Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143475.roa
File:                     AS143475.roa (raw, json)
Hash identifier:          MEor3MhiW2K/UrA0a9kNCLypoDUBsxjRwgknJjokfqI=
Subject key identifier:   A1:8A:51:10:E2:6E:78:0B:F5:BB:E1:56:6F:09:24:0A:49:9E:62:91
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       2136F1349B0A6AE14612558E64DCC4A32A426805
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143475.roa
Signing time:             Wed 04 Mar 2026 06:05:48 +0000
ROA not before:           Wed 04 Mar 2026 06:00:48 +0000
ROA not after:            Wed 03 Mar 2027 06:05:48 +0000
asID:                     143475
IP address blocks:        240a:a339::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:36:f1:34:9b:0a:6a:e1:46:12:55:8e:64:dc:c4:a3:2a:42:68:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:00:48 2026 GMT
            Not After : Mar  3 06:05:48 2027 GMT
        Subject: CN=A18A5110E26E780BF5BBE1566F09240A499E6291
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:d1:75:da:c9:89:62:fd:fd:30:16:c4:44:ff:
                    aa:36:94:92:09:ba:f6:0f:67:00:ee:d1:65:5d:ba:
                    7e:56:7c:cf:a3:c0:39:bf:94:30:26:79:f7:2d:10:
                    08:88:9a:f1:24:73:88:db:4e:91:6a:5b:79:76:f3:
                    ae:8a:5c:7c:ec:cc:59:23:59:ec:f2:73:79:d0:80:
                    77:31:60:37:5e:13:e1:87:bd:82:73:e6:5a:91:5f:
                    dd:50:f3:19:0f:bd:87:98:02:00:dd:93:20:89:de:
                    e5:e6:61:f8:4c:97:e8:e7:d3:15:bd:c5:01:ee:ab:
                    45:c1:8d:85:e7:62:74:23:fd:03:5c:52:47:03:0d:
                    d1:d2:e7:c3:c6:28:54:12:34:50:52:95:a7:58:1b:
                    82:13:39:52:e5:1a:87:df:3b:97:c0:8c:76:47:5e:
                    af:f2:d3:86:bb:40:ec:6f:ea:36:6c:83:50:03:6f:
                    f8:3d:43:61:86:d8:66:ef:52:79:4c:5a:41:59:a7:
                    d5:cf:1f:3c:08:e1:ab:9f:49:83:a5:ea:68:80:85:
                    3d:09:0e:9b:ae:c9:df:34:7a:ae:f1:fc:0b:48:0f:
                    0c:e1:3f:a5:87:5a:ec:20:6f:b4:4f:8f:9e:b6:c1:
                    56:36:18:12:12:a8:68:ba:d5:98:b9:3b:a5:d6:1f:
                    ec:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:8A:51:10:E2:6E:78:0B:F5:BB:E1:56:6F:09:24:0A:49:9E:62:91
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143475.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a339::/32

    Signature Algorithm: sha256WithRSAEncryption
         cd:07:e1:f9:9a:e9:f6:07:7d:1e:38:30:b3:4d:f3:71:a7:c8:
         63:39:71:c8:ef:de:1f:bf:ec:0c:44:a2:0e:57:5e:86:dc:d0:
         47:40:b1:98:16:e0:18:0c:93:e9:92:21:f8:9b:01:5c:15:55:
         0c:df:d2:b8:85:b6:63:d7:ed:fe:4e:43:1c:2f:de:5d:b3:e9:
         ab:b4:3b:95:83:e9:16:8d:9e:87:b8:11:36:fc:44:ae:82:b0:
         c5:35:36:8e:92:16:0f:9b:81:bc:21:90:5b:dd:57:ef:3e:a6:
         79:43:7f:91:6e:c8:28:b5:1e:4a:6b:a2:84:2f:e5:f0:35:89:
         9f:d3:f9:04:ff:31:07:0d:b1:1b:a0:63:81:43:b2:74:2e:46:
         fc:37:c0:ce:67:04:fb:9d:2d:a9:47:cd:bc:f0:2f:5a:25:f8:
         4f:63:ec:11:5a:24:9d:98:19:52:40:6d:72:1c:84:36:ac:fe:
         d0:12:34:d7:c4:f2:01:2a:04:64:24:d4:8b:65:c1:f5:d4:17:
         1d:f5:b6:3c:57:cb:94:03:64:3b:bf:de:71:3c:75:3c:c2:4d:
         0e:82:65:b7:92:93:5b:bf:2f:b6:46:b4:3c:f4:7a:f8:38:33:
         6d:73:bb:44:c2:43:06:7f:7e:01:c3:b1:24:be:c5:1e:8b:56:
         c0:b8:d9:2b
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUITbxNJsKauFGElWOZNzEoypCaAUwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDA0OFoX
DTI3MDMwMzA2MDU0OFowMzExMC8GA1UEAxMoQTE4QTUxMTBFMjZFNzgwQkY1QkJF
MTU2NkYwOTI0MEE0OTlFNjI5MTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAODRddrJiWL9/TAWxET/qjaUkgm69g9nAO7RZV26flZ8z6PAOb+UMCZ59y0Q
CIia8SRziNtOkWpbeXbzropcfOzMWSNZ7PJzedCAdzFgN14T4Ye9gnPmWpFf3VDz
GQ+9h5gCAN2TIIne5eZh+EyX6OfTFb3FAe6rRcGNhedidCP9A1xSRwMN0dLnw8Yo
VBI0UFKVp1gbghM5UuUah987l8CMdkder/LThrtA7G/qNmyDUANv+D1DYYbYZu9S
eUxaQVmn1c8fPAjhq59Jg6XqaICFPQkOm67J3zR6rvH8C0gPDOE/pYda7CBvtE+P
nrbBVjYYEhKoaLrVmLk7pdYf7MsCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBShilEQ
4m54C/W74VZvCSQKSZ5ikTAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MzQ3NS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
ozkwDQYJKoZIhvcNAQELBQADggEBAM0H4fma6fYHfR44MLNN83GnyGM5ccjv3h+/
7AxEog5XXobc0EdAsZgW4BgMk+mSIfibAVwVVQzf0riFtmPX7f5OQxwv3l2z6au0
O5WD6RaNnoe4ETb8RK6CsMU1No6SFg+bgbwhkFvdV+8+pnlDf5FuyCi1HkprooQv
5fA1iZ/T+QT/MQcNsRugY4FDsnQuRvw3wM5nBPudLalHzbzwL1ol+E9j7BFaJJ2Y
GVJAbXIchDas/tASNNfE8gEqBGQk1ItlwfXUFx31tjxXy5QDZDu/3nE8dTzCTQ6C
ZbeSk1u/L7ZGtDz0evg4M21zu0TCQwZ/fgHDsSS+xR6LVsC42Ss=
-----END CERTIFICATE-----