Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143472.roa
File:                     AS143472.roa (raw, json)
Hash identifier:          NogZRWuS0+4XTmqaNkmxEYcPqkGtLNJcXqaDKBVxJoM=
Subject key identifier:   5E:61:97:13:A5:EC:FD:BB:BD:1C:40:58:77:42:5F:BA:DF:8D:EC:4A
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       277B0679D399ACBC689B80E8090F645DAEA154A2
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143472.roa
Signing time:             Wed 04 Mar 2026 06:07:56 +0000
ROA not before:           Wed 04 Mar 2026 06:02:56 +0000
ROA not after:            Wed 03 Mar 2027 06:07:56 +0000
asID:                     143472
IP address blocks:        240a:a336::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            27:7b:06:79:d3:99:ac:bc:68:9b:80:e8:09:0f:64:5d:ae:a1:54:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:02:56 2026 GMT
            Not After : Mar  3 06:07:56 2027 GMT
        Subject: CN=5E619713A5ECFDBBBD1C405877425FBADF8DEC4A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:4b:1b:f2:fb:3f:c1:0c:98:37:a8:19:9e:36:
                    6d:a2:b7:31:c3:05:be:83:54:5f:57:61:1f:5b:ef:
                    d7:fa:4b:f6:5e:2f:67:a7:ad:1b:74:07:f7:d4:c2:
                    e2:31:71:f2:ae:6b:5e:29:a1:87:7a:09:93:8d:63:
                    2e:53:0b:b0:70:a5:ae:c5:2d:01:cd:ed:2f:77:51:
                    85:e8:a3:28:9c:8a:8b:cb:19:d3:9d:c7:78:31:c4:
                    5a:2c:62:96:b9:0d:b7:a8:6b:88:66:0f:83:ff:89:
                    20:07:d5:37:c8:c5:98:09:25:23:19:55:e5:3c:04:
                    a5:aa:6e:e3:2e:85:7b:c4:26:66:9f:f4:0c:24:fd:
                    96:e3:e4:d1:27:a3:53:e2:df:12:d3:97:30:78:82:
                    37:64:7a:3d:d5:35:9a:0d:42:96:e8:96:c9:a4:a7:
                    f5:e6:b2:1d:a5:af:ef:85:02:60:5c:cb:c1:7b:c5:
                    c3:60:d7:12:78:bf:ad:f9:b4:2c:42:3e:ed:81:1e:
                    55:30:5e:c2:4d:42:05:85:e1:6e:8a:0f:d6:bd:ec:
                    53:54:1f:cc:35:15:57:70:7b:c8:4d:ef:6c:8c:79:
                    e5:fd:ff:4f:3f:b4:df:d9:f2:d7:35:fb:11:3c:00:
                    6f:1f:d3:e8:57:2c:cf:e8:29:52:3a:21:cd:ec:48:
                    99:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:61:97:13:A5:EC:FD:BB:BD:1C:40:58:77:42:5F:BA:DF:8D:EC:4A
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143472.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a336::/32

    Signature Algorithm: sha256WithRSAEncryption
         bd:c2:98:a1:78:32:a8:b9:cd:37:c6:8f:2e:5a:ac:c8:fb:57:
         c5:cc:17:43:02:43:fe:58:bc:2a:c9:90:2d:6f:e7:d6:75:26:
         33:90:17:78:47:c5:52:67:67:e4:5b:85:f9:6b:c1:fd:d3:99:
         04:e5:61:93:0a:e7:87:a9:cf:69:6b:49:b0:6e:25:c1:6a:ff:
         7b:ac:1a:94:d1:b5:60:12:36:7f:0b:a0:23:dc:92:84:c2:2f:
         f4:a8:ea:79:2c:34:f7:ac:74:49:7c:e4:de:a9:e6:7d:82:9c:
         60:93:82:1a:06:85:71:a7:b8:42:b4:ff:d0:cb:71:57:4e:d9:
         1c:a7:9e:ba:18:f5:fb:26:e0:53:68:5a:75:d8:0f:b1:05:16:
         0a:e6:f7:63:6c:2a:86:92:71:ba:b5:90:71:01:7e:24:fd:3a:
         d6:72:5c:35:37:d7:70:a1:5e:94:bc:27:54:50:a7:2d:be:bf:
         67:48:75:df:91:82:4b:39:c1:e7:6e:24:c5:49:5a:23:b7:cf:
         e4:8e:b8:87:0e:2a:ff:ff:6b:b4:57:3c:b9:45:16:22:f2:82:
         ff:8c:cb:e9:17:9a:c0:52:fe:9c:cd:7f:a3:3c:47:c0:44:01:
         b7:4e:25:c8:c2:b4:a5:45:ae:4c:cf:3e:3e:a4:4d:8f:15:aa:
         01:00:7a:89
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUJ3sGedOZrLxom4DoCQ9kXa6hVKIwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDI1NloX
DTI3MDMwMzA2MDc1NlowMzExMC8GA1UEAxMoNUU2MTk3MTNBNUVDRkRCQkJEMUM0
MDU4Nzc0MjVGQkFERjhERUM0QTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAI5LG/L7P8EMmDeoGZ42baK3McMFvoNUX1dhH1vv1/pL9l4vZ6etG3QH99TC
4jFx8q5rXimhh3oJk41jLlMLsHClrsUtAc3tL3dRheijKJyKi8sZ053HeDHEWixi
lrkNt6hriGYPg/+JIAfVN8jFmAklIxlV5TwEpapu4y6Fe8QmZp/0DCT9luPk0Sej
U+LfEtOXMHiCN2R6PdU1mg1CluiWyaSn9eayHaWv74UCYFzLwXvFw2DXEni/rfm0
LEI+7YEeVTBewk1CBYXhbooP1r3sU1QfzDUVV3B7yE3vbIx55f3/Tz+039ny1zX7
ETwAbx/T6Fcsz+gpUjohzexImQcCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBReYZcT
pez9u70cQFh3Ql+6343sSjAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MzQ3Mi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
ozYwDQYJKoZIhvcNAQELBQADggEBAL3CmKF4Mqi5zTfGjy5arMj7V8XMF0MCQ/5Y
vCrJkC1v59Z1JjOQF3hHxVJnZ+Rbhflrwf3TmQTlYZMK54epz2lrSbBuJcFq/3us
GpTRtWASNn8LoCPckoTCL/So6nksNPesdEl85N6p5n2CnGCTghoGhXGnuEK0/9DL
cVdO2RynnroY9fsm4FNoWnXYD7EFFgrm92NsKoaScbq1kHEBfiT9OtZyXDU313Ch
XpS8J1RQpy2+v2dIdd+Rgks5weduJMVJWiO3z+SOuIcOKv//a7RXPLlFFiLygv+M
y+kXmsBS/pzNf6M8R8BEAbdOJcjCtKVFrkzPPj6kTY8VqgEAeok=
-----END CERTIFICATE-----