Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143542.roa
File:                     AS143542.roa (raw, json)
Hash identifier:          PivqDJGuFGrNcsIyqVSnsOhyvy2fm97L72HeHc7BRPc=
Subject key identifier:   60:8E:6A:00:79:2D:7A:65:CC:87:B8:52:77:66:83:53:E8:94:D4:3D
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       741E0141C4BC337D08112BB0149BB5761E8AFE2F
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143542.roa
Signing time:             Wed 04 Mar 2026 06:13:42 +0000
ROA not before:           Wed 04 Mar 2026 06:08:42 +0000
ROA not after:            Wed 03 Mar 2027 06:13:42 +0000
asID:                     143542
IP address blocks:        240a:a37c::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:1e:01:41:c4:bc:33:7d:08:11:2b:b0:14:9b:b5:76:1e:8a:fe:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:08:42 2026 GMT
            Not After : Mar  3 06:13:42 2027 GMT
        Subject: CN=608E6A00792D7A65CC87B85277668353E894D43D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:0d:7f:87:01:c7:2c:ff:b4:49:2c:73:d7:59:
                    75:12:9a:b0:55:8c:39:9e:63:25:b2:28:e7:c7:a8:
                    38:3d:3b:ce:bf:b5:0c:2e:c9:39:28:c3:a0:ff:97:
                    15:94:49:72:1c:1b:77:c8:90:1c:a3:02:53:62:93:
                    75:aa:ad:b8:b6:ab:c8:4b:12:db:e4:65:ed:7b:95:
                    60:21:48:ea:c3:92:d2:a2:9b:9b:79:6d:67:3b:bc:
                    09:f6:50:2a:23:40:a2:f5:06:e1:8b:1c:ce:98:aa:
                    2d:50:7f:c9:15:fa:93:ca:7e:7b:d6:3b:41:67:b3:
                    14:2e:69:6f:0b:f7:41:22:36:ac:ba:c2:b1:22:72:
                    80:f3:70:06:03:62:0e:31:ba:e8:c9:10:94:f0:04:
                    44:ed:58:18:94:28:b4:c0:5b:49:09:29:e2:39:f9:
                    aa:ab:96:ce:5d:00:eb:ff:05:19:ba:91:9c:42:2c:
                    89:90:99:ab:05:c3:90:63:ed:e5:c9:89:58:bf:39:
                    6e:b6:ea:85:d9:db:58:01:51:fe:00:e3:ff:f7:7d:
                    39:71:1c:8b:4b:30:d6:6c:40:53:95:62:43:84:6f:
                    72:29:45:d1:3d:9a:66:d7:f7:1b:eb:98:57:c3:fc:
                    69:fe:ee:59:cf:cb:5e:e3:43:9d:c8:a6:59:04:f6:
                    64:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:8E:6A:00:79:2D:7A:65:CC:87:B8:52:77:66:83:53:E8:94:D4:3D
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143542.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a37c::/32

    Signature Algorithm: sha256WithRSAEncryption
         6d:0b:2c:04:68:85:1f:62:2e:0f:cc:df:6d:02:c6:ce:6a:b3:
         ba:6b:9f:6c:5d:21:48:0d:71:81:60:75:f1:e9:98:69:bf:c0:
         2e:e4:e8:90:df:68:5e:06:30:80:6d:6d:a5:77:08:c6:81:d0:
         77:27:a4:c7:b5:2b:7f:8b:6c:14:19:48:1e:cb:51:93:0b:1d:
         04:1c:c4:8a:e9:00:d9:f6:75:da:f8:b5:c4:6e:95:b2:e4:f4:
         e7:2b:8e:6d:58:43:d9:16:60:64:af:4d:13:5c:bc:e2:e9:cd:
         57:cf:db:b3:49:dd:56:4b:de:7c:59:1c:4f:e5:39:9f:f5:b9:
         e0:52:27:be:7a:0f:6c:23:d5:46:d5:0f:9a:2a:d6:aa:2b:d7:
         27:97:15:14:ef:58:11:de:3d:77:05:41:38:18:36:13:21:be:
         25:a2:e5:6b:82:df:57:76:08:ae:e4:43:55:c3:31:8e:c6:fb:
         f8:55:83:1b:43:4d:cd:f1:6c:f3:63:2b:bc:08:b3:e5:bb:ac:
         95:54:a0:7c:bc:2a:8c:b6:78:b1:9e:33:2e:0d:b5:29:10:4c:
         96:4c:7c:3b:81:41:71:f9:99:4b:eb:2f:6b:06:8a:a9:2c:fd:
         fd:61:a7:5b:50:81:78:86:50:ad:37:c9:9e:fb:ec:f3:e8:29:
         b4:7c:ab:5c
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUdB4BQcS8M30IESuwFJu1dh6K/i8wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDg0MloX
DTI3MDMwMzA2MTM0MlowMzExMC8GA1UEAxMoNjA4RTZBMDA3OTJEN0E2NUNDODdC
ODUyNzc2NjgzNTNFODk0RDQzRDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANMNf4cBxyz/tEksc9dZdRKasFWMOZ5jJbIo58eoOD07zr+1DC7JOSjDoP+X
FZRJchwbd8iQHKMCU2KTdaqtuLaryEsS2+Rl7XuVYCFI6sOS0qKbm3ltZzu8CfZQ
KiNAovUG4YsczpiqLVB/yRX6k8p+e9Y7QWezFC5pbwv3QSI2rLrCsSJygPNwBgNi
DjG66MkQlPAERO1YGJQotMBbSQkp4jn5qquWzl0A6/8FGbqRnEIsiZCZqwXDkGPt
5cmJWL85brbqhdnbWAFR/gDj//d9OXEci0sw1mxAU5ViQ4RvcilF0T2aZtf3G+uY
V8P8af7uWc/LXuNDncimWQT2ZHkCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBRgjmoA
eS16ZcyHuFJ3ZoNT6JTUPTAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MzU0Mi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
o3wwDQYJKoZIhvcNAQELBQADggEBAG0LLARohR9iLg/M320Cxs5qs7prn2xdIUgN
cYFgdfHpmGm/wC7k6JDfaF4GMIBtbaV3CMaB0HcnpMe1K3+LbBQZSB7LUZMLHQQc
xIrpANn2ddr4tcRulbLk9Ocrjm1YQ9kWYGSvTRNcvOLpzVfP27NJ3VZL3nxZHE/l
OZ/1ueBSJ756D2wj1UbVD5oq1qor1yeXFRTvWBHePXcFQTgYNhMhviWi5WuC31d2
CK7kQ1XDMY7G+/hVgxtDTc3xbPNjK7wIs+W7rJVUoHy8Koy2eLGeMy4NtSkQTJZM
fDuBQXH5mUvrL2sGiqks/f1hp1tQgXiGUK03yZ777PPoKbR8q1w=
-----END CERTIFICATE-----