Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143576.roa
File:                     AS143576.roa (raw, json)
Hash identifier:          WIFM5EIeECDizTIw885nFJvv6NkdXwfbZLHkMgFFu6k=
Subject key identifier:   BF:FF:3E:16:BB:2C:92:6B:70:38:5B:20:A5:5A:5F:4C:7B:1E:BA:48
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       249AD4899874AB611DDFAFF78189619BF957D3CA
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143576.roa
Signing time:             Wed 04 Mar 2026 06:13:06 +0000
ROA not before:           Wed 04 Mar 2026 06:08:06 +0000
ROA not after:            Wed 03 Mar 2027 06:13:06 +0000
asID:                     143576
IP address blocks:        240a:a39e::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            24:9a:d4:89:98:74:ab:61:1d:df:af:f7:81:89:61:9b:f9:57:d3:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:08:06 2026 GMT
            Not After : Mar  3 06:13:06 2027 GMT
        Subject: CN=BFFF3E16BB2C926B70385B20A55A5F4C7B1EBA48
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:27:27:f0:bc:aa:26:37:a1:37:da:fa:92:f4:
                    48:e6:4c:c1:4d:aa:99:09:b2:64:44:c1:12:a4:b1:
                    ab:70:33:e4:e3:58:38:28:61:fa:25:58:04:b7:5a:
                    0f:47:4a:eb:6d:a8:e6:64:b8:89:a2:b9:8c:4c:ed:
                    cf:6c:57:bc:02:30:ce:61:13:fa:b3:78:2f:6c:ab:
                    e2:32:0f:a6:c5:4a:90:32:8f:5c:7e:da:31:90:6b:
                    77:46:32:ee:f6:be:b4:20:26:1a:78:74:45:39:e3:
                    d7:81:c2:e6:44:c3:a9:b7:fe:3e:eb:d1:68:60:6c:
                    b4:30:55:b1:82:0e:98:90:3f:92:f6:fa:49:9f:b9:
                    20:62:fa:04:b8:5f:cc:69:af:ff:2d:fe:21:92:af:
                    8f:bf:d1:8e:23:80:b5:9d:3a:f2:5b:d1:ab:78:7e:
                    ee:fa:18:22:a7:5e:c4:02:b0:bb:1f:d2:f6:8a:55:
                    bf:b5:e2:b9:53:c4:20:2a:75:98:d7:23:78:9b:92:
                    2b:0d:56:c5:e7:4d:5b:12:bc:6d:37:2b:e6:7c:69:
                    1e:44:b2:75:5d:bc:5d:69:3d:98:1c:1e:3e:49:c0:
                    11:28:27:9b:55:19:3f:4f:5f:0c:e7:68:a3:f0:a7:
                    11:fa:c0:bb:2b:33:4f:d9:2a:23:ea:aa:7c:5a:9d:
                    3e:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:FF:3E:16:BB:2C:92:6B:70:38:5B:20:A5:5A:5F:4C:7B:1E:BA:48
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143576.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a39e::/32

    Signature Algorithm: sha256WithRSAEncryption
         07:32:ab:f8:c2:a2:27:1c:73:d4:a7:4e:39:1e:55:f1:b2:0b:
         3a:5c:a5:a3:82:ba:09:e4:9b:f7:2f:83:81:db:a1:e7:36:36:
         70:ba:82:33:50:fb:65:cb:31:08:0c:65:b5:de:3b:8f:c3:46:
         68:5f:0a:aa:8d:b8:c0:fc:6a:12:c6:4e:c3:0d:ba:2a:5a:2a:
         f4:0d:3e:b8:e1:c3:b3:7f:fa:b5:c8:18:53:ee:12:ea:31:a9:
         09:23:cf:6c:e5:74:93:b1:b6:5b:f6:e3:2f:b0:17:07:24:25:
         cb:33:27:f2:20:2b:5c:49:1e:a4:3f:1b:9e:bd:19:29:c5:e0:
         45:34:11:f9:4f:e4:6d:de:35:3a:80:8f:96:9d:d9:07:c5:a1:
         7d:5a:7b:a2:19:e9:c9:ca:68:57:d8:a9:a3:2a:27:db:7b:00:
         f6:76:1e:3b:6c:a7:cf:cf:d6:a5:aa:46:f7:a2:34:55:ed:b9:
         5e:e4:e9:5b:38:f0:98:a0:8c:89:73:7d:ba:73:7c:cc:66:dc:
         6f:b9:d1:c4:5c:00:89:dc:c6:f6:51:65:57:ce:ef:e3:52:43:
         fa:25:2b:53:56:eb:ef:79:40:55:ce:31:0a:f7:b3:9e:26:15:
         24:a0:6f:54:70:f5:0f:78:e3:a7:df:ab:64:5f:8c:96:ee:d5:
         62:a9:f5:fa
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUJJrUiZh0q2Ed36/3gYlhm/lX08owDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDgwNloX
DTI3MDMwMzA2MTMwNlowMzExMC8GA1UEAxMoQkZGRjNFMTZCQjJDOTI2QjcwMzg1
QjIwQTU1QTVGNEM3QjFFQkE0ODCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMsnJ/C8qiY3oTfa+pL0SOZMwU2qmQmyZETBEqSxq3Az5ONYOChh+iVYBLda
D0dK622o5mS4iaK5jEztz2xXvAIwzmET+rN4L2yr4jIPpsVKkDKPXH7aMZBrd0Yy
7va+tCAmGnh0RTnj14HC5kTDqbf+PuvRaGBstDBVsYIOmJA/kvb6SZ+5IGL6BLhf
zGmv/y3+IZKvj7/RjiOAtZ068lvRq3h+7voYIqdexAKwux/S9opVv7XiuVPEICp1
mNcjeJuSKw1WxedNWxK8bTcr5nxpHkSydV28XWk9mBwePknAESgnm1UZP09fDOdo
o/CnEfrAuyszT9kqI+qqfFqdPpUCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBS//z4W
uyySa3A4WyClWl9Mex66SDAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MzU3Ni5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
o54wDQYJKoZIhvcNAQELBQADggEBAAcyq/jCoiccc9SnTjkeVfGyCzpcpaOCugnk
m/cvg4Hboec2NnC6gjNQ+2XLMQgMZbXeO4/DRmhfCqqNuMD8ahLGTsMNuipaKvQN
Prjhw7N/+rXIGFPuEuoxqQkjz2zldJOxtlv24y+wFwckJcszJ/IgK1xJHqQ/G569
GSnF4EU0EflP5G3eNTqAj5ad2QfFoX1ae6IZ6cnKaFfYqaMqJ9t7APZ2Hjtsp8/P
1qWqRveiNFXtuV7k6Vs48JigjIlzfbpzfMxm3G+50cRcAIncxvZRZVfO7+NSQ/ol
K1NW6+95QFXOMQr3s54mFSSgb1Rw9Q9446ffq2RfjJbu1WKp9fo=
-----END CERTIFICATE-----