Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143431.roa
File:                     AS143431.roa (raw, json)
Hash identifier:          QmjBuNyIQqSX1Bx9W7dMnjemTNiT2p2zr6urVHF6tXM=
Subject key identifier:   40:17:F7:09:92:A4:36:9A:1B:FC:92:1F:EB:95:DC:BF:84:FA:04:E0
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       1312401B7F56F36B7A1E6E7FBD610C4833B3FC7F
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143431.roa
Signing time:             Wed 04 Mar 2026 06:06:53 +0000
ROA not before:           Wed 04 Mar 2026 06:01:53 +0000
ROA not after:            Wed 03 Mar 2027 06:06:53 +0000
asID:                     143431
IP address blocks:        240a:a30d::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:12:40:1b:7f:56:f3:6b:7a:1e:6e:7f:bd:61:0c:48:33:b3:fc:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:01:53 2026 GMT
            Not After : Mar  3 06:06:53 2027 GMT
        Subject: CN=4017F70992A4369A1BFC921FEB95DCBF84FA04E0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:d8:be:11:26:af:33:db:c7:7d:cf:94:69:67:
                    ff:d3:c0:4d:fc:55:7d:7e:18:76:4f:e7:f6:2e:75:
                    18:0c:f6:72:85:8b:24:d0:3f:ca:a0:8e:ad:2c:21:
                    da:9d:ef:20:cf:66:00:30:96:6a:28:e9:2b:70:08:
                    df:6a:57:ca:aa:27:ce:b4:c8:40:bf:ab:a2:b0:68:
                    46:88:18:1f:46:60:e2:29:5f:40:7e:b6:08:2f:50:
                    89:bc:46:ca:0b:b7:68:ad:24:60:59:61:9e:c7:a0:
                    5c:e8:1f:2d:73:de:ed:a8:c3:c9:8f:d7:70:b1:90:
                    80:92:e5:25:de:e6:17:0f:e5:01:92:fb:9e:e2:0c:
                    1a:b9:b1:52:87:31:0a:9a:1c:77:31:c9:93:02:09:
                    b9:c5:9b:75:25:ea:5f:b4:13:ff:ae:19:1a:97:46:
                    f0:d2:24:0c:a5:63:c5:d1:18:99:03:81:63:30:7a:
                    63:48:4c:7f:81:81:43:c6:ec:da:89:fd:d2:1f:56:
                    7c:d9:9b:8b:70:b3:2c:a0:03:c1:94:3c:3b:56:a1:
                    27:1c:f0:5a:ae:73:03:ac:97:aa:37:db:c6:6b:af:
                    42:62:a0:7c:73:a6:93:67:f8:92:4a:98:38:e8:f9:
                    27:2f:31:59:fa:bd:49:a9:1a:89:b1:7a:25:af:73:
                    89:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:17:F7:09:92:A4:36:9A:1B:FC:92:1F:EB:95:DC:BF:84:FA:04:E0
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143431.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a30d::/32

    Signature Algorithm: sha256WithRSAEncryption
         b3:24:81:49:6f:45:50:12:58:f3:b7:e3:26:7b:d1:0c:e7:8e:
         c7:d0:a2:23:d5:10:b0:e3:d9:f6:38:5c:be:57:c0:cf:78:fa:
         17:16:e0:97:2a:d7:c2:aa:15:3b:42:f8:98:33:31:ef:41:24:
         b5:08:55:b1:fe:68:f0:c5:bb:8c:e5:2d:f4:b1:4a:a1:15:ed:
         1e:6b:d4:54:5b:cb:24:71:1e:b7:51:23:1f:8f:2b:5f:94:8f:
         9f:b5:a0:55:17:fe:8a:04:84:d5:cb:33:7a:91:9c:c1:aa:17:
         66:9b:25:e9:52:11:c0:55:63:93:7d:ca:91:ef:b5:b5:87:40:
         08:22:83:17:d6:d6:c6:e8:2e:51:fb:cc:b2:af:e9:b7:15:52:
         98:87:1c:0f:63:bb:53:d8:ee:0f:59:cc:0f:f6:86:c7:36:ce:
         25:34:87:bb:9c:9f:08:15:48:65:56:93:fa:21:a2:45:71:6b:
         47:64:6e:c8:7c:a6:34:9d:56:b3:82:74:50:a1:3c:21:17:f1:
         72:1d:23:51:51:46:fa:74:c5:88:5f:0a:95:fb:00:e4:d6:17:
         4d:51:20:74:aa:a9:99:ea:a1:b6:d3:0f:1a:c0:cf:12:ec:b5:
         f8:34:69:be:1c:ac:ed:b2:f1:46:dc:f1:8d:cf:55:0b:4f:53:
         ce:a3:14:4e
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUExJAG39W82t6Hm5/vWEMSDOz/H8wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDE1M1oX
DTI3MDMwMzA2MDY1M1owMzExMC8GA1UEAxMoNDAxN0Y3MDk5MkE0MzY5QTFCRkM5
MjFGRUI5NURDQkY4NEZBMDRFMDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAInYvhEmrzPbx33PlGln/9PATfxVfX4Ydk/n9i51GAz2coWLJNA/yqCOrSwh
2p3vIM9mADCWaijpK3AI32pXyqonzrTIQL+rorBoRogYH0Zg4ilfQH62CC9QibxG
ygu3aK0kYFlhnsegXOgfLXPe7ajDyY/XcLGQgJLlJd7mFw/lAZL7nuIMGrmxUocx
CpocdzHJkwIJucWbdSXqX7QT/64ZGpdG8NIkDKVjxdEYmQOBYzB6Y0hMf4GBQ8bs
2on90h9WfNmbi3CzLKADwZQ8O1ahJxzwWq5zA6yXqjfbxmuvQmKgfHOmk2f4kkqY
OOj5Jy8xWfq9SakaibF6Ja9ziXkCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBRAF/cJ
kqQ2mhv8kh/rldy/hPoE4DAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MzQzMS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
ow0wDQYJKoZIhvcNAQELBQADggEBALMkgUlvRVASWPO34yZ70QznjsfQoiPVELDj
2fY4XL5XwM94+hcW4Jcq18KqFTtC+JgzMe9BJLUIVbH+aPDFu4zlLfSxSqEV7R5r
1FRbyyRxHrdRIx+PK1+Uj5+1oFUX/ooEhNXLM3qRnMGqF2abJelSEcBVY5N9ypHv
tbWHQAgigxfW1sboLlH7zLKv6bcVUpiHHA9ju1PY7g9ZzA/2hsc2ziU0h7ucnwgV
SGVWk/ohokVxa0dkbsh8pjSdVrOCdFChPCEX8XIdI1FRRvp0xYhfCpX7AOTWF01R
IHSqqZnqobbTDxrAzxLstfg0ab4crO2y8Ubc8Y3PVQtPU86jFE4=
-----END CERTIFICATE-----