3R80lLl6hsCGPD09kCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBSf+ODg
oDi1OJ+D0qLT5DQ8ckocjzAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MzM4NS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
ot8wDQYJKoZIhvcNAQELBQADggEBAGpoUl5rABD5DAv6lU4quro8xT/Sl1YZBt2U
gec3gQ0541qpBNFttivxxfuF7CqT22SV3Hyx6Yqnv56EVj3m4FoYVgNfU8+Hf47a
FhzSuZsuHhEkpkB/LDkOs2Q6VLm+dSPI5YWGU6XY6rbUvE2RtcaQLNMOp4kNZ5HC
0wc5VrIdt8aZw0fkPu4jBbO27qVaKV3pP9tZX/D1VD/Kmgz2Rnuuq05iQPisoFTc
BOcQcE9qXtxmiKm6jbGJiXwF7gCCuXqI6EdJ8xDuyJsnSWjcInulu7N5MRTbzL3b
l5Ra2mjDFplzePIz2nNafYlbSJvlm2fyekUqihhZChGDG0htO54=
-----END CERTIFICATE-----