Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143589.roa
File:                     AS143589.roa (raw, json)
Hash identifier:          iYH6PG2GkR+rEfMy4xgo2tWe6ufF7edpdJJT65R8LUQ=
Subject key identifier:   29:A8:D7:94:B7:29:8B:1E:CA:56:FA:7E:57:58:DF:DA:D8:8B:6B:E0
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       543A531846CCF9D58E5B730E669939BF3A33F3CD
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143589.roa
Signing time:             Wed 04 Mar 2026 06:14:06 +0000
ROA not before:           Wed 04 Mar 2026 06:09:06 +0000
ROA not after:            Wed 03 Mar 2027 06:14:06 +0000
asID:                     143589
IP address blocks:        240a:a3ab::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            54:3a:53:18:46:cc:f9:d5:8e:5b:73:0e:66:99:39:bf:3a:33:f3:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:09:06 2026 GMT
            Not After : Mar  3 06:14:06 2027 GMT
        Subject: CN=29A8D794B7298B1ECA56FA7E5758DFDAD88B6BE0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:74:0e:85:74:24:2d:ca:96:8f:44:98:8b:25:
                    93:f3:68:98:e2:cc:9b:84:04:e0:d5:21:47:ce:29:
                    58:6b:cd:43:2c:f9:81:35:fa:95:91:2d:3b:96:ca:
                    15:61:74:29:55:32:e7:9e:ea:71:a1:d4:8b:02:fd:
                    8b:0f:e8:e9:ef:fd:de:dc:c5:1d:18:91:17:82:db:
                    23:45:75:22:2e:11:5c:2f:f3:5f:da:35:7b:79:bb:
                    1b:23:0a:3f:ed:34:cc:18:a8:da:b6:45:6b:a5:59:
                    7e:38:f7:31:42:26:1c:26:63:69:f6:1b:6f:a5:b8:
                    6b:2d:d4:21:3e:b9:97:09:f8:03:3b:97:f7:26:c3:
                    52:83:c0:38:7e:0a:38:f2:9e:9b:6a:c0:6f:8c:ce:
                    ed:65:67:25:fd:f3:13:36:d4:4e:0e:29:1b:3e:d8:
                    38:8e:2d:96:6d:53:1f:4f:91:9f:05:a4:25:08:f4:
                    5d:fb:37:fe:06:ef:c7:92:d2:f2:9e:cb:ba:9f:b8:
                    c8:39:ef:ad:58:f0:5f:c1:48:29:1c:2b:5c:96:a3:
                    a6:7c:49:21:e5:9e:18:19:96:2e:33:b7:b4:1b:f2:
                    55:73:5e:57:0d:29:e6:3d:03:28:25:16:7a:e1:21:
                    8f:f0:aa:72:ba:b0:5f:1e:a0:a0:4f:cd:2b:91:09:
                    bf:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:A8:D7:94:B7:29:8B:1E:CA:56:FA:7E:57:58:DF:DA:D8:8B:6B:E0
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143589.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a3ab::/32

    Signature Algorithm: sha256WithRSAEncryption
         d1:4a:8a:af:04:66:4a:85:32:c9:91:cb:30:f3:be:8c:f0:01:
         bd:14:ff:a5:13:24:88:03:12:dd:cb:36:06:81:bd:cb:96:ee:
         ab:8b:75:ee:96:d1:d5:ce:5f:d0:7d:b0:f3:9b:4a:02:54:8d:
         cc:95:9d:b1:a6:e6:85:ea:0e:8b:0e:59:e4:d6:3c:e0:7b:40:
         5a:d3:38:48:b2:47:05:c3:89:c6:1e:dc:84:44:14:09:e9:1e:
         bb:38:cd:88:e0:09:86:46:52:cd:9c:c4:91:30:38:6c:4c:87:
         cd:2e:c0:1a:4d:a7:3a:2d:ef:b9:0f:ea:de:d3:1d:9d:d6:97:
         6e:d2:82:5d:31:56:62:b2:55:90:92:9a:81:a6:11:bd:8b:b5:
         42:94:15:50:af:b0:3d:03:95:60:4f:96:64:eb:51:c1:21:29:
         1c:6b:fa:e4:49:68:4f:3c:b2:ca:76:d7:7a:e4:65:02:1a:2c:
         76:e4:5a:4b:c3:1a:2f:05:12:71:b2:1e:92:18:a2:a1:32:54:
         3d:f0:ef:e0:f8:48:e5:18:4b:e8:58:88:59:5f:25:23:1e:38:
         6c:cf:59:5b:5a:1e:4d:fa:44:a1:2b:37:0f:84:8c:7a:2e:33:
         88:15:e8:78:08:11:da:37:6f:df:89:f7:e4:e2:94:b7:7a:23:
         b0:b0:cf:25
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUVDpTGEbM+dWOW3MOZpk5vzoz880wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDkwNloX
DTI3MDMwMzA2MTQwNlowMzExMC8GA1UEAxMoMjlBOEQ3OTRCNzI5OEIxRUNBNTZG
QTdFNTc1OERGREFEODhCNkJFMDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKp0DoV0JC3Klo9EmIslk/NomOLMm4QE4NUhR84pWGvNQyz5gTX6lZEtO5bK
FWF0KVUy557qcaHUiwL9iw/o6e/93tzFHRiRF4LbI0V1Ii4RXC/zX9o1e3m7GyMK
P+00zBio2rZFa6VZfjj3MUImHCZjafYbb6W4ay3UIT65lwn4AzuX9ybDUoPAOH4K
OPKem2rAb4zO7WVnJf3zEzbUTg4pGz7YOI4tlm1TH0+RnwWkJQj0Xfs3/gbvx5LS
8p7Lup+4yDnvrVjwX8FIKRwrXJajpnxJIeWeGBmWLjO3tBvyVXNeVw0p5j0DKCUW
euEhj/CqcrqwXx6goE/NK5EJv3MCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQpqNeU
tymLHspW+n5XWN/a2Itr4DAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MzU4OS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
o6swDQYJKoZIhvcNAQELBQADggEBANFKiq8EZkqFMsmRyzDzvozwAb0U/6UTJIgD
Et3LNgaBvcuW7quLde6W0dXOX9B9sPObSgJUjcyVnbGm5oXqDosOWeTWPOB7QFrT
OEiyRwXDicYe3IREFAnpHrs4zYjgCYZGUs2cxJEwOGxMh80uwBpNpzot77kP6t7T
HZ3Wl27Sgl0xVmKyVZCSmoGmEb2LtUKUFVCvsD0DlWBPlmTrUcEhKRxr+uRJaE88
ssp213rkZQIaLHbkWkvDGi8FEnGyHpIYoqEyVD3w7+D4SOUYS+hYiFlfJSMeOGzP
WVtaHk36RKErNw+EjHouM4gV6HgIEdo3b9+J9+TilLd6I7CwzyU=
-----END CERTIFICATE-----