Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143516.roa
File:                     AS143516.roa (raw, json)
Hash identifier:          ZlL+6CR6Zzl102oicmDF5eHF2EqLLY0b7nRj2VbW9EM=
Subject key identifier:   93:DE:BD:03:4A:5B:89:94:68:B4:7C:8A:0B:AB:88:55:8A:8B:BF:B9
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       594C6F1C79B57458E4300B385A61BF610A122B24
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143516.roa
Signing time:             Wed 04 Mar 2026 06:13:54 +0000
ROA not before:           Wed 04 Mar 2026 06:08:54 +0000
ROA not after:            Wed 03 Mar 2027 06:13:54 +0000
asID:                     143516
IP address blocks:        240a:a362::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            59:4c:6f:1c:79:b5:74:58:e4:30:0b:38:5a:61:bf:61:0a:12:2b:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:08:54 2026 GMT
            Not After : Mar  3 06:13:54 2027 GMT
        Subject: CN=93DEBD034A5B899468B47C8A0BAB88558A8BBFB9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:7e:8a:92:cc:f2:5d:88:68:ee:93:58:41:44:
                    34:09:81:7f:f0:1b:8a:42:91:22:4f:eb:8c:f9:1e:
                    0b:7a:b6:a1:23:22:2b:a4:43:9b:ad:44:c5:ba:0f:
                    8e:53:fa:78:bd:76:42:80:3b:35:91:32:6d:32:14:
                    28:9a:d0:7a:c1:df:86:c0:d3:b4:eb:3d:ab:5a:8b:
                    43:ea:80:1f:24:83:0a:d6:ac:d3:de:5c:fe:96:38:
                    7d:a0:b8:04:5e:f7:80:d7:0e:d8:67:ed:7b:ec:ee:
                    d5:80:9c:db:69:1a:09:55:0f:4e:05:e4:76:92:af:
                    6a:33:2c:6a:5a:4a:3a:c2:cf:50:9c:54:7a:60:d1:
                    cb:09:23:37:24:bf:aa:69:53:c2:c8:0f:0b:35:b8:
                    21:33:84:bc:89:fd:5d:8d:e1:06:89:bc:04:d3:11:
                    2f:1d:8a:31:65:19:4f:d0:db:5c:45:11:af:ff:b6:
                    f8:54:18:ad:b5:07:89:cc:42:90:9f:56:55:65:7d:
                    6e:cb:7b:cd:e3:c6:e1:25:c9:f6:d4:c2:3a:f7:7a:
                    8b:73:a6:eb:ee:8c:81:0a:fc:94:2e:6a:18:80:fe:
                    1f:5e:68:db:1c:5b:c2:a8:39:84:5e:c1:28:83:0e:
                    5e:07:59:dc:9b:53:9d:66:1f:8e:f1:11:2d:09:25:
                    b8:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:DE:BD:03:4A:5B:89:94:68:B4:7C:8A:0B:AB:88:55:8A:8B:BF:B9
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143516.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a362::/32

    Signature Algorithm: sha256WithRSAEncryption
         a7:3c:26:5c:6c:f9:b5:72:e0:a8:85:e2:1a:af:da:6a:be:7f:
         5b:58:77:ec:59:8e:5d:77:57:88:f6:f1:9e:59:6c:c2:6c:0d:
         e0:db:9c:6b:54:24:a1:ee:4a:6d:c5:8a:94:ac:3d:14:0e:bd:
         f1:74:69:3b:27:47:e6:81:b4:fa:b0:44:78:8c:0a:c4:4b:0b:
         fe:d0:64:28:67:0f:77:78:29:f4:34:0f:4d:4f:61:41:15:19:
         2c:28:13:82:2e:6a:02:f9:62:a6:cb:ae:c9:61:c9:c2:a9:6f:
         b1:42:bd:cc:8b:ac:fc:9f:e8:e1:b9:a4:f8:7b:bc:9a:e2:05:
         bb:93:37:74:f2:68:46:2e:7b:66:ed:32:60:1c:58:e1:34:d7:
         e1:e5:e6:da:cd:10:19:1e:33:56:55:14:00:87:08:a1:86:80:
         73:fb:b4:8c:fe:fa:fc:17:c3:83:39:16:6a:7f:8a:5c:90:8b:
         72:61:8b:a7:08:28:6f:8c:e6:cd:73:3c:70:0a:76:29:48:b8:
         f9:e7:3d:e5:3d:d5:a0:fa:70:d1:86:61:05:43:1b:f1:57:b0:
         9c:dc:da:3b:eb:13:b0:c0:88:9c:d9:32:9e:74:3f:3c:18:79:
         3b:18:6f:4c:12:1f:f4:84:77:63:38:3b:98:61:ea:0f:86:0c:
         79:80:13:8f
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUWUxvHHm1dFjkMAs4WmG/YQoSKyQwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDg1NFoX
DTI3MDMwMzA2MTM1NFowMzExMC8GA1UEAxMoOTNERUJEMDM0QTVCODk5NDY4QjQ3
QzhBMEJBQjg4NTU4QThCQkZCOTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMZ+ipLM8l2IaO6TWEFENAmBf/AbikKRIk/rjPkeC3q2oSMiK6RDm61ExboP
jlP6eL12QoA7NZEybTIUKJrQesHfhsDTtOs9q1qLQ+qAHySDCtas095c/pY4faC4
BF73gNcO2Gfte+zu1YCc22kaCVUPTgXkdpKvajMsalpKOsLPUJxUemDRywkjNyS/
qmlTwsgPCzW4ITOEvIn9XY3hBom8BNMRLx2KMWUZT9DbXEURr/+2+FQYrbUHicxC
kJ9WVWV9bst7zePG4SXJ9tTCOvd6i3Om6+6MgQr8lC5qGID+H15o2xxbwqg5hF7B
KIMOXgdZ3JtTnWYfjvERLQkluM8CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBST3r0D
SluJlGi0fIoLq4hViou/uTAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MzUxNi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
o2IwDQYJKoZIhvcNAQELBQADggEBAKc8Jlxs+bVy4KiF4hqv2mq+f1tYd+xZjl13
V4j28Z5ZbMJsDeDbnGtUJKHuSm3FipSsPRQOvfF0aTsnR+aBtPqwRHiMCsRLC/7Q
ZChnD3d4KfQ0D01PYUEVGSwoE4IuagL5YqbLrslhycKpb7FCvcyLrPyf6OG5pPh7
vJriBbuTN3TyaEYue2btMmAcWOE01+Hl5trNEBkeM1ZVFACHCKGGgHP7tIz++vwX
w4M5Fmp/ilyQi3Jhi6cIKG+M5s1zPHAKdilIuPnnPeU91aD6cNGGYQVDG/FXsJzc
2jvrE7DAiJzZMp50PzwYeTsYb0wSH/SEd2M4O5hh6g+GDHmAE48=
-----END CERTIFICATE-----