Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143388.roa
File:                     AS143388.roa (raw, json)
Hash identifier:          Bb/T+ojtSv1pRXeVKfd/OrCJjLu6CCDZib6p76ugoes=
Subject key identifier:   E4:2A:1A:D3:C7:2D:F5:C1:22:9F:1F:C5:68:C2:D1:C6:58:93:F7:11
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       26EB094FA15C21929B0CB790B22312FE87BFD70E
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143388.roa
Signing time:             Wed 04 Mar 2026 06:05:25 +0000
ROA not before:           Wed 04 Mar 2026 06:00:25 +0000
ROA not after:            Wed 03 Mar 2027 06:05:25 +0000
asID:                     143388
IP address blocks:        240a:a2e2::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            26:eb:09:4f:a1:5c:21:92:9b:0c:b7:90:b2:23:12:fe:87:bf:d7:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:00:25 2026 GMT
            Not After : Mar  3 06:05:25 2027 GMT
        Subject: CN=E42A1AD3C72DF5C1229F1FC568C2D1C65893F711
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:56:23:7a:e7:c1:48:c9:20:c9:3f:ef:e1:be:
                    53:84:d5:20:81:42:2c:ea:1b:5c:e7:07:59:8e:50:
                    9c:6f:6e:95:40:80:46:53:0f:77:3c:2d:e4:c0:04:
                    46:65:bb:e8:2e:18:b5:09:74:3b:b5:3a:86:f7:4b:
                    c8:ad:0f:45:10:61:8a:2d:80:e7:8e:02:12:08:16:
                    cc:7c:16:0a:66:34:e4:a3:b8:60:3c:b3:b4:cd:bc:
                    5b:0f:0c:66:4d:54:3e:49:62:d4:c1:b0:12:93:74:
                    82:07:fa:29:9c:d8:c4:49:14:ca:51:a1:a0:09:68:
                    db:04:47:b0:6b:b1:a3:47:e6:4d:07:04:7f:3c:d8:
                    83:94:3f:31:ef:18:71:6d:82:f8:46:b7:99:49:96:
                    b2:2c:4c:92:6a:fd:8a:04:55:e5:49:6c:3e:a9:08:
                    35:6f:bf:c3:11:ec:07:b4:e3:c8:1c:a8:76:50:2f:
                    ee:a5:c0:99:50:12:80:2a:24:77:9c:c9:a4:8d:a1:
                    c3:2a:b4:3d:c3:bd:95:a0:96:22:6b:6b:d2:ab:dd:
                    32:c0:26:53:12:dc:4d:b9:ca:6e:f7:e4:20:e1:75:
                    ba:af:91:42:2d:b6:cd:c6:75:45:55:b0:60:49:94:
                    f5:32:62:0e:14:24:f9:5c:14:31:94:76:3a:25:41:
                    11:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:2A:1A:D3:C7:2D:F5:C1:22:9F:1F:C5:68:C2:D1:C6:58:93:F7:11
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143388.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a2e2::/32

    Signature Algorithm: sha256WithRSAEncryption
         b3:58:52:10:83:49:37:26:c6:21:3f:62:6a:05:9e:aa:a2:73:
         cc:5c:f8:9f:de:f6:e2:aa:90:a5:0a:97:28:69:a4:28:35:cf:
         5f:09:ef:a7:76:12:c6:f1:5f:62:24:f3:30:5c:8c:74:fe:2a:
         0a:93:68:ab:17:01:38:3e:41:e8:17:44:40:ca:d5:a2:40:2a:
         0f:57:c3:c0:d2:50:73:76:a5:10:42:1a:15:da:f5:b5:48:b1:
         3d:ef:4b:27:58:99:dd:5a:91:c8:ee:54:7d:7b:6d:54:10:68:
         a1:07:74:bb:d6:19:c6:e9:8e:84:0b:38:65:9b:b7:9e:01:8e:
         49:ae:7e:b5:bf:8e:8d:28:23:2c:24:15:5e:1c:41:27:88:31:
         3b:b1:fe:77:cd:e8:38:c8:0b:8d:6b:c0:da:0b:e7:c3:31:a1:
         58:1c:ea:97:0b:c2:ce:cf:cd:55:45:d9:63:d7:1d:7b:90:9c:
         c1:20:22:a3:fe:86:ff:de:1c:49:5d:7d:b7:c8:c8:f0:3e:a7:
         0e:62:44:0e:5c:1f:19:8b:1b:bf:88:9e:d3:1f:f1:b7:63:e7:
         31:04:ab:85:d2:62:ae:2a:c3:ac:32:e6:48:5f:32:ae:27:64:
         1f:31:17:fd:d5:9e:05:60:42:ff:d8:2e:fb:d0:0f:70:e3:76:
         22:a3:ae:7f
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUJusJT6FcIZKbDLeQsiMS/oe/1w4wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDAyNVoX
DTI3MDMwMzA2MDUyNVowMzExMC8GA1UEAxMoRTQyQTFBRDNDNzJERjVDMTIyOUYx
RkM1NjhDMkQxQzY1ODkzRjcxMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMpWI3rnwUjJIMk/7+G+U4TVIIFCLOobXOcHWY5QnG9ulUCARlMPdzwt5MAE
RmW76C4YtQl0O7U6hvdLyK0PRRBhii2A544CEggWzHwWCmY05KO4YDyztM28Ww8M
Zk1UPkli1MGwEpN0ggf6KZzYxEkUylGhoAlo2wRHsGuxo0fmTQcEfzzYg5Q/Me8Y
cW2C+Ea3mUmWsixMkmr9igRV5UlsPqkINW+/wxHsB7TjyByodlAv7qXAmVASgCok
d5zJpI2hwyq0PcO9laCWImtr0qvdMsAmUxLcTbnKbvfkIOF1uq+RQi22zcZ1RVWw
YEmU9TJiDhQk+VwUMZR2OiVBEUkCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBTkKhrT
xy31wSKfH8VowtHGWJP3ETAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MzM4OC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
ouIwDQYJKoZIhvcNAQELBQADggEBALNYUhCDSTcmxiE/YmoFnqqic8xc+J/e9uKq
kKUKlyhppCg1z18J76d2EsbxX2Ik8zBcjHT+KgqTaKsXATg+QegXREDK1aJAKg9X
w8DSUHN2pRBCGhXa9bVIsT3vSydYmd1akcjuVH17bVQQaKEHdLvWGcbpjoQLOGWb
t54BjkmufrW/jo0oIywkFV4cQSeIMTux/nfN6DjIC41rwNoL58MxoVgc6pcLws7P
zVVF2WPXHXuQnMEgIqP+hv/eHEldfbfIyPA+pw5iRA5cHxmLG7+IntMf8bdj5zEE
q4XSYq4qw6wy5khfMq4nZB8xF/3VngVgQv/YLvvQD3DjdiKjrn8=
-----END CERTIFICATE-----