Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143573.roa
File:                     AS143573.roa (raw, json)
Hash identifier:          c1bzDgJXQ8Yp4iFZWAHfpymRMrl9Yh+BuG4O/NlVU/A=
Subject key identifier:   85:91:1F:8D:17:03:54:BD:23:AE:30:4E:B8:61:4E:0B:EE:70:EB:E8
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       0FB097970550C74F4A304CE235EB66EBC58ABAA4
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143573.roa
Signing time:             Wed 04 Mar 2026 06:13:10 +0000
ROA not before:           Wed 04 Mar 2026 06:08:10 +0000
ROA not after:            Wed 03 Mar 2027 06:13:10 +0000
asID:                     143573
IP address blocks:        240a:a39b::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:b0:97:97:05:50:c7:4f:4a:30:4c:e2:35:eb:66:eb:c5:8a:ba:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:08:10 2026 GMT
            Not After : Mar  3 06:13:10 2027 GMT
        Subject: CN=85911F8D170354BD23AE304EB8614E0BEE70EBE8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:15:23:d4:1c:25:30:27:27:fb:c0:9f:a7:f3:
                    3e:91:96:2a:50:fd:9a:cf:14:59:98:e2:5e:9f:f3:
                    d4:54:6d:1b:45:08:6e:6a:a7:5c:cc:67:b3:6c:5a:
                    71:b0:d8:9a:35:26:c7:de:37:5e:93:9d:92:bb:85:
                    3f:71:3d:8e:fc:1e:e3:36:90:69:0d:97:78:aa:e8:
                    86:e5:1c:47:b0:55:4e:5c:98:6d:da:ff:9e:30:72:
                    c9:5b:59:9b:b3:8a:49:66:37:b3:63:30:57:6a:a7:
                    36:15:4c:4f:16:87:21:e7:2d:9c:52:38:c0:ff:be:
                    40:97:3a:8a:3c:fe:5a:09:a6:58:0e:d1:c1:16:c2:
                    ce:e0:a3:56:28:24:b9:4f:c2:14:39:88:02:8f:77:
                    3e:44:a7:00:b5:f5:21:13:96:ee:06:f0:59:6c:a4:
                    36:42:de:e1:7d:4d:97:33:ff:64:b0:3d:a7:7c:69:
                    71:bb:41:bf:29:31:d2:06:a2:b1:32:36:e2:ee:e6:
                    f3:21:eb:d6:d0:45:d2:8a:b5:cb:a9:7c:46:11:d0:
                    a2:50:1e:34:51:2f:58:e2:a1:85:08:d0:b9:81:e4:
                    5f:10:d6:35:ec:f2:7f:7b:00:72:15:68:9f:bd:53:
                    2d:06:0e:1d:50:9b:e2:60:5e:f4:5b:1e:7a:c8:31:
                    ab:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:91:1F:8D:17:03:54:BD:23:AE:30:4E:B8:61:4E:0B:EE:70:EB:E8
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143573.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a39b::/32

    Signature Algorithm: sha256WithRSAEncryption
         6e:3c:8f:ba:af:f2:41:b8:51:f5:85:e8:f0:f6:6e:b8:d5:dc:
         9b:a3:53:00:9f:e3:d4:32:b5:44:40:8b:5d:8a:0d:f7:13:b2:
         ca:7d:ef:5a:4d:b6:71:b7:67:b1:86:7a:34:b0:60:d6:11:6b:
         1b:2c:b0:34:1e:25:d7:bf:f1:e2:07:c6:c6:51:7e:e2:75:a7:
         97:2c:e4:2f:bf:ca:de:c3:dc:c1:5c:b5:07:f9:65:4e:51:52:
         38:0b:6c:70:11:e0:27:f9:b3:c5:22:63:90:9b:1a:90:31:fa:
         32:95:d2:b4:c5:2d:10:72:3e:cf:cb:d8:a0:66:78:30:21:f0:
         bc:b8:e2:fa:2d:c6:a1:21:d8:48:a4:19:89:f1:4c:4d:94:fa:
         67:f4:53:e0:52:f1:32:c2:2f:d4:07:24:9c:cc:b9:9b:cf:ed:
         55:db:de:4f:52:b7:2e:7b:55:82:48:ff:bd:0e:a6:b9:dc:3c:
         2b:30:e8:5f:ff:1d:1f:5f:db:cd:8e:f1:ac:33:42:2b:de:fa:
         7e:d8:8a:19:84:ea:dc:4b:5c:b3:fc:09:3d:1a:e4:a6:f8:41:
         1a:2e:80:96:ae:4b:36:42:45:22:19:9b:69:97:3b:bb:84:9e:
         8a:b7:2e:60:2d:0f:11:f2:35:88:bf:db:90:05:75:4a:51:4e:
         b8:d8:25:97
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUD7CXlwVQx09KMEziNetm68WKuqQwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDgxMFoX
DTI3MDMwMzA2MTMxMFowMzExMC8GA1UEAxMoODU5MTFGOEQxNzAzNTRCRDIzQUUz
MDRFQjg2MTRFMEJFRTcwRUJFODCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALMVI9QcJTAnJ/vAn6fzPpGWKlD9ms8UWZjiXp/z1FRtG0UIbmqnXMxns2xa
cbDYmjUmx943XpOdkruFP3E9jvwe4zaQaQ2XeKrohuUcR7BVTlyYbdr/njByyVtZ
m7OKSWY3s2MwV2qnNhVMTxaHIectnFI4wP++QJc6ijz+WgmmWA7RwRbCzuCjVigk
uU/CFDmIAo93PkSnALX1IROW7gbwWWykNkLe4X1NlzP/ZLA9p3xpcbtBvykx0gai
sTI24u7m8yHr1tBF0oq1y6l8RhHQolAeNFEvWOKhhQjQuYHkXxDWNezyf3sAchVo
n71TLQYOHVCb4mBe9Fseesgxq88CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBSFkR+N
FwNUvSOuME64YU4L7nDr6DAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MzU3My5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
o5swDQYJKoZIhvcNAQELBQADggEBAG48j7qv8kG4UfWF6PD2brjV3JujUwCf49Qy
tURAi12KDfcTssp971pNtnG3Z7GGejSwYNYRaxsssDQeJde/8eIHxsZRfuJ1p5cs
5C+/yt7D3MFctQf5ZU5RUjgLbHAR4Cf5s8UiY5CbGpAx+jKV0rTFLRByPs/L2KBm
eDAh8Ly44votxqEh2EikGYnxTE2U+mf0U+BS8TLCL9QHJJzMuZvP7VXb3k9Sty57
VYJI/70OprncPCsw6F//HR9f282O8awzQive+n7YihmE6txLXLP8CT0a5Kb4QRou
gJauSzZCRSIZm2mXO7uEnoq3LmAtDxHyNYi/25AFdUpRTrjYJZc=
-----END CERTIFICATE-----