Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143480.roa
File:                     AS143480.roa (raw, json)
Hash identifier:          Tan2RfCFNvNvv67GFDNto7CZKPskyTRKUyiEqeO6++w=
Subject key identifier:   96:49:8B:A6:2D:70:54:26:6F:F2:62:5B:CE:C5:3A:20:DE:88:98:6B
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       20B05E1F1DA3A54AA08580B073CCE1B5B6654881
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143480.roa
Signing time:             Wed 04 Mar 2026 06:05:13 +0000
ROA not before:           Wed 04 Mar 2026 06:00:13 +0000
ROA not after:            Wed 03 Mar 2027 06:05:13 +0000
asID:                     143480
IP address blocks:        240a:a33e::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:b0:5e:1f:1d:a3:a5:4a:a0:85:80:b0:73:cc:e1:b5:b6:65:48:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:00:13 2026 GMT
            Not After : Mar  3 06:05:13 2027 GMT
        Subject: CN=96498BA62D7054266FF2625BCEC53A20DE88986B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:06:30:13:ed:bf:9f:8c:4a:ff:01:05:01:5c:
                    59:b1:25:c8:be:6e:7f:7d:94:98:b9:85:42:3e:d0:
                    36:27:4f:d6:c6:0e:6a:a6:e1:3a:e7:9a:93:56:a3:
                    09:20:37:47:b1:29:e1:93:42:f8:ff:52:b3:6d:a1:
                    80:df:e0:88:68:d6:34:22:ff:1b:46:26:66:35:4d:
                    2b:39:40:cc:18:64:a7:78:ff:15:4e:6f:30:91:ce:
                    76:c5:27:66:ce:c0:4a:5a:43:cf:5e:2f:a5:78:b3:
                    70:2b:62:20:17:ed:04:be:ce:52:c5:05:9d:35:cb:
                    2a:98:c1:a5:c3:df:4c:68:0b:f7:19:29:be:75:05:
                    c8:79:35:ec:02:a0:31:37:7f:a6:68:20:bf:73:4a:
                    f5:35:6d:0b:0e:b5:ff:95:8c:01:59:0a:5e:10:d3:
                    90:81:cd:bd:45:aa:6b:9c:d5:34:2a:27:e2:4a:69:
                    21:61:b4:1e:e1:45:4d:3f:7b:2f:04:55:ae:9d:ba:
                    2e:9c:fd:0e:2d:4a:28:82:d6:f2:48:1e:cd:1c:df:
                    48:c7:4e:3e:85:bb:ed:ac:d5:b8:e5:90:22:35:75:
                    89:2f:c1:33:24:15:c4:c6:8f:5f:c2:3a:71:86:16:
                    ac:0c:f3:69:75:36:18:79:f9:93:d7:53:b9:5c:c1:
                    17:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:49:8B:A6:2D:70:54:26:6F:F2:62:5B:CE:C5:3A:20:DE:88:98:6B
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143480.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a33e::/32

    Signature Algorithm: sha256WithRSAEncryption
         10:a5:82:a4:1d:68:e3:83:a2:8d:e9:e7:47:3a:49:96:85:a2:
         e7:ae:32:0f:19:0d:db:c3:d1:45:8f:d6:c1:6d:8e:4b:f0:eb:
         88:e6:ca:bf:b5:8c:56:c2:75:f5:3e:cc:a6:03:2b:91:9b:d1:
         85:b4:bc:ce:b4:7e:37:61:b2:e7:72:8d:ab:e6:a6:5c:49:85:
         6e:00:35:e3:b8:13:e9:c8:90:a5:fd:7d:77:f3:55:f8:36:a6:
         6b:96:e5:19:3a:b1:84:5c:4b:a3:5b:3a:54:6e:1d:35:ad:e3:
         4a:0d:3f:b1:64:53:77:ab:2b:19:fc:66:c4:88:a8:da:67:a3:
         76:dc:4d:f6:0f:38:c9:3c:b5:03:1f:03:27:e1:a2:11:74:21:
         b0:bd:b6:d5:02:c3:50:c3:e3:68:40:d1:99:46:6c:6c:4a:85:
         1b:21:35:e8:da:96:55:57:1b:e3:e3:ac:c2:5f:f7:e2:9f:ec:
         d3:c9:91:81:c8:57:af:8f:45:dc:cc:47:2f:a7:bc:65:a2:68:
         59:4c:cb:d4:d9:a5:04:92:3d:e7:9b:87:55:28:5c:c5:60:04:
         5e:4b:39:07:b1:64:d9:a0:c3:b7:5e:2d:88:9d:68:cc:3c:69:
         2d:6b:dd:60:54:b5:8e:92:10:df:6c:bc:fc:73:d0:cd:9f:06:
         d4:88:0a:d1
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUILBeHx2jpUqghYCwc8zhtbZlSIEwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDAxM1oX
DTI3MDMwMzA2MDUxM1owMzExMC8GA1UEAxMoOTY0OThCQTYyRDcwNTQyNjZGRjI2
MjVCQ0VDNTNBMjBERTg4OTg2QjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALsGMBPtv5+MSv8BBQFcWbElyL5uf32UmLmFQj7QNidP1sYOaqbhOueak1aj
CSA3R7Ep4ZNC+P9Ss22hgN/giGjWNCL/G0YmZjVNKzlAzBhkp3j/FU5vMJHOdsUn
Zs7ASlpDz14vpXizcCtiIBftBL7OUsUFnTXLKpjBpcPfTGgL9xkpvnUFyHk17AKg
MTd/pmggv3NK9TVtCw61/5WMAVkKXhDTkIHNvUWqa5zVNCon4kppIWG0HuFFTT97
LwRVrp26Lpz9Di1KKILW8kgezRzfSMdOPoW77azVuOWQIjV1iS/BMyQVxMaPX8I6
cYYWrAzzaXU2GHn5k9dTuVzBF2kCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBSWSYum
LXBUJm/yYlvOxTog3oiYazAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MzQ4MC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
oz4wDQYJKoZIhvcNAQELBQADggEBABClgqQdaOODoo3p50c6SZaFoueuMg8ZDdvD
0UWP1sFtjkvw64jmyr+1jFbCdfU+zKYDK5Gb0YW0vM60fjdhsudyjavmplxJhW4A
NeO4E+nIkKX9fXfzVfg2pmuW5Rk6sYRcS6NbOlRuHTWt40oNP7FkU3erKxn8ZsSI
qNpno3bcTfYPOMk8tQMfAyfhohF0IbC9ttUCw1DD42hA0ZlGbGxKhRshNejallVX
G+PjrMJf9+Kf7NPJkYHIV6+PRdzMRy+nvGWiaFlMy9TZpQSSPeebh1UoXMVgBF5L
OQexZNmgw7deLYidaMw8aS1r3WBUtY6SEN9svPxz0M2fBtSICtE=
-----END CERTIFICATE-----