Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143430.roa
File:                     AS143430.roa (raw, json)
Hash identifier:          XGoQJPYr9+TI+qCg721Hte8LtB8fqTVyJWuxdMnAFjc=
Subject key identifier:   BF:0E:84:FE:4B:8B:CC:E9:61:55:F1:23:9A:BB:8B:68:16:21:5E:56
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       3607918A33C32608070B6C3511E5D01CFF4B5749
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143430.roa
Signing time:             Wed 04 Mar 2026 06:05:36 +0000
ROA not before:           Wed 04 Mar 2026 06:00:36 +0000
ROA not after:            Wed 03 Mar 2027 06:05:36 +0000
asID:                     143430
IP address blocks:        240a:a30c::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            36:07:91:8a:33:c3:26:08:07:0b:6c:35:11:e5:d0:1c:ff:4b:57:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:00:36 2026 GMT
            Not After : Mar  3 06:05:36 2027 GMT
        Subject: CN=BF0E84FE4B8BCCE96155F1239ABB8B6816215E56
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:7e:b3:9d:e9:3e:b7:c0:41:d5:24:ee:f2:3d:
                    be:30:35:e8:28:bb:c0:2e:6f:ff:34:5e:83:b1:dc:
                    78:da:13:4a:3f:4c:4f:2d:16:b1:fc:ad:ec:59:8d:
                    03:af:46:a8:7c:ed:82:49:9c:d0:9e:81:c8:a0:76:
                    e8:1c:1a:4b:0d:7d:75:90:01:f8:e2:9f:d3:d1:cb:
                    54:9c:b7:0e:b3:c3:a6:36:af:97:5b:50:bc:56:30:
                    d5:20:62:cc:5e:13:bd:8d:db:7c:18:d4:12:0b:5d:
                    2f:7a:6d:b1:1a:cc:93:da:79:8f:34:95:d7:b2:c9:
                    a7:12:a4:a2:d2:b1:8b:85:6d:27:ba:1e:c4:7a:42:
                    c8:32:a0:28:c4:22:85:df:29:a2:06:1c:39:71:29:
                    31:e6:81:e5:c6:4e:31:49:91:15:e9:48:7c:a6:5e:
                    e6:d1:db:cd:7b:44:7c:d3:5f:c9:2a:14:ba:2b:2d:
                    0e:56:22:45:63:26:5b:7a:15:33:9d:84:9a:5b:ca:
                    2a:8d:ae:dc:f3:e1:9c:c0:d7:a1:f1:24:58:ac:32:
                    e3:48:1f:17:c0:b4:40:16:e1:20:64:2b:62:fe:a2:
                    36:64:98:03:07:8e:6a:ad:59:ba:f2:02:3a:3b:15:
                    eb:db:cb:d2:e0:fe:b4:79:75:34:93:b5:12:ea:a0:
                    55:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:0E:84:FE:4B:8B:CC:E9:61:55:F1:23:9A:BB:8B:68:16:21:5E:56
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143430.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a30c::/32

    Signature Algorithm: sha256WithRSAEncryption
         3a:68:9c:97:96:db:b2:79:82:87:94:1a:4b:b6:11:2f:8f:8a:
         e4:d4:5a:9d:e3:e3:86:ce:7d:96:97:41:86:65:19:1a:c9:aa:
         b9:c9:2d:67:80:0a:25:7a:1b:ce:72:bb:33:53:90:3f:c8:66:
         a7:90:b0:ef:69:fe:4f:3d:c4:0e:b6:ee:7b:30:6c:3b:3d:8d:
         74:8c:db:36:a2:2b:c5:ea:1c:4e:43:1a:1d:c0:aa:b7:46:2d:
         ca:cc:24:06:55:b2:9a:a9:b3:65:d0:eb:1a:3f:1f:39:ae:a2:
         7e:93:04:40:61:60:73:e9:9e:7c:77:fe:cd:ac:fc:d2:6a:38:
         d3:a0:69:c0:f3:70:ef:be:d3:5c:f2:e4:d3:db:6b:6d:07:34:
         6f:0c:0c:b6:98:e1:1b:8c:6b:22:10:57:34:7f:41:95:59:a5:
         d0:d7:dd:54:64:c2:9f:4c:07:61:1f:d5:44:02:d2:13:4d:38:
         77:24:70:b2:a5:01:d7:ab:9d:f4:f8:9b:79:a2:9f:d2:e9:d7:
         89:dd:d0:00:53:6e:67:e7:6e:8a:71:3a:48:03:e0:1c:70:16:
         13:9a:d8:a9:8a:64:f5:2c:e4:1e:32:aa:42:9b:24:89:8a:22:
         f3:9c:f3:96:b8:35:52:b4:3e:18:36:68:9f:16:48:c8:86:07:
         2a:01:fa:29
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUNgeRijPDJggHC2w1EeXQHP9LV0kwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDAzNloX
DTI3MDMwMzA2MDUzNlowMzExMC8GA1UEAxMoQkYwRTg0RkU0QjhCQ0NFOTYxNTVG
MTIzOUFCQjhCNjgxNjIxNUU1NjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJV+s53pPrfAQdUk7vI9vjA16Ci7wC5v/zReg7HceNoTSj9MTy0Wsfyt7FmN
A69GqHztgkmc0J6ByKB26BwaSw19dZAB+OKf09HLVJy3DrPDpjavl1tQvFYw1SBi
zF4TvY3bfBjUEgtdL3ptsRrMk9p5jzSV17LJpxKkotKxi4VtJ7oexHpCyDKgKMQi
hd8pogYcOXEpMeaB5cZOMUmRFelIfKZe5tHbzXtEfNNfySoUuistDlYiRWMmW3oV
M52EmlvKKo2u3PPhnMDXofEkWKwy40gfF8C0QBbhIGQrYv6iNmSYAweOaq1ZuvIC
OjsV69vL0uD+tHl1NJO1EuqgVWkCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBS/DoT+
S4vM6WFV8SOau4toFiFeVjAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MzQzMC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
owwwDQYJKoZIhvcNAQELBQADggEBADponJeW27J5goeUGku2ES+PiuTUWp3j44bO
fZaXQYZlGRrJqrnJLWeACiV6G85yuzNTkD/IZqeQsO9p/k89xA627nswbDs9jXSM
2zaiK8XqHE5DGh3AqrdGLcrMJAZVspqps2XQ6xo/Hzmuon6TBEBhYHPpnnx3/s2s
/NJqONOgacDzcO++01zy5NPba20HNG8MDLaY4RuMayIQVzR/QZVZpdDX3VRkwp9M
B2Ef1UQC0hNNOHckcLKlAdernfT4m3min9Lp14nd0ABTbmfnbopxOkgD4BxwFhOa
2KmKZPUs5B4yqkKbJImKIvOc85a4NVK0Phg2aJ8WSMiGByoB+ik=
-----END CERTIFICATE-----