Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143392.roa
File:                     AS143392.roa (raw, json)
Hash identifier:          DpCCH6NK5b6M5JRAZaXnEi4oj7+fXBE7pC9rpYLr2ok=
Subject key identifier:   1D:83:E9:93:6F:FD:80:15:16:F7:B1:BF:FF:01:D2:67:66:E2:1B:C8
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       381AF061C6149AA3B6F90946955231C7A9FE1269
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143392.roa
Signing time:             Wed 04 Mar 2026 06:07:03 +0000
ROA not before:           Wed 04 Mar 2026 06:02:03 +0000
ROA not after:            Wed 03 Mar 2027 06:07:03 +0000
asID:                     143392
IP address blocks:        240a:a2e6::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            38:1a:f0:61:c6:14:9a:a3:b6:f9:09:46:95:52:31:c7:a9:fe:12:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:02:03 2026 GMT
            Not After : Mar  3 06:07:03 2027 GMT
        Subject: CN=1D83E9936FFD801516F7B1BFFF01D26766E21BC8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:d2:91:83:8d:e3:62:72:3c:70:2e:d8:be:21:
                    74:ac:f6:4c:75:07:50:0f:ce:9c:e8:7e:28:e8:40:
                    d9:1e:b8:2b:e9:8a:d7:d8:6f:01:ed:c2:fe:6f:64:
                    c0:da:53:11:39:51:8b:4b:dd:25:79:f8:63:21:a5:
                    94:92:6b:08:75:a3:33:34:2e:0f:2d:2f:38:73:78:
                    68:e0:ff:8d:be:9b:e3:68:57:c8:0f:95:d3:05:0c:
                    20:69:62:0a:1c:ce:ea:f8:7f:01:7d:7b:21:eb:b7:
                    46:65:39:b4:08:3a:f1:99:f9:b0:70:4a:95:55:aa:
                    87:a8:e4:44:15:7a:41:38:e3:ef:0a:57:e7:f8:15:
                    ab:e2:e6:f6:c0:76:25:1f:95:f2:4e:d7:48:22:8b:
                    46:dd:b0:7c:60:99:7d:95:44:44:35:3e:cb:b1:77:
                    11:4d:e1:12:5d:be:17:83:e0:20:9d:5a:32:87:51:
                    37:c8:5f:c1:e4:ad:b1:90:74:b5:b0:c3:a6:19:21:
                    d7:fd:67:d3:78:28:72:43:a3:34:ab:ea:d7:2d:ea:
                    41:b6:0c:b3:dd:03:a6:54:d8:a0:83:71:b1:be:5c:
                    78:3c:de:18:3c:fd:6c:f5:00:09:97:6d:f0:2f:bf:
                    5f:11:c4:4a:11:fc:ea:e3:1f:be:7b:82:2b:61:b4:
                    89:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:83:E9:93:6F:FD:80:15:16:F7:B1:BF:FF:01:D2:67:66:E2:1B:C8
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143392.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a2e6::/32

    Signature Algorithm: sha256WithRSAEncryption
         a3:c1:1d:e2:32:c4:0b:88:e2:82:a0:87:d8:7b:3d:d4:33:4f:
         ec:e0:4b:5d:71:0c:93:13:5e:70:68:31:90:69:05:5b:c5:50:
         01:18:b7:9b:49:97:fb:52:c0:11:38:54:37:52:d1:11:33:85:
         a7:95:15:40:53:56:fb:fb:57:11:93:a2:9b:72:54:fc:85:f1:
         d4:b2:0a:d2:84:9d:56:d0:7e:b5:43:b5:67:30:f0:95:e5:ce:
         62:b6:cc:14:d6:bc:51:e3:96:98:9e:85:aa:4b:0e:19:30:64:
         d3:f9:91:eb:b7:84:15:78:c0:cb:f0:3b:72:b6:aa:50:3d:fe:
         43:25:55:60:2c:0d:88:5e:da:5d:40:05:81:f2:ba:e0:5e:01:
         bd:1a:fb:40:69:9d:a6:57:b0:30:ca:f4:b0:b3:02:3a:fe:cf:
         57:fa:a8:1d:24:43:a0:d9:db:a6:67:e0:1a:18:e9:28:98:68:
         d7:7a:bb:56:71:c1:bd:c4:f6:ac:af:c8:31:72:42:f9:f9:51:
         f7:b0:a7:29:25:73:8a:c4:73:16:6f:e7:01:36:37:09:4e:4d:
         f4:fc:60:de:3b:9f:b6:77:1c:ce:0c:df:1e:9a:83:39:57:49:
         0e:2d:7e:45:fe:31:70:f4:c6:55:33:1c:80:98:d5:62:53:62:
         e5:77:34:74
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUOBrwYcYUmqO2+QlGlVIxx6n+EmkwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDIwM1oX
DTI3MDMwMzA2MDcwM1owMzExMC8GA1UEAxMoMUQ4M0U5OTM2RkZEODAxNTE2RjdC
MUJGRkYwMUQyNjc2NkUyMUJDODCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOPSkYON42JyPHAu2L4hdKz2THUHUA/OnOh+KOhA2R64K+mK19hvAe3C/m9k
wNpTETlRi0vdJXn4YyGllJJrCHWjMzQuDy0vOHN4aOD/jb6b42hXyA+V0wUMIGli
ChzO6vh/AX17Ieu3RmU5tAg68Zn5sHBKlVWqh6jkRBV6QTjj7wpX5/gVq+Lm9sB2
JR+V8k7XSCKLRt2wfGCZfZVERDU+y7F3EU3hEl2+F4PgIJ1aModRN8hfweStsZB0
tbDDphkh1/1n03gockOjNKvq1y3qQbYMs90DplTYoINxsb5ceDzeGDz9bPUACZdt
8C+/XxHEShH86uMfvnuCK2G0iZcCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQdg+mT
b/2AFRb3sb//AdJnZuIbyDAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MzM5Mi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
ouYwDQYJKoZIhvcNAQELBQADggEBAKPBHeIyxAuI4oKgh9h7PdQzT+zgS11xDJMT
XnBoMZBpBVvFUAEYt5tJl/tSwBE4VDdS0REzhaeVFUBTVvv7VxGToptyVPyF8dSy
CtKEnVbQfrVDtWcw8JXlzmK2zBTWvFHjlpiehapLDhkwZNP5keu3hBV4wMvwO3K2
qlA9/kMlVWAsDYhe2l1ABYHyuuBeAb0a+0BpnaZXsDDK9LCzAjr+z1f6qB0kQ6DZ
26Zn4BoY6SiYaNd6u1Zxwb3E9qyvyDFyQvn5Ufewpyklc4rEcxZv5wE2NwlOTfT8
YN47n7Z3HM4M3x6agzlXSQ4tfkX+MXD0xlUzHICY1WJTYuV3NHQ=
-----END CERTIFICATE-----