Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143585.roa
File:                     AS143585.roa (raw, json)
Hash identifier:          wmGza0EsNNo9MitaFEnlVG/j/iJX3bhCnNJAGVGUaNo=
Subject key identifier:   1E:69:FA:54:EB:F1:E7:CA:7C:7F:48:14:F3:4B:F5:C6:81:0A:44:45
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       7F37F63A2D18B578B7FF3A3E940A060DE9EBE0C5
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143585.roa
Signing time:             Wed 04 Mar 2026 06:12:47 +0000
ROA not before:           Wed 04 Mar 2026 06:07:47 +0000
ROA not after:            Wed 03 Mar 2027 06:12:47 +0000
asID:                     143585
IP address blocks:        240a:a3a7::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7f:37:f6:3a:2d:18:b5:78:b7:ff:3a:3e:94:0a:06:0d:e9:eb:e0:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:07:47 2026 GMT
            Not After : Mar  3 06:12:47 2027 GMT
        Subject: CN=1E69FA54EBF1E7CA7C7F4814F34BF5C6810A4445
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:2b:87:5c:7b:d7:2e:ab:cc:d7:e4:62:da:dd:
                    69:91:ac:f3:37:52:03:eb:4f:d2:d2:c1:f2:1e:45:
                    2f:a6:5d:d1:e3:e3:9a:52:d6:50:7e:02:ff:66:91:
                    8f:e8:82:8e:5c:62:db:ce:aa:cf:ab:9b:ec:88:36:
                    b7:73:ef:93:45:46:60:11:55:61:f4:0e:2d:e9:4a:
                    07:7a:f0:1d:2a:73:29:4b:18:83:0e:76:c9:c2:fc:
                    40:25:02:cc:d0:85:91:33:5a:39:6b:4b:49:9f:f8:
                    36:5b:80:f5:0b:d8:e9:72:53:d4:dd:b8:81:ee:b0:
                    77:44:ff:80:4f:78:76:fa:ac:53:8f:d2:3d:65:b7:
                    25:a5:82:7f:4c:b0:bc:75:ca:98:f0:2c:54:25:db:
                    ea:63:ab:15:f4:87:ba:60:b1:f9:45:f0:de:e5:11:
                    c0:a6:2f:be:9f:69:60:5b:93:5c:86:35:d1:e5:8b:
                    ff:95:86:1b:15:83:61:b9:96:46:37:ad:77:4c:33:
                    2d:3f:b4:ae:aa:e4:20:73:2c:d5:85:e9:cb:bd:ef:
                    c0:6e:4a:af:8b:47:4d:3c:6a:92:f3:5d:31:89:6d:
                    b1:4a:59:17:a2:1b:e0:d4:c9:bf:d2:d0:15:bc:9b:
                    9b:36:be:78:c2:8b:cb:8f:92:e2:92:26:44:37:1e:
                    49:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:69:FA:54:EB:F1:E7:CA:7C:7F:48:14:F3:4B:F5:C6:81:0A:44:45
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143585.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a3a7::/32

    Signature Algorithm: sha256WithRSAEncryption
         cf:f2:b4:2d:54:a2:88:ae:25:c2:55:82:88:81:95:52:ce:43:
         03:2d:3a:e1:4e:1b:01:00:be:5e:28:ed:87:eb:9c:66:4b:8c:
         8c:47:65:b1:3f:9b:d4:e5:b4:a3:43:3c:55:78:03:c0:24:f2:
         c7:be:ca:de:14:6d:43:18:6e:6a:fc:86:ff:e6:9a:ef:0d:ef:
         0a:eb:51:0e:13:7e:ad:23:2a:75:54:b4:b8:46:63:0f:08:7d:
         51:e7:c6:a9:ba:61:77:d2:7f:75:bb:72:8a:8d:18:a3:5f:31:
         a9:e3:a4:83:3f:45:78:82:c0:66:27:14:9d:da:79:24:ef:32:
         65:86:3f:42:a6:62:b5:13:34:76:34:54:2e:51:aa:32:79:78:
         47:01:d1:85:2c:d1:61:74:61:af:c0:69:68:2e:12:1d:c8:d0:
         99:68:59:d8:f4:3f:0c:69:93:a5:41:36:80:5b:96:76:fb:ea:
         2e:1b:9b:79:a4:26:eb:0a:23:53:4e:47:48:eb:71:0f:4d:37:
         e3:6a:0f:26:0b:d5:2d:e9:e0:1f:1c:15:e3:c3:9f:d0:00:f4:
         d5:20:bc:77:a9:2f:83:b5:84:90:9b:f3:73:3b:8c:ab:8e:5f:
         d3:7a:dc:58:a0:5f:85:e6:d5:54:e4:f3:e7:4b:c3:eb:b8:cb:
         d1:13:2a:39
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUfzf2Oi0YtXi3/zo+lAoGDenr4MUwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDc0N1oX
DTI3MDMwMzA2MTI0N1owMzExMC8GA1UEAxMoMUU2OUZBNTRFQkYxRTdDQTdDN0Y0
ODE0RjM0QkY1QzY4MTBBNDQ0NTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJcrh1x71y6rzNfkYtrdaZGs8zdSA+tP0tLB8h5FL6Zd0ePjmlLWUH4C/2aR
j+iCjlxi286qz6ub7Ig2t3Pvk0VGYBFVYfQOLelKB3rwHSpzKUsYgw52ycL8QCUC
zNCFkTNaOWtLSZ/4NluA9QvY6XJT1N24ge6wd0T/gE94dvqsU4/SPWW3JaWCf0yw
vHXKmPAsVCXb6mOrFfSHumCx+UXw3uURwKYvvp9pYFuTXIY10eWL/5WGGxWDYbmW
Rjetd0wzLT+0rqrkIHMs1YXpy73vwG5Kr4tHTTxqkvNdMYltsUpZF6Ib4NTJv9LQ
Fbybmza+eMKLy4+S4pImRDceSbMCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQeafpU
6/Hnynx/SBTzS/XGgQpERTAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MzU4NS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
o6cwDQYJKoZIhvcNAQELBQADggEBAM/ytC1UooiuJcJVgoiBlVLOQwMtOuFOGwEA
vl4o7YfrnGZLjIxHZbE/m9TltKNDPFV4A8Ak8se+yt4UbUMYbmr8hv/mmu8N7wrr
UQ4Tfq0jKnVUtLhGYw8IfVHnxqm6YXfSf3W7coqNGKNfManjpIM/RXiCwGYnFJ3a
eSTvMmWGP0KmYrUTNHY0VC5RqjJ5eEcB0YUs0WF0Ya/AaWguEh3I0JloWdj0Pwxp
k6VBNoBblnb76i4bm3mkJusKI1NOR0jrcQ9NN+NqDyYL1S3p4B8cFePDn9AA9NUg
vHepL4O1hJCb83M7jKuOX9N63FigX4Xm1VTk8+dLw+u4y9ETKjk=
-----END CERTIFICATE-----