Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143557.roa
File:                     AS143557.roa (raw, json)
Hash identifier:          e2oYMAdBk/+UNV8vaFDagcgN1fkTFPZKlMaARswqEf8=
Subject key identifier:   2E:FD:E7:32:FB:D7:E0:EF:09:0B:B5:98:5D:6B:8E:71:56:55:90:1C
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       2C2CDCB004AC5F813A439880AAA136C75358628A
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143557.roa
Signing time:             Wed 04 Mar 2026 06:13:57 +0000
ROA not before:           Wed 04 Mar 2026 06:08:57 +0000
ROA not after:            Wed 03 Mar 2027 06:13:57 +0000
asID:                     143557
IP address blocks:        240a:a38b::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2c:2c:dc:b0:04:ac:5f:81:3a:43:98:80:aa:a1:36:c7:53:58:62:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:08:57 2026 GMT
            Not After : Mar  3 06:13:57 2027 GMT
        Subject: CN=2EFDE732FBD7E0EF090BB5985D6B8E715655901C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:76:f0:cd:48:ab:af:6f:10:5b:e8:77:d1:23:
                    4d:a8:fc:d3:14:1e:ac:5d:4d:f2:d2:05:75:42:8d:
                    2f:39:67:9f:14:d2:42:06:bb:1f:80:2c:5a:fe:74:
                    81:9a:85:96:a0:b6:38:a7:01:0c:45:25:10:cf:c0:
                    30:de:8e:79:12:f5:66:15:72:39:45:c5:e1:87:0b:
                    6f:c9:bb:99:b0:ae:44:a2:b8:b5:08:9f:81:77:8d:
                    d5:72:ff:7e:a3:f8:06:7c:86:f3:f4:2f:c1:d8:09:
                    ae:5b:8a:de:ca:04:26:e3:78:65:1f:8f:de:ff:b4:
                    e7:8c:d7:22:c7:f0:bb:ae:0b:00:83:f7:95:c8:c9:
                    3d:17:38:02:46:d3:f0:c0:67:10:2d:79:81:b3:8c:
                    cc:f8:99:46:94:8c:86:76:e0:5a:c0:05:35:8d:59:
                    a5:af:5b:44:ea:a5:07:e7:36:e2:7d:b6:25:6f:8c:
                    7a:54:d2:35:e0:2e:e3:74:36:f4:4f:a1:b2:af:a8:
                    f9:6a:42:e9:c4:37:10:de:01:86:56:8e:00:35:12:
                    9a:07:62:49:89:08:d8:06:2a:73:92:48:49:57:5f:
                    e9:01:a0:72:41:d3:22:83:b7:14:aa:a0:c2:a1:f4:
                    40:65:ac:95:d2:41:7e:e2:5f:4c:f3:53:53:82:24:
                    8d:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:FD:E7:32:FB:D7:E0:EF:09:0B:B5:98:5D:6B:8E:71:56:55:90:1C
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143557.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a38b::/32

    Signature Algorithm: sha256WithRSAEncryption
         23:9a:f7:a8:b8:76:de:3c:5d:81:44:2c:a6:74:f1:58:2c:02:
         fb:ad:c5:6b:e4:2a:94:be:25:ca:84:fb:fd:3c:2c:ab:a6:37:
         23:95:70:02:1e:6e:79:f4:78:dd:f9:c4:0a:6e:6a:b1:1f:60:
         fd:f6:91:2e:8c:10:da:df:a3:ad:56:e3:d6:a8:2c:a1:07:aa:
         81:1f:33:7c:c9:9e:a2:3c:90:36:86:ff:6f:0c:2e:37:03:a9:
         61:5e:4c:39:5b:08:7b:1d:44:a2:29:7f:98:76:39:e4:14:c3:
         29:69:0e:bc:94:59:7b:04:d3:45:8f:91:c6:69:73:8b:f5:a9:
         74:44:26:51:13:1e:31:bd:09:7a:d7:96:43:bd:29:6e:25:e7:
         ec:50:d2:7e:58:9d:4f:62:08:e1:f3:d5:81:bf:10:d8:a6:d4:
         17:89:4f:32:78:89:bc:9e:95:07:60:53:7e:b5:4f:c7:07:04:
         1a:4d:12:2f:48:d8:4f:98:cc:a8:c9:57:26:d5:64:fb:f6:9a:
         6d:fd:60:83:71:00:7c:89:ce:c0:91:9a:6e:c8:1b:cc:13:af:
         2a:b3:2f:78:eb:c2:33:24:47:58:2f:35:2d:a7:d9:38:e2:06:
         c7:78:ec:2d:a7:76:e0:c5:4e:b8:19:3c:79:86:37:8d:fa:16:
         d4:10:f2:07
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIULCzcsASsX4E6Q5iAqqE2x1NYYoowDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDg1N1oX
DTI3MDMwMzA2MTM1N1owMzExMC8GA1UEAxMoMkVGREU3MzJGQkQ3RTBFRjA5MEJC
NTk4NUQ2QjhFNzE1NjU1OTAxQzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMV28M1Iq69vEFvod9EjTaj80xQerF1N8tIFdUKNLzlnnxTSQga7H4AsWv50
gZqFlqC2OKcBDEUlEM/AMN6OeRL1ZhVyOUXF4YcLb8m7mbCuRKK4tQifgXeN1XL/
fqP4BnyG8/QvwdgJrluK3soEJuN4ZR+P3v+054zXIsfwu64LAIP3lcjJPRc4AkbT
8MBnEC15gbOMzPiZRpSMhnbgWsAFNY1Zpa9bROqlB+c24n22JW+MelTSNeAu43Q2
9E+hsq+o+WpC6cQ3EN4BhlaOADUSmgdiSYkI2AYqc5JISVdf6QGgckHTIoO3FKqg
wqH0QGWsldJBfuJfTPNTU4IkjZ8CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQu/ecy
+9fg7wkLtZhda45xVlWQHDAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MzU1Ny5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
o4swDQYJKoZIhvcNAQELBQADggEBACOa96i4dt48XYFELKZ08VgsAvutxWvkKpS+
JcqE+/08LKumNyOVcAIebnn0eN35xApuarEfYP32kS6MENrfo61W49aoLKEHqoEf
M3zJnqI8kDaG/28MLjcDqWFeTDlbCHsdRKIpf5h2OeQUwylpDryUWXsE00WPkcZp
c4v1qXREJlETHjG9CXrXlkO9KW4l5+xQ0n5YnU9iCOHz1YG/ENim1BeJTzJ4ibye
lQdgU361T8cHBBpNEi9I2E+YzKjJVybVZPv2mm39YINxAHyJzsCRmm7IG8wTryqz
L3jrwjMkR1gvNS2n2TjiBsd47C2nduDFTrgZPHmGN436FtQQ8gc=
-----END CERTIFICATE-----