Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143520.roa
File:                     AS143520.roa (raw, json)
Hash identifier:          QPZj+K3y4vmwv1wLK5V/CgD6k8cTcaTFgNvubJ1dcn8=
Subject key identifier:   9B:41:56:6B:78:D0:3F:34:36:69:EF:3B:C3:4C:78:A5:D2:C7:A1:FA
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       538F6238177581B43425601E84561238089AC47F
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143520.roa
Signing time:             Wed 04 Mar 2026 06:14:55 +0000
ROA not before:           Wed 04 Mar 2026 06:09:55 +0000
ROA not after:            Wed 03 Mar 2027 06:14:55 +0000
asID:                     143520
IP address blocks:        240a:a366::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:8f:62:38:17:75:81:b4:34:25:60:1e:84:56:12:38:08:9a:c4:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:09:55 2026 GMT
            Not After : Mar  3 06:14:55 2027 GMT
        Subject: CN=9B41566B78D03F343669EF3BC34C78A5D2C7A1FA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:ff:bb:47:a4:ed:64:08:50:b2:70:8b:85:b2:
                    31:ff:e9:bc:75:73:77:02:2f:3c:a8:98:b1:0b:70:
                    b5:a0:a3:1c:e5:21:02:c6:ba:10:9f:41:c3:ad:d3:
                    25:8c:97:43:b3:fd:ac:5f:d1:c2:8b:d2:18:5d:da:
                    b3:f5:1a:79:3d:ce:38:2c:dc:62:bb:85:84:58:f9:
                    c4:bc:e0:bc:46:8a:5c:b4:a8:34:b2:2f:e7:48:fd:
                    72:b9:a1:60:e0:38:b8:71:b1:58:7b:43:6b:c9:39:
                    c6:58:6e:31:a3:f7:15:5a:cd:3f:fd:4d:64:3d:2d:
                    84:e4:a2:30:8e:ec:04:a9:ba:57:36:10:2d:40:e0:
                    fa:89:3c:dd:3d:bf:8b:f7:1d:fb:ab:8b:15:ec:65:
                    05:f8:91:c5:4b:75:07:c5:70:e2:ef:62:d2:fa:aa:
                    d8:2e:dc:f1:ad:d3:12:bf:27:87:33:83:de:7d:70:
                    88:74:3e:6e:1f:24:a9:6a:07:3e:e5:2c:ee:d9:60:
                    df:5f:77:b9:8f:11:a2:3e:f9:a4:d6:ff:66:c0:a0:
                    dc:56:13:36:9b:b7:60:61:f8:7c:08:67:d1:6e:7b:
                    78:01:12:73:2d:50:98:aa:13:4a:6d:88:d7:60:87:
                    76:03:72:84:20:67:40:25:e0:2e:12:12:d7:c7:2f:
                    db:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:41:56:6B:78:D0:3F:34:36:69:EF:3B:C3:4C:78:A5:D2:C7:A1:FA
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143520.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a366::/32

    Signature Algorithm: sha256WithRSAEncryption
         34:be:aa:57:83:7c:d9:a2:7a:92:8a:bb:02:99:76:96:88:d8:
         08:f8:43:ad:d9:56:10:37:51:48:35:51:d8:3d:29:90:70:ef:
         25:1f:e8:ce:2a:0e:ec:d7:94:51:8b:40:51:28:65:6b:0b:cd:
         c9:8e:7a:de:2d:ca:bb:1b:f6:f3:1b:2d:f8:28:c3:64:20:5e:
         37:31:49:ce:8e:6d:73:bf:9d:a1:44:92:b8:6b:c3:3f:b5:5c:
         fa:cf:9e:f7:4f:c4:62:a6:81:d8:17:9a:fa:d0:4a:37:db:71:
         5d:f2:8e:87:48:fa:55:a8:07:a6:32:95:6c:62:7c:02:3b:b0:
         50:68:97:87:ac:f9:77:19:ad:c2:ca:8d:a3:e5:3f:b1:49:6d:
         0f:2d:5b:1b:75:ff:10:46:97:be:67:f1:b2:c4:d9:ae:21:93:
         a7:5d:96:6c:1d:76:8b:f2:68:eb:c9:dd:46:a0:fb:5e:a5:e8:
         c3:13:31:43:e7:40:33:42:4e:bc:99:af:ec:cb:5e:da:84:d3:
         26:d3:76:81:c1:33:82:ec:bc:97:ae:b0:ab:6a:ca:81:db:b1:
         7b:89:a6:da:cf:8c:77:06:8f:04:e2:71:b7:19:a3:a4:da:f6:
         c3:c6:3d:66:cf:4e:b5:37:f3:a6:54:41:4a:d8:8b:9e:fd:f5:
         a7:95:74:73
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUU49iOBd1gbQ0JWAehFYSOAiaxH8wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDk1NVoX
DTI3MDMwMzA2MTQ1NVowMzExMC8GA1UEAxMoOUI0MTU2NkI3OEQwM0YzNDM2NjlF
RjNCQzM0Qzc4QTVEMkM3QTFGQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALb/u0ek7WQIULJwi4WyMf/pvHVzdwIvPKiYsQtwtaCjHOUhAsa6EJ9Bw63T
JYyXQ7P9rF/RwovSGF3as/UaeT3OOCzcYruFhFj5xLzgvEaKXLSoNLIv50j9crmh
YOA4uHGxWHtDa8k5xlhuMaP3FVrNP/1NZD0thOSiMI7sBKm6VzYQLUDg+ok83T2/
i/cd+6uLFexlBfiRxUt1B8Vw4u9i0vqq2C7c8a3TEr8nhzOD3n1wiHQ+bh8kqWoH
PuUs7tlg3193uY8Roj75pNb/ZsCg3FYTNpu3YGH4fAhn0W57eAEScy1QmKoTSm2I
12CHdgNyhCBnQCXgLhIS18cv2zMCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBSbQVZr
eNA/NDZp7zvDTHil0seh+jAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MzUyMC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
o2YwDQYJKoZIhvcNAQELBQADggEBADS+qleDfNmiepKKuwKZdpaI2Aj4Q63ZVhA3
UUg1Udg9KZBw7yUf6M4qDuzXlFGLQFEoZWsLzcmOet4tyrsb9vMbLfgow2QgXjcx
Sc6ObXO/naFEkrhrwz+1XPrPnvdPxGKmgdgXmvrQSjfbcV3yjodI+lWoB6YylWxi
fAI7sFBol4es+XcZrcLKjaPlP7FJbQ8tWxt1/xBGl75n8bLE2a4hk6ddlmwddovy
aOvJ3Uag+16l6MMTMUPnQDNCTryZr+zLXtqE0ybTdoHBM4LsvJeusKtqyoHbsXuJ
ptrPjHcGjwTicbcZo6Ta9sPGPWbPTrU386ZUQUrYi5799aeVdHM=
-----END CERTIFICATE-----