Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143514.roa
File:                     AS143514.roa (raw, json)
Hash identifier:          oe8oQxw8xqTDI1EHUlqWLK2LYLbe6yjzLLiloYjaApI=
Subject key identifier:   9C:79:4C:D1:AA:4C:AC:FB:EE:24:9D:24:D8:15:E9:29:0F:87:36:26
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       4C18E4F50BA088F77469660E93D3C614C682E254
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143514.roa
Signing time:             Wed 04 Mar 2026 06:12:55 +0000
ROA not before:           Wed 04 Mar 2026 06:07:55 +0000
ROA not after:            Wed 03 Mar 2027 06:12:55 +0000
asID:                     143514
IP address blocks:        240a:a360::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4c:18:e4:f5:0b:a0:88:f7:74:69:66:0e:93:d3:c6:14:c6:82:e2:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:07:55 2026 GMT
            Not After : Mar  3 06:12:55 2027 GMT
        Subject: CN=9C794CD1AA4CACFBEE249D24D815E9290F873626
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:1a:b2:26:d0:79:d2:4b:86:96:2c:3c:ad:5c:
                    2c:90:82:68:c3:d1:d5:0e:a7:eb:37:29:bc:bd:38:
                    0d:6f:71:4d:ad:d4:5f:ad:d5:64:2b:a8:8e:f7:92:
                    b7:c2:dc:e3:d2:70:8b:7b:85:11:b3:ec:3e:6e:bd:
                    c3:f3:e5:ac:23:2e:20:18:8c:30:36:24:ee:3a:a3:
                    8c:d3:a7:6b:02:cf:92:cd:c7:4a:58:65:83:c0:73:
                    1a:c1:02:5d:1e:37:95:5f:9e:4b:be:ac:08:82:3f:
                    6d:13:25:33:a6:a5:1c:35:f0:26:b1:81:e7:f3:72:
                    7a:93:68:7b:ab:e3:d6:ec:48:e2:c4:b2:c7:37:7a:
                    69:17:91:af:4f:7f:a1:db:11:73:f9:db:7e:5e:7d:
                    21:ec:0a:dd:0a:3e:4d:e2:44:b4:ff:ff:94:c6:be:
                    5f:d0:f7:ec:b5:c9:48:ec:04:8f:bb:37:e5:68:2c:
                    15:4d:e1:47:fd:ea:0c:51:91:1c:ae:90:38:11:75:
                    7f:22:03:c3:99:c3:3d:02:fa:28:56:66:b4:43:f7:
                    69:2d:d0:b3:cf:5e:33:d2:4f:32:42:db:35:6a:01:
                    98:47:d2:e8:0b:f4:44:cd:a6:dc:c1:7f:c2:81:24:
                    4a:51:9f:5c:60:6c:35:87:8b:9e:4a:b7:32:2f:0b:
                    bb:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:79:4C:D1:AA:4C:AC:FB:EE:24:9D:24:D8:15:E9:29:0F:87:36:26
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143514.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a360::/32

    Signature Algorithm: sha256WithRSAEncryption
         48:0f:ac:07:53:a4:8b:1c:41:0f:90:87:7c:1e:83:24:36:90:
         fd:5d:9d:79:4e:c5:05:a9:9f:35:f5:96:64:d1:5b:2c:83:31:
         5f:86:44:7f:b4:09:b9:ea:0f:d0:56:8c:bd:98:c5:cf:82:b9:
         67:92:37:41:13:46:3a:1b:3b:32:84:78:eb:3a:1e:40:cc:64:
         a2:db:86:e4:88:4e:51:8c:fa:35:f6:8c:25:05:e5:fa:19:59:
         79:ed:d6:ee:d3:fb:d4:05:0e:2a:73:dd:fa:ec:34:c8:ec:41:
         eb:5f:ce:14:a4:50:09:05:7b:ca:59:dc:a7:50:a3:e4:e2:0e:
         5d:5d:0a:07:a0:25:a3:29:6b:49:ee:d9:d1:b9:d3:ff:83:9d:
         92:23:be:ea:e2:0d:f5:59:e9:43:6d:e9:cf:5e:74:ab:4c:4c:
         bf:8c:23:cc:f9:2a:c9:06:30:22:c5:2f:25:27:6b:20:75:30:
         27:64:cd:85:c0:42:c0:e6:5c:8c:54:03:83:2f:1d:b2:53:e2:
         53:1a:f6:16:c4:1b:4b:99:f0:6d:c0:05:17:84:1a:c6:de:82:
         42:de:23:08:3f:c3:64:86:cf:38:ca:f4:23:44:83:04:f5:1b:
         9e:58:8c:6e:12:3b:a7:40:46:1b:54:0a:71:ca:bb:40:e9:3c:
         42:57:55:30
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUTBjk9QugiPd0aWYOk9PGFMaC4lQwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDc1NVoX
DTI3MDMwMzA2MTI1NVowMzExMC8GA1UEAxMoOUM3OTRDRDFBQTRDQUNGQkVFMjQ5
RDI0RDgxNUU5MjkwRjg3MzYyNjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOQasibQedJLhpYsPK1cLJCCaMPR1Q6n6zcpvL04DW9xTa3UX63VZCuojveS
t8Lc49Jwi3uFEbPsPm69w/PlrCMuIBiMMDYk7jqjjNOnawLPks3HSlhlg8BzGsEC
XR43lV+eS76sCII/bRMlM6alHDXwJrGB5/NyepNoe6vj1uxI4sSyxzd6aReRr09/
odsRc/nbfl59IewK3Qo+TeJEtP//lMa+X9D37LXJSOwEj7s35WgsFU3hR/3qDFGR
HK6QOBF1fyIDw5nDPQL6KFZmtEP3aS3Qs89eM9JPMkLbNWoBmEfS6Av0RM2m3MF/
woEkSlGfXGBsNYeLnkq3Mi8Luz8CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBSceUzR
qkys++4knSTYFekpD4c2JjAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MzUxNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
o2AwDQYJKoZIhvcNAQELBQADggEBAEgPrAdTpIscQQ+Qh3wegyQ2kP1dnXlOxQWp
nzX1lmTRWyyDMV+GRH+0CbnqD9BWjL2Yxc+CuWeSN0ETRjobOzKEeOs6HkDMZKLb
huSITlGM+jX2jCUF5foZWXnt1u7T+9QFDipz3frsNMjsQetfzhSkUAkFe8pZ3KdQ
o+TiDl1dCgegJaMpa0nu2dG50/+DnZIjvuriDfVZ6UNt6c9edKtMTL+MI8z5KskG
MCLFLyUnayB1MCdkzYXAQsDmXIxUA4MvHbJT4lMa9hbEG0uZ8G3ABReEGsbegkLe
Iwg/w2SGzzjK9CNEgwT1G55YjG4SO6dARhtUCnHKu0DpPEJXVTA=
-----END CERTIFICATE-----