Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143502.roa
File:                     AS143502.roa (raw, json)
Hash identifier:          E8agEWUKTwNZpQeOE6WktSp3Xi1c28OTssifxKDQWKQ=
Subject key identifier:   F9:35:78:B6:B9:6E:82:E7:4C:87:B0:E5:15:3C:91:CA:FA:71:0F:EC
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       66BBA1DCFE7EC7B70FA7D4EC3BB28669C4827BC5
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143502.roa
Signing time:             Wed 04 Mar 2026 06:05:12 +0000
ROA not before:           Wed 04 Mar 2026 06:00:12 +0000
ROA not after:            Wed 03 Mar 2027 06:05:12 +0000
asID:                     143502
IP address blocks:        240a:a354::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            66:bb:a1:dc:fe:7e:c7:b7:0f:a7:d4:ec:3b:b2:86:69:c4:82:7b:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:00:12 2026 GMT
            Not After : Mar  3 06:05:12 2027 GMT
        Subject: CN=F93578B6B96E82E74C87B0E5153C91CAFA710FEC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:f5:3a:26:90:bc:07:b4:96:37:f1:2c:bf:8c:
                    19:02:1b:3c:de:ae:e5:79:5b:0d:d1:63:fa:09:ed:
                    68:9f:9d:1d:31:c9:46:7d:1a:e2:77:ac:12:8c:bf:
                    7f:d2:2f:1e:ba:c1:18:0c:d1:61:9a:9d:da:b5:3a:
                    4f:0e:58:23:05:58:d2:e4:22:5d:7b:d1:73:c2:ca:
                    04:41:d1:3f:dc:26:18:22:72:0e:0d:09:e9:e5:0d:
                    4a:10:43:83:c9:95:45:da:00:1b:d5:79:a4:74:c6:
                    6a:30:91:e6:31:ea:43:73:ba:74:a6:89:62:b7:1c:
                    24:b3:16:07:34:c5:31:f8:1a:8a:a2:db:0c:96:f8:
                    7c:88:4f:c5:d3:90:6d:a8:72:49:3b:bd:d3:27:bf:
                    03:f1:a7:56:e9:a5:4d:b1:2c:e1:bb:b1:0b:9c:a8:
                    c6:df:e6:81:c5:a6:35:0c:d9:97:d9:83:5c:d0:a6:
                    d3:c9:42:98:f9:d4:ee:3f:e5:1f:30:a4:c9:d3:2e:
                    a7:39:ab:9a:80:38:71:f3:90:82:9e:d0:0a:fb:ce:
                    8b:15:5c:57:57:ad:b1:7c:34:3b:a6:17:f4:a0:48:
                    cf:4d:a0:c4:12:e2:bf:85:b0:fd:79:7f:d3:a4:85:
                    2c:28:73:68:80:a2:aa:2b:e2:2b:6c:74:c5:24:5b:
                    11:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:35:78:B6:B9:6E:82:E7:4C:87:B0:E5:15:3C:91:CA:FA:71:0F:EC
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143502.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a354::/32

    Signature Algorithm: sha256WithRSAEncryption
         dc:a0:a0:5c:28:87:2d:a0:07:ec:ef:cb:e4:24:63:e7:8e:8d:
         ac:6b:67:06:db:ca:0b:20:ed:39:24:e4:09:6c:d0:3b:64:fd:
         b6:87:a9:74:4f:2e:3e:3d:39:3e:a4:e5:bb:58:d0:89:82:36:
         da:96:7e:23:43:6c:74:99:ae:81:82:ba:f4:d9:27:45:dd:b7:
         9b:62:53:4e:1e:4a:86:d9:70:36:94:02:0b:a3:95:b3:61:1a:
         9c:32:0b:9b:78:ff:e1:0b:27:11:98:f6:f8:13:80:98:77:3f:
         a4:3b:35:36:be:36:19:41:0a:33:cc:cf:80:ea:89:3e:a3:22:
         e7:cf:7b:2b:bc:fd:4f:d0:16:c6:31:7a:53:61:38:d9:f3:75:
         86:d7:49:d5:ba:02:bc:cc:35:71:81:90:4f:c6:c1:5d:ed:60:
         7f:84:97:30:12:32:cd:99:34:1e:79:3c:b7:0e:4d:6b:1b:5d:
         55:1a:47:98:c3:7b:d3:e9:c4:be:17:8a:40:10:29:e8:3f:b9:
         ef:cb:b9:bd:62:8b:2f:00:cf:05:fc:b8:e1:ff:05:a1:c7:12:
         97:c1:c3:cb:82:2d:18:9c:c5:1f:ae:cc:fb:44:92:80:37:16:
         05:28:7f:bb:b5:f9:1d:f1:12:32:84:57:8f:50:04:e2:8f:66:
         b2:ee:75:ea
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUZruh3P5+x7cPp9TsO7KGacSCe8UwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDAxMloX
DTI3MDMwMzA2MDUxMlowMzExMC8GA1UEAxMoRjkzNTc4QjZCOTZFODJFNzRDODdC
MEU1MTUzQzkxQ0FGQTcxMEZFQzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANn1OiaQvAe0ljfxLL+MGQIbPN6u5XlbDdFj+gntaJ+dHTHJRn0a4nesEoy/
f9IvHrrBGAzRYZqd2rU6Tw5YIwVY0uQiXXvRc8LKBEHRP9wmGCJyDg0J6eUNShBD
g8mVRdoAG9V5pHTGajCR5jHqQ3O6dKaJYrccJLMWBzTFMfgaiqLbDJb4fIhPxdOQ
bahySTu90ye/A/GnVumlTbEs4buxC5yoxt/mgcWmNQzZl9mDXNCm08lCmPnU7j/l
HzCkydMupzmrmoA4cfOQgp7QCvvOixVcV1etsXw0O6YX9KBIz02gxBLiv4Ww/Xl/
06SFLChzaICiqiviK2x0xSRbEY8CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBT5NXi2
uW6C50yHsOUVPJHK+nEP7DAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MzUwMi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
o1QwDQYJKoZIhvcNAQELBQADggEBANygoFwohy2gB+zvy+QkY+eOjaxrZwbbygsg
7Tkk5Als0Dtk/baHqXRPLj49OT6k5btY0ImCNtqWfiNDbHSZroGCuvTZJ0Xdt5ti
U04eSobZcDaUAgujlbNhGpwyC5t4/+ELJxGY9vgTgJh3P6Q7NTa+NhlBCjPMz4Dq
iT6jIufPeyu8/U/QFsYxelNhONnzdYbXSdW6ArzMNXGBkE/GwV3tYH+ElzASMs2Z
NB55PLcOTWsbXVUaR5jDe9PpxL4XikAQKeg/ue/Lub1iiy8AzwX8uOH/BaHHEpfB
w8uCLRicxR+uzPtEkoA3FgUof7u1+R3xEjKEV49QBOKPZrLudeo=
-----END CERTIFICATE-----