Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143445.roa
File:                     AS143445.roa (raw, json)
Hash identifier:          JhBLczpltim3HiFNK5CamXtBG+yQq47tn4EzBSsvTYE=
Subject key identifier:   7B:3B:46:F9:B4:50:EE:86:B8:0A:A1:AE:77:52:6D:13:6F:92:DE:2D
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       3D7E6A4558C18CB65A268589F4137EBD784C15C9
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143445.roa
Signing time:             Wed 04 Mar 2026 06:07:08 +0000
ROA not before:           Wed 04 Mar 2026 06:02:08 +0000
ROA not after:            Wed 03 Mar 2027 06:07:08 +0000
asID:                     143445
IP address blocks:        240a:a31b::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:7e:6a:45:58:c1:8c:b6:5a:26:85:89:f4:13:7e:bd:78:4c:15:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:02:08 2026 GMT
            Not After : Mar  3 06:07:08 2027 GMT
        Subject: CN=7B3B46F9B450EE86B80AA1AE77526D136F92DE2D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:4b:3e:8d:f9:eb:85:b5:5f:1a:32:a2:56:06:
                    b1:0b:17:0e:8f:6d:39:78:82:18:71:c9:1d:22:05:
                    82:c3:c5:52:a6:8d:1c:3e:d4:e3:eb:a3:cd:8b:cd:
                    38:49:a8:44:a8:c3:85:e7:71:ad:9b:d4:0a:56:ee:
                    cf:e0:90:3e:2e:b9:92:ab:ab:3f:82:36:2e:39:f8:
                    15:ce:12:f3:28:0c:0c:1c:8d:37:b9:ca:ec:38:13:
                    0f:33:be:3e:be:28:a1:41:07:ac:40:1f:a0:c4:18:
                    10:e0:10:0a:71:73:f6:f7:bf:59:41:49:5e:4d:78:
                    8f:8e:2a:1a:d8:dc:88:aa:d9:c8:a5:6e:95:bd:e9:
                    29:01:84:cd:09:f8:e8:9a:f2:57:f0:59:7f:a0:bd:
                    0d:10:03:57:01:4d:96:23:80:90:3d:ed:d6:bf:02:
                    47:db:5d:f7:d6:bc:e7:65:d0:43:10:8b:d5:f2:d8:
                    ea:42:25:2d:27:a3:f6:d4:9d:4f:d0:33:56:a6:e5:
                    97:c7:ab:c9:15:94:29:f3:b0:65:63:29:a4:c5:d7:
                    5a:8a:70:5b:d9:79:41:46:a7:cc:b0:54:5c:4a:ed:
                    ee:95:9b:36:c8:8d:0e:dd:96:6e:9d:13:01:98:9f:
                    46:05:75:92:3a:3e:92:d7:4e:32:03:2d:60:ae:d0:
                    77:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:3B:46:F9:B4:50:EE:86:B8:0A:A1:AE:77:52:6D:13:6F:92:DE:2D
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143445.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a31b::/32

    Signature Algorithm: sha256WithRSAEncryption
         ce:6e:38:ef:77:e7:55:ef:05:2f:25:6d:c1:c4:1e:4f:fb:bf:
         5b:12:d5:9c:75:63:05:10:ff:c6:1b:11:90:df:f9:72:5c:22:
         f2:df:e2:cf:d7:d9:cd:c7:20:d6:b1:3b:b3:c6:fb:86:68:0e:
         eb:ad:17:17:6d:87:36:17:0d:5a:aa:05:cb:2d:5d:ab:ed:4d:
         7e:27:b3:34:f6:dd:ea:41:c2:17:fb:23:86:31:c6:33:a9:3e:
         00:c4:81:a4:55:7f:ef:dd:66:f5:db:72:0b:b8:4f:7c:ad:87:
         68:f0:7c:b2:e7:61:c6:d9:30:97:f0:0c:ed:94:3e:d4:97:f4:
         a4:4b:42:ae:bd:a4:c8:dc:24:64:82:71:31:23:ae:53:b6:58:
         4f:fd:cc:80:6f:f3:1c:b1:be:53:65:86:45:77:ac:f1:2e:cd:
         cb:07:87:3c:55:50:2e:88:1b:5a:83:82:9f:39:65:b9:da:44:
         5b:e6:b5:b8:bc:05:bb:20:05:ea:54:6c:5c:10:bc:9d:1d:c5:
         8d:e6:84:f8:53:f9:7d:77:48:bc:22:71:ed:62:5e:b7:1d:bf:
         f9:02:8d:ed:0d:51:07:d9:62:7d:7a:63:71:74:35:5f:f9:8c:
         4d:ae:bd:c4:75:27:74:b2:9d:7d:56:ab:f9:ac:23:8d:a3:04:
         f0:c2:3e:e0
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUPX5qRVjBjLZaJoWJ9BN+vXhMFckwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDIwOFoX
DTI3MDMwMzA2MDcwOFowMzExMC8GA1UEAxMoN0IzQjQ2RjlCNDUwRUU4NkI4MEFB
MUFFNzc1MjZEMTM2RjkyREUyRDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALRLPo3564W1XxoyolYGsQsXDo9tOXiCGHHJHSIFgsPFUqaNHD7U4+ujzYvN
OEmoRKjDhedxrZvUClbuz+CQPi65kqurP4I2Ljn4Fc4S8ygMDByNN7nK7DgTDzO+
Pr4ooUEHrEAfoMQYEOAQCnFz9ve/WUFJXk14j44qGtjciKrZyKVulb3pKQGEzQn4
6JryV/BZf6C9DRADVwFNliOAkD3t1r8CR9td99a852XQQxCL1fLY6kIlLSej9tSd
T9AzVqbll8eryRWUKfOwZWMppMXXWopwW9l5QUanzLBUXErt7pWbNsiNDt2Wbp0T
AZifRgV1kjo+ktdOMgMtYK7Qd5UCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBR7O0b5
tFDuhrgKoa53Um0Tb5LeLTAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MzQ0NS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
oxswDQYJKoZIhvcNAQELBQADggEBAM5uOO9351XvBS8lbcHEHk/7v1sS1Zx1YwUQ
/8YbEZDf+XJcIvLf4s/X2c3HINaxO7PG+4ZoDuutFxdthzYXDVqqBcstXavtTX4n
szT23epBwhf7I4YxxjOpPgDEgaRVf+/dZvXbcgu4T3yth2jwfLLnYcbZMJfwDO2U
PtSX9KRLQq69pMjcJGSCcTEjrlO2WE/9zIBv8xyxvlNlhkV3rPEuzcsHhzxVUC6I
G1qDgp85ZbnaRFvmtbi8BbsgBepUbFwQvJ0dxY3mhPhT+X13SLwice1iXrcdv/kC
je0NUQfZYn16Y3F0NV/5jE2uvcR1J3SynX1Wq/msI42jBPDCPuA=
-----END CERTIFICATE-----