Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143414.roa
File:                     AS143414.roa (raw, json)
Hash identifier:          NTaWSoq1nbfLYAzTqsmBq8+WgL7wRK10OTgxff4rrus=
Subject key identifier:   2A:19:39:32:1B:5D:FC:C1:AC:F7:43:B4:28:60:8E:94:8D:98:F2:78
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       7B5148221B5955CD1659B2718B496B2C8CC8E721
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143414.roa
Signing time:             Wed 04 Mar 2026 06:05:56 +0000
ROA not before:           Wed 04 Mar 2026 06:00:56 +0000
ROA not after:            Wed 03 Mar 2027 06:05:56 +0000
asID:                     143414
IP address blocks:        240a:a2fc::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7b:51:48:22:1b:59:55:cd:16:59:b2:71:8b:49:6b:2c:8c:c8:e7:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:00:56 2026 GMT
            Not After : Mar  3 06:05:56 2027 GMT
        Subject: CN=2A1939321B5DFCC1ACF743B428608E948D98F278
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:b7:f2:ae:5a:4e:57:c9:ee:07:29:21:0d:c8:
                    12:98:3d:5b:c4:57:a4:89:f4:5a:e2:28:61:e9:58:
                    37:e3:f1:ec:fd:da:62:b6:48:90:8c:54:9f:ef:23:
                    88:74:6c:35:d2:99:63:86:35:40:d2:21:0e:89:39:
                    5e:b5:05:19:4e:7f:04:4a:50:8a:39:95:8c:87:87:
                    db:97:3b:0d:75:b4:38:03:c6:09:07:a2:93:b6:64:
                    2a:f7:6f:c4:ae:36:5a:11:2a:00:d1:74:c5:7f:7a:
                    3e:c9:09:27:c0:9c:e2:e1:d7:dd:1d:76:d1:2c:ac:
                    36:db:fc:2b:d5:74:7b:e7:7f:ed:ea:57:aa:58:71:
                    e1:9e:f4:90:30:33:fa:a5:ee:be:70:76:40:0b:b2:
                    fc:3c:98:b7:d3:c0:8c:8f:cf:6c:bf:b5:00:df:ed:
                    3d:5c:a4:f1:2e:3c:22:ce:a7:cc:aa:2f:2e:b2:5b:
                    fd:26:76:81:a2:57:07:15:d2:c6:cb:f9:f4:1e:54:
                    36:0d:6d:a2:66:e8:f6:84:4d:82:aa:6d:76:f2:75:
                    66:96:77:71:c1:7c:a1:f0:d1:37:4e:34:cb:5e:c3:
                    28:dd:d8:7b:40:da:c7:6d:23:dc:0b:e8:c1:3e:09:
                    ea:3a:97:b0:7c:2d:92:67:95:78:4a:74:3c:13:c9:
                    d0:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:19:39:32:1B:5D:FC:C1:AC:F7:43:B4:28:60:8E:94:8D:98:F2:78
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143414.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a2fc::/32

    Signature Algorithm: sha256WithRSAEncryption
         43:7e:75:80:a2:0e:32:b5:bd:0c:c5:67:dc:53:9f:f8:02:8e:
         d5:5a:61:00:e4:fb:9b:82:d9:0c:43:b6:cb:1b:0d:e6:84:08:
         8b:e7:48:b3:a1:ea:cd:b0:38:da:63:d0:d3:b4:07:91:b0:12:
         8e:11:be:b5:6e:3b:0b:8e:ba:7b:0b:96:c0:93:24:8f:1f:b0:
         b1:6c:d2:34:7e:c9:fa:70:36:b5:a7:8e:19:a4:39:ad:a4:49:
         ba:be:d2:ba:9e:aa:1b:28:9c:b9:62:8a:69:27:6b:7e:46:e2:
         8f:c6:49:a9:2f:c9:3c:2c:91:86:da:22:4e:48:5b:9d:6b:41:
         ea:23:43:6e:f0:7a:2c:83:ae:fa:32:f9:74:fe:c6:38:cb:32:
         49:6f:5c:d0:a5:7d:cb:de:72:f9:5d:65:ae:d8:43:54:40:ed:
         06:e5:76:5f:2a:20:d5:b3:13:14:c4:a6:6e:86:15:6e:d1:3a:
         cb:44:86:e1:d8:a0:44:a0:76:6e:b3:09:04:eb:ba:1d:74:27:
         01:a6:70:07:d2:01:c9:bc:3e:ed:9b:ef:0e:d5:7f:cb:d1:68:
         3f:4a:5a:55:66:ae:87:63:b4:3e:ce:fe:3a:d3:c7:77:8c:91:
         c7:26:81:b7:dc:fb:3d:b3:9e:f4:c1:87:81:59:ae:87:54:e6:
         cd:e6:d4:0e
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUe1FIIhtZVc0WWbJxi0lrLIzI5yEwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDA1NloX
DTI3MDMwMzA2MDU1NlowMzExMC8GA1UEAxMoMkExOTM5MzIxQjVERkNDMUFDRjc0
M0I0Mjg2MDhFOTQ4RDk4RjI3ODCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANe38q5aTlfJ7gcpIQ3IEpg9W8RXpIn0WuIoYelYN+Px7P3aYrZIkIxUn+8j
iHRsNdKZY4Y1QNIhDok5XrUFGU5/BEpQijmVjIeH25c7DXW0OAPGCQeik7ZkKvdv
xK42WhEqANF0xX96PskJJ8Cc4uHX3R120SysNtv8K9V0e+d/7epXqlhx4Z70kDAz
+qXuvnB2QAuy/DyYt9PAjI/PbL+1AN/tPVyk8S48Is6nzKovLrJb/SZ2gaJXBxXS
xsv59B5UNg1tombo9oRNgqptdvJ1ZpZ3ccF8ofDRN040y17DKN3Ye0Dax20j3Avo
wT4J6jqXsHwtkmeVeEp0PBPJ0HsCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQqGTky
G138waz3Q7QoYI6UjZjyeDAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MzQxNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
ovwwDQYJKoZIhvcNAQELBQADggEBAEN+dYCiDjK1vQzFZ9xTn/gCjtVaYQDk+5uC
2QxDtssbDeaECIvnSLOh6s2wONpj0NO0B5GwEo4RvrVuOwuOunsLlsCTJI8fsLFs
0jR+yfpwNrWnjhmkOa2kSbq+0rqeqhsonLliimkna35G4o/GSakvyTwskYbaIk5I
W51rQeojQ27weiyDrvoy+XT+xjjLMklvXNClfcvecvldZa7YQ1RA7Qbldl8qINWz
ExTEpm6GFW7ROstEhuHYoESgdm6zCQTruh10JwGmcAfSAcm8Pu2b7w7Vf8vRaD9K
WlVmrodjtD7O/jrTx3eMkccmgbfc+z2znvTBh4FZrodU5s3m1A4=
-----END CERTIFICATE-----