Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143452.roa
File:                     AS143452.roa (raw, json)
Hash identifier:          W6i+r28mhYTIrzPz4Fhv+YCEi0KAYqlol5P+8e7n+HU=
Subject key identifier:   86:06:76:97:1E:49:92:64:61:2E:32:DA:8F:C8:D5:98:0C:0D:96:D5
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       39540DC1820B693281D7CA86C6FA87A222F62F99
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143452.roa
Signing time:             Wed 04 Mar 2026 06:07:50 +0000
ROA not before:           Wed 04 Mar 2026 06:02:50 +0000
ROA not after:            Wed 03 Mar 2027 06:07:50 +0000
asID:                     143452
IP address blocks:        240a:a322::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:54:0d:c1:82:0b:69:32:81:d7:ca:86:c6:fa:87:a2:22:f6:2f:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:02:50 2026 GMT
            Not After : Mar  3 06:07:50 2027 GMT
        Subject: CN=860676971E499264612E32DA8FC8D5980C0D96D5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:ba:00:28:22:10:cb:ec:c2:76:ab:62:c1:3f:
                    73:8a:3d:92:b6:8d:72:94:77:cf:85:c1:db:60:7e:
                    a2:c1:5b:9f:11:cf:67:de:25:8d:d5:ea:ed:70:6e:
                    75:eb:21:45:da:02:a2:eb:24:7b:9d:65:b1:f5:00:
                    3c:31:29:d4:a3:f2:86:71:ae:d9:63:b1:7e:bb:0b:
                    62:15:e4:d8:22:84:cb:e9:91:0b:72:39:b6:85:66:
                    da:42:1b:2e:d7:f8:d4:93:4b:6d:13:b1:c8:63:16:
                    b0:2f:58:f7:31:a2:58:6b:47:a3:c6:85:86:76:c7:
                    9f:22:85:c0:e2:ec:2a:cf:ad:9e:90:82:d5:5e:7c:
                    15:c9:09:ff:b4:29:f3:ba:ac:3f:51:41:14:0b:c2:
                    18:bb:8d:4b:90:5e:fe:03:a6:78:c1:28:22:25:a5:
                    18:26:6c:d7:45:44:ac:0d:01:b6:50:bc:4e:d4:55:
                    5c:5f:d7:43:3a:10:ef:d0:7b:54:af:49:d2:7b:f1:
                    dd:05:19:82:33:77:29:3f:fd:cd:d1:11:a3:78:ed:
                    48:ca:4d:80:54:92:51:f5:db:c1:a7:7d:5c:68:2c:
                    72:53:57:44:c0:2b:ce:38:09:ba:3e:4c:c7:06:1b:
                    0c:89:df:f4:52:b1:db:d4:8f:ea:9f:c2:e3:48:de:
                    c7:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:06:76:97:1E:49:92:64:61:2E:32:DA:8F:C8:D5:98:0C:0D:96:D5
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143452.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a322::/32

    Signature Algorithm: sha256WithRSAEncryption
         23:8f:c4:51:42:f6:a5:77:ac:75:4f:db:d4:7c:12:14:9c:37:
         d3:55:b6:8b:a6:34:75:74:d3:a0:3e:65:03:dd:5e:38:3a:d5:
         37:fe:28:69:61:27:f2:55:a4:36:47:c1:37:8c:61:b1:57:38:
         a8:54:7c:f5:e4:01:c2:bc:46:a5:44:e4:ce:f3:79:a8:4e:2b:
         99:ec:68:a3:33:15:61:26:43:46:1c:20:97:58:51:01:47:3b:
         68:1d:34:8c:17:92:22:79:5b:f8:8d:c7:2d:54:2b:6b:2f:e3:
         1c:10:5d:87:eb:3a:a1:94:87:82:2f:4f:2d:6c:72:46:43:ea:
         aa:1b:d6:a2:70:46:20:40:b0:be:31:60:e1:ec:07:30:8a:ec:
         ac:e8:8f:3c:94:42:70:f3:94:04:49:19:ed:26:46:37:ff:fb:
         19:4c:c6:5b:9e:49:c9:c4:6d:25:82:3e:2d:b9:d1:60:39:07:
         a6:58:59:d3:2f:75:f7:3e:18:6d:5a:b0:a9:35:56:08:e8:62:
         75:f5:0b:2c:c9:82:42:ba:5b:9c:ca:4e:f7:9d:81:48:73:ed:
         78:4c:07:2f:6d:e4:e7:ce:e3:30:60:dc:8d:4a:37:5f:50:6d:
         ee:a3:e6:d9:10:f2:6c:e6:1a:94:6a:db:61:96:5c:d5:b7:f7:
         93:b8:af:48
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUOVQNwYILaTKB18qGxvqHoiL2L5kwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDI1MFoX
DTI3MDMwMzA2MDc1MFowMzExMC8GA1UEAxMoODYwNjc2OTcxRTQ5OTI2NDYxMkUz
MkRBOEZDOEQ1OTgwQzBEOTZENTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKG6ACgiEMvswnarYsE/c4o9kraNcpR3z4XB22B+osFbnxHPZ94ljdXq7XBu
deshRdoCouske51lsfUAPDEp1KPyhnGu2WOxfrsLYhXk2CKEy+mRC3I5toVm2kIb
Ltf41JNLbROxyGMWsC9Y9zGiWGtHo8aFhnbHnyKFwOLsKs+tnpCC1V58FckJ/7Qp
87qsP1FBFAvCGLuNS5Be/gOmeMEoIiWlGCZs10VErA0BtlC8TtRVXF/XQzoQ79B7
VK9J0nvx3QUZgjN3KT/9zdERo3jtSMpNgFSSUfXbwad9XGgsclNXRMArzjgJuj5M
xwYbDInf9FKx29SP6p/C40jex/UCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBSGBnaX
HkmSZGEuMtqPyNWYDA2W1TAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MzQ1Mi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
oyIwDQYJKoZIhvcNAQELBQADggEBACOPxFFC9qV3rHVP29R8EhScN9NVtoumNHV0
06A+ZQPdXjg61Tf+KGlhJ/JVpDZHwTeMYbFXOKhUfPXkAcK8RqVE5M7zeahOK5ns
aKMzFWEmQ0YcIJdYUQFHO2gdNIwXkiJ5W/iNxy1UK2sv4xwQXYfrOqGUh4IvTy1s
ckZD6qob1qJwRiBAsL4xYOHsBzCK7KzojzyUQnDzlARJGe0mRjf/+xlMxlueScnE
bSWCPi250WA5B6ZYWdMvdfc+GG1asKk1VgjoYnX1CyzJgkK6W5zKTvedgUhz7XhM
By9t5OfO4zBg3I1KN19Qbe6j5tkQ8mzmGpRq22GWXNW395O4r0g=
-----END CERTIFICATE-----