Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143492.roa
File:                     AS143492.roa (raw, json)
Hash identifier:          Fvx3vrVo4K/rDi8Rs5O0IOCSEdys1Cshr1FJNGXi0Gk=
Subject key identifier:   6D:0D:BE:9B:EC:4F:9D:96:CD:71:15:BD:EB:F1:2F:56:D4:35:CD:7A
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       13B44270123A5D2A76200AA7AF6E2352F28B2AE2
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143492.roa
Signing time:             Wed 04 Mar 2026 06:06:43 +0000
ROA not before:           Wed 04 Mar 2026 06:01:43 +0000
ROA not after:            Wed 03 Mar 2027 06:06:43 +0000
asID:                     143492
IP address blocks:        240a:a34a::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:b4:42:70:12:3a:5d:2a:76:20:0a:a7:af:6e:23:52:f2:8b:2a:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:01:43 2026 GMT
            Not After : Mar  3 06:06:43 2027 GMT
        Subject: CN=6D0DBE9BEC4F9D96CD7115BDEBF12F56D435CD7A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:55:fd:1c:87:4e:31:45:88:6d:ff:3c:8f:15:
                    27:ed:d0:bc:62:05:9b:42:63:b0:e5:64:7e:11:e4:
                    c8:c2:5c:c7:70:d0:13:87:79:73:7b:71:e9:7d:02:
                    61:fa:4b:07:ed:c0:88:de:f8:21:a5:14:41:89:27:
                    6c:af:90:96:59:17:46:b1:07:1e:d3:75:09:27:ba:
                    ec:c4:5a:fb:d4:fc:eb:93:f0:9d:26:ba:8b:6b:a4:
                    1e:9c:d9:6e:21:b2:de:c1:8b:2a:c0:b2:93:78:0e:
                    f7:2f:2b:11:4c:98:fe:80:30:32:e9:21:cf:b8:dc:
                    99:15:c8:1f:26:c6:ee:1f:d4:68:71:d3:64:d2:10:
                    31:59:42:78:35:63:c5:69:b4:82:79:26:bf:a7:a8:
                    21:0a:cd:e2:69:48:e9:a7:41:b8:df:4a:20:4a:b8:
                    97:c8:94:82:fd:64:84:fe:b9:02:87:2c:65:3e:41:
                    08:32:8f:21:e8:c0:20:80:be:f4:86:11:6a:50:cb:
                    a3:3f:b2:ee:3c:bd:38:f2:5d:c2:1a:e2:99:17:92:
                    b3:36:f9:05:a1:da:26:b5:dc:45:80:03:c8:62:d3:
                    ea:16:5e:f3:6b:af:d0:a3:6a:84:16:e3:f5:ff:3f:
                    68:92:43:b7:4d:72:68:ef:a9:de:c6:86:ba:84:2a:
                    31:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:0D:BE:9B:EC:4F:9D:96:CD:71:15:BD:EB:F1:2F:56:D4:35:CD:7A
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143492.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a34a::/32

    Signature Algorithm: sha256WithRSAEncryption
         4c:28:18:65:4c:5d:22:07:ce:fa:2d:ff:93:d9:08:d1:ca:e7:
         4f:5f:f4:b3:4d:bc:34:d8:ed:97:db:8c:b0:cd:e2:99:32:79:
         80:04:17:7a:70:f1:e1:08:48:5d:c0:6f:03:ca:46:61:9b:35:
         8e:92:f0:db:b9:65:d1:b9:0c:d5:d0:dc:d3:f0:41:19:a7:4c:
         d2:be:ed:43:9d:6f:0f:18:d1:e1:18:db:2d:c6:11:4e:d0:c1:
         d1:3d:62:89:f0:74:e1:8f:bb:fa:29:f0:5d:0c:32:10:10:7e:
         2f:08:c3:57:b6:1b:9d:46:29:b7:22:cb:ec:7c:15:0a:64:e6:
         3e:ea:f7:3a:e0:6d:07:cc:b1:2a:6d:8a:67:72:7e:d9:53:69:
         1c:c5:84:c6:17:8a:58:70:d6:b4:49:17:31:2f:98:f7:00:12:
         df:87:b5:a8:42:e0:bc:0e:93:e9:2d:9a:ec:c8:17:70:ce:91:
         cf:b8:37:f6:d3:c9:f3:89:18:16:70:d5:bc:d6:39:89:da:48:
         dc:7a:15:a5:bb:13:9c:56:1e:b9:b6:c0:90:cc:5d:b0:4b:1f:
         51:9d:97:38:e1:6e:98:b2:3f:41:84:fb:de:46:16:b8:79:50:
         1d:46:3f:fa:2f:f9:0b:8e:70:41:64:2f:2b:c4:e5:64:89:e5:
         8a:7f:73:78
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUE7RCcBI6XSp2IAqnr24jUvKLKuIwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDE0M1oX
DTI3MDMwMzA2MDY0M1owMzExMC8GA1UEAxMoNkQwREJFOUJFQzRGOUQ5NkNENzEx
NUJERUJGMTJGNTZENDM1Q0Q3QTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKpV/RyHTjFFiG3/PI8VJ+3QvGIFm0JjsOVkfhHkyMJcx3DQE4d5c3tx6X0C
YfpLB+3AiN74IaUUQYknbK+QllkXRrEHHtN1CSe67MRa+9T865PwnSa6i2ukHpzZ
biGy3sGLKsCyk3gO9y8rEUyY/oAwMukhz7jcmRXIHybG7h/UaHHTZNIQMVlCeDVj
xWm0gnkmv6eoIQrN4mlI6adBuN9KIEq4l8iUgv1khP65AocsZT5BCDKPIejAIIC+
9IYRalDLoz+y7jy9OPJdwhrimReSszb5BaHaJrXcRYADyGLT6hZe82uv0KNqhBbj
9f8/aJJDt01yaO+p3saGuoQqMU8CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBRtDb6b
7E+dls1xFb3r8S9W1DXNejAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MzQ5Mi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
o0owDQYJKoZIhvcNAQELBQADggEBAEwoGGVMXSIHzvot/5PZCNHK509f9LNNvDTY
7ZfbjLDN4pkyeYAEF3pw8eEISF3AbwPKRmGbNY6S8Nu5ZdG5DNXQ3NPwQRmnTNK+
7UOdbw8Y0eEY2y3GEU7QwdE9YonwdOGPu/op8F0MMhAQfi8Iw1e2G51GKbciy+x8
FQpk5j7q9zrgbQfMsSptimdyftlTaRzFhMYXilhw1rRJFzEvmPcAEt+HtahC4LwO
k+ktmuzIF3DOkc+4N/bTyfOJGBZw1bzWOYnaSNx6FaW7E5xWHrm2wJDMXbBLH1Gd
lzjhbpiyP0GE+95GFrh5UB1GP/ov+QuOcEFkLyvE5WSJ5Yp/c3g=
-----END CERTIFICATE-----