Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143407.roa
File:                     AS143407.roa (raw, json)
Hash identifier:          bZTU+1xdIN40Kvk3tWidzayYNXwb7cJSIlRKXGUIeLs=
Subject key identifier:   57:41:E3:DA:83:AB:41:4F:78:53:29:80:CA:17:20:44:9F:4B:3B:8B
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       43E185E2DA8B9D2AC9374B253672A419FC4B70B0
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143407.roa
Signing time:             Wed 04 Mar 2026 06:05:10 +0000
ROA not before:           Wed 04 Mar 2026 06:00:10 +0000
ROA not after:            Wed 03 Mar 2027 06:05:10 +0000
asID:                     143407
IP address blocks:        240a:a2f5::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:e1:85:e2:da:8b:9d:2a:c9:37:4b:25:36:72:a4:19:fc:4b:70:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:00:10 2026 GMT
            Not After : Mar  3 06:05:10 2027 GMT
        Subject: CN=5741E3DA83AB414F78532980CA1720449F4B3B8B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:77:71:05:84:88:10:d4:19:3c:3f:48:a7:34:
                    e8:44:97:22:3b:80:e8:21:95:ae:31:66:64:03:4c:
                    82:d8:cf:0b:75:ca:a7:68:1c:88:b0:89:c3:00:3c:
                    99:31:9b:ef:7c:64:67:81:e6:f2:d7:5d:7c:c0:85:
                    02:5e:9b:23:8e:98:1d:1a:b3:77:be:f8:10:00:0f:
                    34:eb:62:5b:3e:5e:c9:97:7b:ef:f1:79:92:26:f5:
                    b8:92:b5:17:73:69:03:0b:63:5b:cb:d7:5c:6d:9f:
                    8d:1b:45:3e:b3:bb:55:8c:8d:7f:fb:0c:50:aa:85:
                    54:38:42:fc:fa:0b:e7:52:b7:3b:65:5f:44:b2:f1:
                    f6:b4:5c:63:40:53:97:42:06:d8:5b:19:38:9a:64:
                    7e:f8:32:69:9c:fc:db:97:4c:30:e9:62:b3:96:e1:
                    fa:cc:4c:ae:ac:a2:eb:17:08:e7:93:59:4f:3c:eb:
                    34:73:da:9d:e4:0c:4c:39:02:22:75:1b:75:f9:49:
                    ec:58:7a:be:db:fd:ca:de:96:a0:22:9c:50:da:71:
                    ee:70:4b:c9:e2:f2:c9:ab:cd:67:f7:3e:38:86:ec:
                    bd:3e:72:dd:fb:a4:39:87:b7:e5:0d:1c:7d:dc:cb:
                    71:0f:b2:94:31:1e:99:6e:7a:09:7e:c8:9a:1c:ad:
                    1f:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:41:E3:DA:83:AB:41:4F:78:53:29:80:CA:17:20:44:9F:4B:3B:8B
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143407.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a2f5::/32

    Signature Algorithm: sha256WithRSAEncryption
         52:3e:59:4a:ec:f7:75:1b:fb:3a:48:ca:62:d8:ff:ea:d6:0e:
         b4:32:16:9f:10:fa:c4:41:9d:7b:e8:0b:e1:11:9a:4a:82:40:
         76:9a:c9:23:9a:67:4d:c4:39:b3:0f:ae:e6:d9:c6:69:9d:f3:
         86:d7:17:1c:ce:df:ea:80:c6:e5:c6:8d:87:d3:3d:ec:bd:79:
         7d:3a:1f:89:66:d4:96:7b:f5:0f:14:b8:54:e8:94:5d:45:fb:
         34:48:3a:d2:6f:90:18:45:ac:6a:d9:0a:1a:9f:a3:53:b7:00:
         62:98:65:d4:24:ea:06:f2:56:63:bf:45:a0:75:38:8c:fe:d7:
         06:01:14:f4:55:09:b0:32:34:4d:ec:9d:27:92:d3:56:2d:cc:
         52:f0:f9:b3:20:c1:dc:7b:1d:39:38:ca:c8:54:c2:05:f6:d8:
         dc:8f:fd:d8:68:aa:82:5d:d1:f2:19:5f:a0:35:bc:02:16:1f:
         79:af:2b:a3:2d:ac:af:e9:aa:37:9a:cb:bf:4f:4a:5b:5a:23:
         9e:e2:58:39:23:34:d2:ad:cb:ff:f6:a3:99:06:3a:ca:85:ca:
         3f:11:4c:75:2a:44:2c:0b:e1:7a:e2:4b:98:6d:13:42:ed:0f:
         34:57:e3:7b:59:a9:ea:23:16:cb:96:4e:fa:4a:29:6e:02:03:
         2a:71:d8:85
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUQ+GF4tqLnSrJN0slNnKkGfxLcLAwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDAxMFoX
DTI3MDMwMzA2MDUxMFowMzExMC8GA1UEAxMoNTc0MUUzREE4M0FCNDE0Rjc4NTMy
OTgwQ0ExNzIwNDQ5RjRCM0I4QjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANp3cQWEiBDUGTw/SKc06ESXIjuA6CGVrjFmZANMgtjPC3XKp2gciLCJwwA8
mTGb73xkZ4Hm8tddfMCFAl6bI46YHRqzd774EAAPNOtiWz5eyZd77/F5kib1uJK1
F3NpAwtjW8vXXG2fjRtFPrO7VYyNf/sMUKqFVDhC/PoL51K3O2VfRLLx9rRcY0BT
l0IG2FsZOJpkfvgyaZz825dMMOlis5bh+sxMrqyi6xcI55NZTzzrNHPaneQMTDkC
InUbdflJ7Fh6vtv9yt6WoCKcUNpx7nBLyeLyyavNZ/c+OIbsvT5y3fukOYe35Q0c
fdzLcQ+ylDEemW56CX7ImhytH6kCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBRXQePa
g6tBT3hTKYDKFyBEn0s7izAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MzQwNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
ovUwDQYJKoZIhvcNAQELBQADggEBAFI+WUrs93Ub+zpIymLY/+rWDrQyFp8Q+sRB
nXvoC+ERmkqCQHaaySOaZ03EObMPrubZxmmd84bXFxzO3+qAxuXGjYfTPey9eX06
H4lm1JZ79Q8UuFTolF1F+zRIOtJvkBhFrGrZChqfo1O3AGKYZdQk6gbyVmO/RaB1
OIz+1wYBFPRVCbAyNE3snSeS01YtzFLw+bMgwdx7HTk4yshUwgX22NyP/dhoqoJd
0fIZX6A1vAIWH3mvK6MtrK/pqjeay79PSltaI57iWDkjNNKty//2o5kGOsqFyj8R
THUqRCwL4XriS5htE0LtDzRX43tZqeojFsuWTvpKKW4CAypx2IU=
-----END CERTIFICATE-----