Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143422.roa
File:                     AS143422.roa (raw, json)
Hash identifier:          AbQb8Qbeqlh+i5+uxz71NxNBvbNRnBpTfSyXQQkDaaA=
Subject key identifier:   DD:11:E4:FA:9B:14:30:79:D9:F2:10:92:E1:4D:82:A4:38:AB:F4:41
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       E80FC11B81B93EA1F3A565F32AE494A2CFD327
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143422.roa
Signing time:             Wed 04 Mar 2026 06:05:23 +0000
ROA not before:           Wed 04 Mar 2026 06:00:23 +0000
ROA not after:            Wed 03 Mar 2027 06:05:23 +0000
asID:                     143422
IP address blocks:        240a:a304::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            e8:0f:c1:1b:81:b9:3e:a1:f3:a5:65:f3:2a:e4:94:a2:cf:d3:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:00:23 2026 GMT
            Not After : Mar  3 06:05:23 2027 GMT
        Subject: CN=DD11E4FA9B143079D9F21092E14D82A438ABF441
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:5d:16:ac:88:08:4e:7d:48:89:b7:bf:a6:f4:
                    65:b0:53:b4:8e:1c:db:c9:f5:79:89:a8:c8:2f:bf:
                    f5:79:84:d0:58:f4:d4:ce:4a:a7:11:45:ed:54:3b:
                    15:67:df:85:48:f1:73:22:3d:d9:80:1d:aa:cd:9a:
                    20:c0:9d:6f:00:5b:dd:7d:ec:6f:95:dc:9a:02:72:
                    74:58:cd:d4:d3:9a:c6:9c:0e:5a:6c:95:29:97:68:
                    3a:12:c3:17:24:58:e1:6b:ee:42:54:21:b8:07:37:
                    ea:e7:a5:16:1c:98:3b:9a:27:49:42:af:86:74:8c:
                    9a:56:fe:cc:27:93:3d:fa:b3:30:96:7a:41:14:18:
                    bd:f1:0d:5f:1d:2c:5b:59:64:8f:ee:c8:03:c5:67:
                    8f:d6:8f:5f:97:26:2e:e3:64:ee:9a:5e:40:71:94:
                    e3:d0:36:2e:28:c5:f4:45:05:1e:2f:e1:90:d3:d6:
                    f9:e9:84:63:bb:ea:c6:53:56:50:1d:18:37:2d:42:
                    cf:85:e5:47:be:0a:8d:dd:95:91:e7:bc:14:1a:d7:
                    83:92:bd:d1:dd:8f:56:ae:28:c9:e6:82:5b:df:ee:
                    e9:fc:5e:f8:9c:c7:47:f8:70:65:bb:9c:0a:05:88:
                    63:99:e7:13:16:ba:17:33:74:c2:df:ef:97:16:eb:
                    17:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:11:E4:FA:9B:14:30:79:D9:F2:10:92:E1:4D:82:A4:38:AB:F4:41
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143422.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a304::/32

    Signature Algorithm: sha256WithRSAEncryption
         99:52:e0:73:0e:8e:87:ce:04:8e:e9:19:20:ae:1b:31:da:8b:
         94:5a:8d:8b:82:81:79:fc:82:69:e8:3f:9b:49:3c:a4:2a:8a:
         7c:62:96:b5:cc:d2:5a:d3:c9:72:49:55:ae:82:16:59:9b:cc:
         1d:77:61:f1:4f:48:f0:a4:c1:cb:08:96:80:cc:ec:15:c7:cc:
         38:53:4a:a9:e6:31:b7:63:39:09:cc:a3:58:81:76:a5:2e:c0:
         c1:63:82:4d:31:4a:87:ef:b9:60:cb:01:a1:ab:01:e1:eb:ab:
         c0:ce:42:a2:ff:67:ab:ff:ab:19:2d:48:d5:8d:4b:9c:08:7b:
         85:c9:ad:a8:56:2a:1a:82:d0:1d:fe:f6:f1:ec:2d:99:b1:c3:
         85:81:77:63:7c:c0:68:a9:b2:c6:9f:bb:ab:ea:a5:69:c1:35:
         4c:ee:f0:db:71:62:aa:bb:7e:1e:e2:44:a9:80:b0:30:c4:a2:
         b1:78:36:05:2a:88:59:51:77:4f:ec:a5:3a:b7:b2:12:be:ee:
         39:53:75:6b:14:56:e9:4b:5e:a7:a5:04:8c:55:9d:12:6c:67:
         bc:ad:a1:61:73:73:be:fc:0f:3a:b8:b1:de:d2:0b:aa:c3:5c:
         18:0a:c8:af:6e:b4:e9:43:06:fd:4a:3b:61:74:ed:16:49:93:
         91:41:af:bb
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUAOgPwRuBuT6h86Vl8yrklKLP0ycwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDAyM1oX
DTI3MDMwMzA2MDUyM1owMzExMC8GA1UEAxMoREQxMUU0RkE5QjE0MzA3OUQ5RjIx
MDkyRTE0RDgyQTQzOEFCRjQ0MTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALFdFqyICE59SIm3v6b0ZbBTtI4c28n1eYmoyC+/9XmE0Fj01M5KpxFF7VQ7
FWffhUjxcyI92YAdqs2aIMCdbwBb3X3sb5XcmgJydFjN1NOaxpwOWmyVKZdoOhLD
FyRY4WvuQlQhuAc36uelFhyYO5onSUKvhnSMmlb+zCeTPfqzMJZ6QRQYvfENXx0s
W1lkj+7IA8Vnj9aPX5cmLuNk7ppeQHGU49A2LijF9EUFHi/hkNPW+emEY7vqxlNW
UB0YNy1Cz4XlR74Kjd2Vkee8FBrXg5K90d2PVq4oyeaCW9/u6fxe+JzHR/hwZbuc
CgWIY5nnExa6FzN0wt/vlxbrF6cCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBTdEeT6
mxQwednyEJLhTYKkOKv0QTAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MzQyMi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
owQwDQYJKoZIhvcNAQELBQADggEBAJlS4HMOjofOBI7pGSCuGzHai5RajYuCgXn8
gmnoP5tJPKQqinxilrXM0lrTyXJJVa6CFlmbzB13YfFPSPCkwcsIloDM7BXHzDhT
SqnmMbdjOQnMo1iBdqUuwMFjgk0xSofvuWDLAaGrAeHrq8DOQqL/Z6v/qxktSNWN
S5wIe4XJrahWKhqC0B3+9vHsLZmxw4WBd2N8wGipssafu6vqpWnBNUzu8NtxYqq7
fh7iRKmAsDDEorF4NgUqiFlRd0/spTq3shK+7jlTdWsUVulLXqelBIxVnRJsZ7yt
oWFzc778Dzq4sd7SC6rDXBgKyK9utOlDBv1KO2F07RZJk5FBr7s=
-----END CERTIFICATE-----