Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143466.roa
File:                     AS143466.roa (raw, json)
Hash identifier:          VruZm49ILi+InTwPQ23Zif8JSLKT5DeLePRf24/9JDI=
Subject key identifier:   57:3E:B9:8C:12:8D:18:CF:31:87:6A:DE:94:3A:00:27:12:94:77:D7
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       4C2228EFEFF6A4EBF263CB866AAFCE31D6AAD832
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143466.roa
Signing time:             Wed 04 Mar 2026 06:05:37 +0000
ROA not before:           Wed 04 Mar 2026 06:00:37 +0000
ROA not after:            Wed 03 Mar 2027 06:05:37 +0000
asID:                     143466
IP address blocks:        240a:a330::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4c:22:28:ef:ef:f6:a4:eb:f2:63:cb:86:6a:af:ce:31:d6:aa:d8:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:00:37 2026 GMT
            Not After : Mar  3 06:05:37 2027 GMT
        Subject: CN=573EB98C128D18CF31876ADE943A0027129477D7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:4f:b0:d2:92:1e:b1:3b:e3:bf:35:87:94:c7:
                    3f:ab:63:e3:78:74:71:a0:4c:87:3d:7a:a8:71:54:
                    86:b0:7a:41:02:16:ac:ee:6e:bd:98:0d:ce:46:ab:
                    71:36:ec:62:3c:33:cb:9d:ea:b7:9c:54:79:c7:5b:
                    c9:cf:04:c6:0a:2a:ad:a3:32:08:fa:53:9c:0c:2d:
                    c3:19:36:18:c6:40:cd:c5:92:4e:ab:20:9c:66:8e:
                    db:13:15:7d:bf:43:7f:91:76:19:19:52:7f:5b:0f:
                    07:38:44:a1:89:08:f3:f5:e7:1b:81:15:a7:4f:60:
                    77:43:c3:cd:96:86:22:02:79:44:db:04:c2:97:3e:
                    bd:47:74:ba:71:e2:cd:b0:48:c4:1c:82:b6:3f:a1:
                    50:3a:47:07:0c:73:eb:a9:8f:a2:c7:77:54:28:0b:
                    8c:eb:11:67:62:9d:8a:bf:dd:e7:01:87:26:42:9e:
                    f7:3e:c7:7f:d5:78:39:82:cb:7d:29:c2:25:d8:54:
                    e9:ac:25:66:2d:f3:d7:c5:32:6b:53:dd:e0:3b:15:
                    f9:8c:21:eb:3f:55:4d:0e:fb:16:f6:78:e5:8b:43:
                    9d:01:29:a2:5c:69:7f:72:c9:e3:9f:b1:54:82:63:
                    bb:93:fb:41:ae:03:33:02:8d:0d:1d:69:91:36:05:
                    df:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:3E:B9:8C:12:8D:18:CF:31:87:6A:DE:94:3A:00:27:12:94:77:D7
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143466.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a330::/32

    Signature Algorithm: sha256WithRSAEncryption
         a4:be:68:df:57:5d:4d:8a:93:99:1d:1b:3d:f6:25:77:5a:f8:
         09:8c:c5:c7:8b:f0:b9:d8:22:63:ba:d7:c9:b0:1e:27:2a:2c:
         1f:ae:31:87:3a:33:3a:95:e6:70:a5:24:a4:22:3d:56:c8:39:
         54:2d:7b:9d:97:62:32:5a:7a:48:cb:69:c8:61:2e:6c:36:5f:
         34:0a:d3:ed:f9:1d:da:46:13:ab:5c:82:bc:8d:87:af:7b:dc:
         2c:90:39:b0:99:9e:9f:b7:a1:94:96:a4:60:2b:18:3f:e1:28:
         9e:d4:4b:b5:c8:1d:37:5d:36:54:56:ae:78:2a:47:3d:20:3b:
         f1:c4:0d:d5:63:d0:d0:fe:0b:82:25:e2:33:0c:fe:67:39:48:
         59:e2:38:7a:93:6b:20:62:f6:c5:e6:58:e4:d4:d1:71:b7:ac:
         c8:ff:11:64:c5:2e:1c:29:1a:ef:35:ef:3b:93:61:1d:89:5c:
         82:5e:c4:57:56:cf:38:be:a8:46:a4:bf:0d:ab:86:b8:4b:6d:
         4d:fe:d1:5d:a5:57:f3:ca:39:71:90:43:7f:69:92:04:8f:00:
         5f:4b:40:75:23:e6:9b:34:7a:75:ee:f3:80:2c:66:ca:77:e5:
         3f:b3:5e:93:0a:8a:08:eb:6b:55:4a:21:43:3a:34:02:46:a3:
         b6:c3:44:90
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUTCIo7+/2pOvyY8uGaq/OMdaq2DIwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDAzN1oX
DTI3MDMwMzA2MDUzN1owMzExMC8GA1UEAxMoNTczRUI5OEMxMjhEMThDRjMxODc2
QURFOTQzQTAwMjcxMjk0NzdENzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAM9PsNKSHrE74781h5THP6tj43h0caBMhz16qHFUhrB6QQIWrO5uvZgNzkar
cTbsYjwzy53qt5xUecdbyc8ExgoqraMyCPpTnAwtwxk2GMZAzcWSTqsgnGaO2xMV
fb9Df5F2GRlSf1sPBzhEoYkI8/XnG4EVp09gd0PDzZaGIgJ5RNsEwpc+vUd0unHi
zbBIxByCtj+hUDpHBwxz66mPosd3VCgLjOsRZ2Kdir/d5wGHJkKe9z7Hf9V4OYLL
fSnCJdhU6awlZi3z18Uya1Pd4DsV+Ywh6z9VTQ77FvZ45YtDnQEpolxpf3LJ45+x
VIJju5P7Qa4DMwKNDR1pkTYF3wkCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBRXPrmM
Eo0YzzGHat6UOgAnEpR31zAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MzQ2Ni5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
ozAwDQYJKoZIhvcNAQELBQADggEBAKS+aN9XXU2Kk5kdGz32JXda+AmMxceL8LnY
ImO618mwHicqLB+uMYc6MzqV5nClJKQiPVbIOVQte52XYjJaekjLachhLmw2XzQK
0+35HdpGE6tcgryNh6973CyQObCZnp+3oZSWpGArGD/hKJ7US7XIHTddNlRWrngq
Rz0gO/HEDdVj0ND+C4Il4jMM/mc5SFniOHqTayBi9sXmWOTU0XG3rMj/EWTFLhwp
Gu817zuTYR2JXIJexFdWzzi+qEakvw2rhrhLbU3+0V2lV/PKOXGQQ39pkgSPAF9L
QHUj5ps0enXu84AsZsp35T+zXpMKigjra1VKIUM6NAJGo7bDRJA=
-----END CERTIFICATE-----