Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143518.roa
File:                     AS143518.roa (raw, json)
Hash identifier:          G8b4Wa87KT17xh1Rs4XosBtej2Fdp8uwKFdXc9M+Y+g=
Subject key identifier:   EF:9B:B3:F3:98:2B:55:08:02:5A:0A:13:B9:9D:65:7D:C0:C4:86:4F
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       06263AE8CBE9A2B20D571198E11AFE9DAA078C76
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143518.roa
Signing time:             Wed 04 Mar 2026 06:15:23 +0000
ROA not before:           Wed 04 Mar 2026 06:10:23 +0000
ROA not after:            Wed 03 Mar 2027 06:15:23 +0000
asID:                     143518
IP address blocks:        240a:a364::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            06:26:3a:e8:cb:e9:a2:b2:0d:57:11:98:e1:1a:fe:9d:aa:07:8c:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:10:23 2026 GMT
            Not After : Mar  3 06:15:23 2027 GMT
        Subject: CN=EF9BB3F3982B5508025A0A13B99D657DC0C4864F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:7b:17:eb:43:79:49:44:54:e4:21:c9:e5:47:
                    59:f7:ca:33:be:5d:8f:ec:aa:59:87:77:85:47:57:
                    05:89:5f:f3:ff:cd:0e:ba:0e:d5:f8:bb:e1:45:81:
                    bd:7d:b5:66:fd:1b:81:2d:ff:e0:0c:57:28:36:05:
                    d0:c4:90:fc:52:9e:24:10:6a:75:63:ca:bb:e8:1f:
                    6b:63:24:6f:11:47:8e:35:5e:5f:b7:c7:9d:2a:29:
                    09:80:1e:7a:aa:d7:6a:d1:6c:f1:ad:75:15:de:9c:
                    19:08:0e:72:c8:e3:a0:53:fd:fc:47:51:94:b6:1d:
                    94:24:00:71:5c:00:fa:a9:63:eb:77:98:6a:a5:c0:
                    30:a8:34:a7:a7:93:ae:f8:75:13:f0:1b:76:c9:72:
                    a6:d3:d9:61:5d:90:33:e0:f0:16:76:f1:f4:e2:ba:
                    f6:44:64:a6:68:b6:4a:c3:8b:62:e2:23:bb:c9:c1:
                    9f:59:f3:54:9d:89:9a:c4:46:39:ed:a7:46:85:7e:
                    be:46:84:4c:85:52:58:79:d2:11:93:a2:9c:d9:9e:
                    3a:f6:5a:8f:ef:8b:97:7b:18:f1:73:e0:df:79:10:
                    a4:aa:68:88:a4:57:79:86:e3:d4:55:2a:89:99:e6:
                    a7:67:4c:f2:97:03:25:e4:ed:21:5d:07:53:c4:56:
                    ed:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:9B:B3:F3:98:2B:55:08:02:5A:0A:13:B9:9D:65:7D:C0:C4:86:4F
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143518.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a364::/32

    Signature Algorithm: sha256WithRSAEncryption
         07:28:0c:fa:29:f3:00:64:56:7e:67:0f:2c:0e:82:b6:ee:bb:
         29:27:48:66:72:1a:ed:a4:93:a9:0d:3f:eb:1f:ee:ca:c2:e1:
         12:29:2c:a1:05:9e:1f:30:64:e4:a9:64:6c:30:49:ab:1b:0e:
         ca:57:74:75:fe:13:e5:5b:58:83:1e:fd:af:2d:53:31:c9:9d:
         b1:93:c5:75:78:18:69:0d:53:3f:77:cf:20:78:da:a5:6c:c0:
         9a:f8:42:41:45:ba:48:4b:28:0a:97:f0:de:66:cf:58:65:f6:
         4c:30:3e:e1:2c:b9:ea:d4:e8:27:3d:ed:28:f9:c8:00:ad:02:
         2b:47:5d:8b:ba:d1:82:6d:77:57:aa:b8:1b:55:7f:b6:f8:05:
         2d:c3:73:9c:5d:c0:d3:9c:d2:8c:9e:e2:78:b5:52:d3:d8:4e:
         c8:df:51:a6:c3:6e:cf:ec:99:4a:de:71:3f:9b:91:f5:fb:3f:
         f6:5d:05:97:f1:21:04:c3:01:63:f8:1e:74:a6:6f:99:7f:7c:
         13:78:65:cd:e8:ae:8b:ed:73:07:59:17:66:3e:33:df:ca:f7:
         84:c6:3e:39:9a:24:86:49:84:ea:d9:be:02:59:26:e8:13:11:
         58:07:79:d2:3f:24:23:f4:7a:10:71:a2:70:01:da:1b:9d:55:
         92:63:71:47
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUBiY66MvporINVxGY4Rr+naoHjHYwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTAyM1oX
DTI3MDMwMzA2MTUyM1owMzExMC8GA1UEAxMoRUY5QkIzRjM5ODJCNTUwODAyNUEw
QTEzQjk5RDY1N0RDMEM0ODY0RjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJF7F+tDeUlEVOQhyeVHWffKM75dj+yqWYd3hUdXBYlf8//NDroO1fi74UWB
vX21Zv0bgS3/4AxXKDYF0MSQ/FKeJBBqdWPKu+gfa2MkbxFHjjVeX7fHnSopCYAe
eqrXatFs8a11Fd6cGQgOcsjjoFP9/EdRlLYdlCQAcVwA+qlj63eYaqXAMKg0p6eT
rvh1E/AbdslyptPZYV2QM+DwFnbx9OK69kRkpmi2SsOLYuIju8nBn1nzVJ2JmsRG
Oe2nRoV+vkaETIVSWHnSEZOinNmeOvZaj++Ll3sY8XPg33kQpKpoiKRXeYbj1FUq
iZnmp2dM8pcDJeTtIV0HU8RW7dkCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBTvm7Pz
mCtVCAJaChO5nWV9wMSGTzAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MzUxOC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
o2QwDQYJKoZIhvcNAQELBQADggEBAAcoDPop8wBkVn5nDywOgrbuuyknSGZyGu2k
k6kNP+sf7srC4RIpLKEFnh8wZOSpZGwwSasbDspXdHX+E+VbWIMe/a8tUzHJnbGT
xXV4GGkNUz93zyB42qVswJr4QkFFukhLKAqX8N5mz1hl9kwwPuEsuerU6Cc97Sj5
yACtAitHXYu60YJtd1equBtVf7b4BS3Dc5xdwNOc0oye4ni1UtPYTsjfUabDbs/s
mUrecT+bkfX7P/ZdBZfxIQTDAWP4HnSmb5l/fBN4Zc3orovtcwdZF2Y+M9/K94TG
PjmaJIZJhOrZvgJZJugTEVgHedI/JCP0ehBxonAB2hudVZJjcUc=
-----END CERTIFICATE-----