Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143495.roa
File:                     AS143495.roa (raw, json)
Hash identifier:          3fph0HwugBrAEE2TxJuo7DCZ8ZxSswyc89boFb7UDbA=
Subject key identifier:   45:FF:AC:C4:78:5B:6E:1E:D3:EA:6E:5B:8D:7F:9E:D2:71:7A:26:90
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       039464AD7073629ECA2791FDDC20F95F949B8845
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143495.roa
Signing time:             Wed 04 Mar 2026 06:06:07 +0000
ROA not before:           Wed 04 Mar 2026 06:01:07 +0000
ROA not after:            Wed 03 Mar 2027 06:06:07 +0000
asID:                     143495
IP address blocks:        240a:a34d::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:94:64:ad:70:73:62:9e:ca:27:91:fd:dc:20:f9:5f:94:9b:88:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:01:07 2026 GMT
            Not After : Mar  3 06:06:07 2027 GMT
        Subject: CN=45FFACC4785B6E1ED3EA6E5B8D7F9ED2717A2690
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:59:6f:81:4a:b1:44:d2:d4:4e:1b:8d:d8:d5:
                    21:53:64:4d:18:fc:62:43:01:a4:31:0b:87:0e:af:
                    da:ab:de:1b:6c:9e:29:dd:6d:13:39:30:a8:3d:b1:
                    a2:1d:3c:c0:ad:aa:d8:53:86:95:cf:2a:97:ba:c7:
                    a8:c5:5f:99:91:2b:d6:b5:7e:2b:ca:6a:9c:1b:11:
                    09:93:15:f9:82:ac:7b:48:c3:35:42:b5:0d:f6:f0:
                    7b:42:d1:b6:d5:03:22:b5:3a:b8:76:09:58:70:93:
                    a7:28:21:bc:43:7d:61:1a:d0:ef:51:c0:0e:ce:26:
                    dd:f1:09:4d:1d:70:0a:56:5e:89:5e:49:27:e8:10:
                    0e:69:58:8a:fd:68:ef:be:45:94:c8:32:b6:ff:dd:
                    da:9a:b6:db:96:5c:9a:5d:e7:44:20:74:b5:cc:45:
                    52:41:e1:37:89:b8:e4:ef:d4:9c:21:2b:05:e8:51:
                    c6:6b:bc:a5:fe:64:f2:ad:c1:35:0c:c9:f9:63:ae:
                    a0:8e:18:3a:3f:46:bb:9e:38:04:b8:43:ca:de:be:
                    85:86:f1:6e:03:24:e1:5d:5c:41:82:b2:bc:8e:5c:
                    96:88:95:73:87:31:4d:23:ac:71:96:7a:ca:21:ac:
                    70:aa:7c:23:1d:24:4f:e3:f6:27:97:68:9f:fe:59:
                    bb:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:FF:AC:C4:78:5B:6E:1E:D3:EA:6E:5B:8D:7F:9E:D2:71:7A:26:90
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143495.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a34d::/32

    Signature Algorithm: sha256WithRSAEncryption
         89:58:9c:ba:b4:b7:33:51:74:ce:7a:9b:fe:25:fe:92:87:87:
         3e:a1:fb:b2:0b:d7:0a:a7:c5:60:64:93:bb:3e:ba:3a:3a:ed:
         63:77:6e:ed:8b:2c:4a:4a:8d:34:80:95:e1:7d:c4:0b:8a:a5:
         54:90:8b:0c:20:21:41:ca:b7:e4:c1:73:05:b0:59:81:e8:4b:
         b1:70:b1:d2:4f:d5:d8:2e:6e:0f:cd:9b:bc:c3:10:0f:03:b3:
         c8:fe:52:65:8c:44:60:b1:25:10:31:95:5a:ee:7a:8b:e9:ec:
         38:4b:16:73:b8:c3:64:4d:d0:2d:34:61:de:3e:27:02:65:3d:
         b0:1f:c5:41:8c:c6:87:11:1f:2a:6d:65:b6:fc:7b:44:23:ff:
         7d:d2:7a:4a:1e:4c:dc:d7:4e:d7:06:ce:00:d8:76:ed:dc:af:
         ed:4a:c6:a9:93:5c:5a:3a:b5:db:36:8d:b2:6b:d0:95:84:79:
         7c:1e:ac:58:08:8b:e1:28:09:d8:f4:46:27:47:7c:da:10:7f:
         29:b2:13:38:a8:90:fc:d4:97:12:8d:1e:22:74:b8:0e:ab:81:
         1b:f8:7d:10:93:0e:d9:5a:32:6c:68:2f:cb:f4:03:7c:2f:3c:
         10:d9:99:46:74:af:d8:18:13:85:29:92:59:b0:dc:84:c2:13:
         c4:db:bf:2c
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUA5RkrXBzYp7KJ5H93CD5X5SbiEUwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDEwN1oX
DTI3MDMwMzA2MDYwN1owMzExMC8GA1UEAxMoNDVGRkFDQzQ3ODVCNkUxRUQzRUE2
RTVCOEQ3RjlFRDI3MTdBMjY5MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALRZb4FKsUTS1E4bjdjVIVNkTRj8YkMBpDELhw6v2qveG2yeKd1tEzkwqD2x
oh08wK2q2FOGlc8ql7rHqMVfmZEr1rV+K8pqnBsRCZMV+YKse0jDNUK1Dfbwe0LR
ttUDIrU6uHYJWHCTpyghvEN9YRrQ71HADs4m3fEJTR1wClZeiV5JJ+gQDmlYiv1o
775FlMgytv/d2pq225Zcml3nRCB0tcxFUkHhN4m45O/UnCErBehRxmu8pf5k8q3B
NQzJ+WOuoI4YOj9Gu544BLhDyt6+hYbxbgMk4V1cQYKyvI5cloiVc4cxTSOscZZ6
yiGscKp8Ix0kT+P2J5don/5Zu7UCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBRF/6zE
eFtuHtPqbluNf57ScXomkDAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MzQ5NS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
o00wDQYJKoZIhvcNAQELBQADggEBAIlYnLq0tzNRdM56m/4l/pKHhz6h+7IL1wqn
xWBkk7s+ujo67WN3bu2LLEpKjTSAleF9xAuKpVSQiwwgIUHKt+TBcwWwWYHoS7Fw
sdJP1dgubg/Nm7zDEA8Ds8j+UmWMRGCxJRAxlVrueovp7DhLFnO4w2RN0C00Yd4+
JwJlPbAfxUGMxocRHyptZbb8e0Qj/33SekoeTNzXTtcGzgDYdu3cr+1KxqmTXFo6
tds2jbJr0JWEeXwerFgIi+EoCdj0RidHfNoQfymyEziokPzUlxKNHiJ0uA6rgRv4
fRCTDtlaMmxoL8v0A3wvPBDZmUZ0r9gYE4Upklmw3ITCE8Tbvyw=
-----END CERTIFICATE-----