Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143405.roa
File:                     AS143405.roa (raw, json)
Hash identifier:          gtYL7l5MRClIXyR0Kt5w9ZxVgELJjB4SOImUfWqMch4=
Subject key identifier:   F8:A5:BB:7C:AC:C7:88:FF:90:DF:3C:36:C5:C7:57:77:8B:80:78:0C
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       2F374285978A1579FA559DCB9B3BE1072A3FDA0C
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143405.roa
Signing time:             Wed 04 Mar 2026 06:06:41 +0000
ROA not before:           Wed 04 Mar 2026 06:01:41 +0000
ROA not after:            Wed 03 Mar 2027 06:06:41 +0000
asID:                     143405
IP address blocks:        240a:a2f3::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2f:37:42:85:97:8a:15:79:fa:55:9d:cb:9b:3b:e1:07:2a:3f:da:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:01:41 2026 GMT
            Not After : Mar  3 06:06:41 2027 GMT
        Subject: CN=F8A5BB7CACC788FF90DF3C36C5C757778B80780C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:7e:13:68:34:44:73:66:7b:83:b2:ea:ed:bc:
                    6a:3e:23:6a:c4:f8:c1:40:e7:d3:8a:bb:a8:1d:97:
                    eb:91:ac:4a:ca:b8:00:6e:4f:c8:84:61:02:17:7a:
                    f8:c6:b8:23:37:85:bf:29:85:4a:db:3d:67:8a:59:
                    65:12:61:85:96:ff:f5:00:c7:77:34:16:9b:72:07:
                    32:8a:e2:a9:aa:04:b3:3a:ca:d9:2c:2d:99:6d:dd:
                    28:07:16:3e:73:c8:45:58:96:ba:4b:7f:1a:8e:a6:
                    5f:e0:de:a1:41:48:6b:a3:18:3f:6d:68:2b:0e:65:
                    d5:dd:f9:66:e2:c4:c7:f6:7f:06:34:1c:8d:fc:50:
                    08:13:40:3b:a6:dc:8c:75:2f:c2:31:93:6d:1f:fe:
                    4b:7c:d4:db:93:37:52:10:bf:00:86:b2:4f:8a:b6:
                    0d:ee:ef:38:a4:64:55:ad:ef:22:9a:1a:76:5b:aa:
                    12:ba:a1:85:21:4e:57:31:39:29:e8:53:9f:6d:9d:
                    c3:cf:d8:fe:03:27:4f:47:7c:f9:88:a9:c4:db:81:
                    cb:7c:60:38:a9:95:d5:8b:58:52:93:0f:af:f7:2d:
                    48:f8:ca:1c:43:f5:12:88:8f:96:9a:43:aa:fe:a3:
                    7c:57:16:21:d4:18:02:a8:ca:c4:be:df:08:2f:c3:
                    6e:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:A5:BB:7C:AC:C7:88:FF:90:DF:3C:36:C5:C7:57:77:8B:80:78:0C
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143405.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a2f3::/32

    Signature Algorithm: sha256WithRSAEncryption
         69:a4:ce:56:81:6c:fc:58:e8:31:6e:75:e9:ae:93:e7:79:ba:
         76:73:80:e8:2d:99:72:af:41:a2:65:22:64:42:5e:f0:f9:75:
         a6:8d:81:0f:ae:2e:dc:44:b8:e4:3b:6c:5d:e7:03:4d:70:49:
         c3:4f:a1:cf:a0:e3:98:55:89:bb:36:6c:ed:01:37:ff:fb:ae:
         75:fe:e4:01:2d:00:61:80:df:a3:1a:23:8d:ab:13:ed:05:d6:
         a1:36:cd:3a:fa:8a:4f:b4:90:0c:29:5d:c8:78:65:05:ad:d6:
         52:0a:0e:7b:70:49:03:3c:ca:c3:3d:4e:13:c2:66:9b:12:ce:
         c6:91:fd:12:b4:73:90:f2:fa:8e:92:e5:63:84:76:47:0e:98:
         7a:48:2a:c4:0b:1e:39:65:e6:9c:8c:96:52:66:77:99:0b:5c:
         51:72:de:24:d3:ff:ce:eb:06:c8:8b:81:ad:21:d3:21:36:1b:
         38:3f:77:62:c3:5c:93:0b:f0:ef:74:f1:60:2f:9a:9b:58:df:
         7d:36:c5:17:1c:2e:8f:6a:fd:72:ea:58:a6:56:b6:3a:b5:92:
         da:f5:8e:35:3a:68:5c:2b:ed:27:fa:76:73:38:2c:59:08:59:
         cf:6e:98:a5:8a:28:4e:72:1c:4b:ce:a0:5b:35:5b:8d:8d:dc:
         e6:67:0e:e5
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIULzdChZeKFXn6VZ3LmzvhByo/2gwwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDE0MVoX
DTI3MDMwMzA2MDY0MVowMzExMC8GA1UEAxMoRjhBNUJCN0NBQ0M3ODhGRjkwREYz
QzM2QzVDNzU3Nzc4QjgwNzgwQzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAN9+E2g0RHNme4Oy6u28aj4jasT4wUDn04q7qB2X65GsSsq4AG5PyIRhAhd6
+Ma4IzeFvymFSts9Z4pZZRJhhZb/9QDHdzQWm3IHMoriqaoEszrK2SwtmW3dKAcW
PnPIRViWukt/Go6mX+DeoUFIa6MYP21oKw5l1d35ZuLEx/Z/BjQcjfxQCBNAO6bc
jHUvwjGTbR/+S3zU25M3UhC/AIayT4q2De7vOKRkVa3vIpoadluqErqhhSFOVzE5
KehTn22dw8/Y/gMnT0d8+YipxNuBy3xgOKmV1YtYUpMPr/ctSPjKHEP1EoiPlppD
qv6jfFcWIdQYAqjKxL7fCC/DbscCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBT4pbt8
rMeI/5DfPDbFx1d3i4B4DDAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MzQwNS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
ovMwDQYJKoZIhvcNAQELBQADggEBAGmkzlaBbPxY6DFudemuk+d5unZzgOgtmXKv
QaJlImRCXvD5daaNgQ+uLtxEuOQ7bF3nA01wScNPoc+g45hVibs2bO0BN//7rnX+
5AEtAGGA36MaI42rE+0F1qE2zTr6ik+0kAwpXch4ZQWt1lIKDntwSQM8ysM9ThPC
ZpsSzsaR/RK0c5Dy+o6S5WOEdkcOmHpIKsQLHjll5pyMllJmd5kLXFFy3iTT/87r
BsiLga0h0yE2Gzg/d2LDXJML8O908WAvmptY3302xRccLo9q/XLqWKZWtjq1ktr1
jjU6aFwr7Sf6dnM4LFkIWc9umKWKKE5yHEvOoFs1W42N3OZnDuU=
-----END CERTIFICATE-----