Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143533.roa
File:                     AS143533.roa (raw, json)
Hash identifier:          BpdAVlaH4c7AUys/dz1CtpiNUoYsFEYShkAGCIi+jUE=
Subject key identifier:   1B:BD:D8:C8:20:AE:BF:23:BE:A1:C9:60:4E:E4:E5:43:61:EC:4B:48
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       08404AF66E25D02D72620E2884A41E983C417DAB
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143533.roa
Signing time:             Wed 04 Mar 2026 06:15:07 +0000
ROA not before:           Wed 04 Mar 2026 06:10:07 +0000
ROA not after:            Wed 03 Mar 2027 06:15:07 +0000
asID:                     143533
IP address blocks:        240a:a373::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            08:40:4a:f6:6e:25:d0:2d:72:62:0e:28:84:a4:1e:98:3c:41:7d:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:10:07 2026 GMT
            Not After : Mar  3 06:15:07 2027 GMT
        Subject: CN=1BBDD8C820AEBF23BEA1C9604EE4E54361EC4B48
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:5e:9d:ef:0c:c5:bb:ce:e6:f7:99:e1:b9:08:
                    fa:10:f2:bc:e0:40:d4:f4:e5:28:68:af:de:28:9d:
                    9a:94:35:a1:68:99:38:65:34:8a:90:c6:2c:20:b8:
                    f5:81:f6:65:0b:d5:ae:2a:d1:7b:f4:e0:95:85:19:
                    52:8c:d8:34:b6:67:07:10:36:68:d8:51:7a:7a:7f:
                    55:4c:c7:59:68:87:1f:eb:fe:73:d8:6d:05:f9:2a:
                    7f:b1:0b:ed:e1:66:ac:5c:89:b4:bd:94:92:a5:d1:
                    54:fd:69:a7:6e:63:f5:94:ec:30:09:d3:63:9f:2b:
                    b8:22:f8:11:0b:51:ae:9e:2d:6c:eb:22:74:63:d5:
                    db:01:7b:89:52:38:de:65:70:be:16:1d:e8:9f:3d:
                    bb:2b:8f:53:a8:3a:1e:bf:b5:5d:3a:6e:87:d7:1b:
                    e7:29:62:d8:3d:ce:e8:14:ef:9c:3f:87:90:34:35:
                    89:30:04:73:bb:e0:9e:76:00:d3:5e:58:e3:6a:21:
                    9b:d0:44:3a:8e:4e:06:e4:51:3e:e0:da:a6:6a:62:
                    fd:29:a1:67:c1:28:0d:fe:c1:62:0b:6f:2c:9f:ad:
                    b3:8d:d8:c2:ff:b8:56:8b:93:0a:10:5c:e3:8e:57:
                    9a:ae:15:83:8b:a9:fc:04:30:20:be:7d:1f:f1:91:
                    a9:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:BD:D8:C8:20:AE:BF:23:BE:A1:C9:60:4E:E4:E5:43:61:EC:4B:48
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143533.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a373::/32

    Signature Algorithm: sha256WithRSAEncryption
         b2:ef:84:35:68:39:34:64:d7:0f:fc:1c:ed:3c:46:1c:5b:c4:
         01:dc:14:71:05:e3:65:87:c9:a7:4f:89:63:f6:a9:a1:10:b1:
         9f:25:54:ad:54:68:d4:bd:40:28:9d:1f:c1:25:e6:32:40:bd:
         9e:3c:df:8c:48:69:07:c1:4a:2d:fb:4a:e3:d4:ea:bc:a5:ab:
         b0:7e:2c:10:5d:13:21:84:0c:d1:06:e4:0a:ae:2a:11:da:0c:
         7f:38:b1:19:0c:dd:cb:db:c5:d2:31:db:6e:99:7c:10:56:8c:
         8e:e8:71:8f:1f:2e:de:5f:3b:c1:eb:b2:38:3a:87:3c:8d:e0:
         b5:2f:59:23:ec:4a:51:d8:27:2e:f0:9f:30:fc:c2:31:5c:d5:
         13:1d:a7:b3:81:e7:48:1f:ba:e3:30:1d:a2:68:5a:d3:81:c6:
         a8:38:51:04:a4:ed:e7:22:6c:b7:58:83:3b:9a:64:ed:58:47:
         30:66:a3:59:d1:e7:86:14:a3:b1:1e:57:dc:db:d1:81:4c:20:
         54:f2:ca:b1:50:6d:8f:90:6e:1f:33:49:e2:c9:92:d2:63:e3:
         28:26:46:83:4a:26:42:e8:3b:95:54:60:13:c9:b7:33:9f:cf:
         e1:a7:00:6e:49:73:f3:2d:2c:99:53:b9:88:47:09:0c:12:dc:
         45:ba:d8:72
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUCEBK9m4l0C1yYg4ohKQemDxBfaswDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTAwN1oX
DTI3MDMwMzA2MTUwN1owMzExMC8GA1UEAxMoMUJCREQ4QzgyMEFFQkYyM0JFQTFD
OTYwNEVFNEU1NDM2MUVDNEI0ODCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMhene8MxbvO5veZ4bkI+hDyvOBA1PTlKGiv3iidmpQ1oWiZOGU0ipDGLCC4
9YH2ZQvVrirRe/TglYUZUozYNLZnBxA2aNhRenp/VUzHWWiHH+v+c9htBfkqf7EL
7eFmrFyJtL2UkqXRVP1pp25j9ZTsMAnTY58ruCL4EQtRrp4tbOsidGPV2wF7iVI4
3mVwvhYd6J89uyuPU6g6Hr+1XTpuh9cb5yli2D3O6BTvnD+HkDQ1iTAEc7vgnnYA
015Y42ohm9BEOo5OBuRRPuDapmpi/SmhZ8EoDf7BYgtvLJ+ts43Ywv+4VouTChBc
445Xmq4Vg4up/AQwIL59H/GRqRsCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQbvdjI
IK6/I76hyWBO5OVDYexLSDAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MzUzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
o3MwDQYJKoZIhvcNAQELBQADggEBALLvhDVoOTRk1w/8HO08RhxbxAHcFHEF42WH
yadPiWP2qaEQsZ8lVK1UaNS9QCidH8El5jJAvZ4834xIaQfBSi37SuPU6rylq7B+
LBBdEyGEDNEG5AquKhHaDH84sRkM3cvbxdIx226ZfBBWjI7ocY8fLt5fO8Hrsjg6
hzyN4LUvWSPsSlHYJy7wnzD8wjFc1RMdp7OB50gfuuMwHaJoWtOBxqg4UQSk7eci
bLdYgzuaZO1YRzBmo1nR54YUo7EeV9zb0YFMIFTyyrFQbY+Qbh8zSeLJktJj4ygm
RoNKJkLoO5VUYBPJtzOfz+GnAG5Jc/MtLJlTuYhHCQwS3EW62HI=
-----END CERTIFICATE-----