Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143590.roa
File:                     AS143590.roa (raw, json)
Hash identifier:          3chVWDZjt0K8REIaJ8ByLc9QJ3VhPXi5+9c6TtWEqQE=
Subject key identifier:   29:E5:25:FD:B1:C1:61:80:C2:E5:07:7F:A6:51:9D:C5:6D:80:A5:60
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       75D5F2F5A33AF94A8D8552751C733E43EF4A3A50
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143590.roa
Signing time:             Wed 04 Mar 2026 06:15:48 +0000
ROA not before:           Wed 04 Mar 2026 06:10:48 +0000
ROA not after:            Wed 03 Mar 2027 06:15:48 +0000
asID:                     143590
IP address blocks:        240a:a3ac::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            75:d5:f2:f5:a3:3a:f9:4a:8d:85:52:75:1c:73:3e:43:ef:4a:3a:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:10:48 2026 GMT
            Not After : Mar  3 06:15:48 2027 GMT
        Subject: CN=29E525FDB1C16180C2E5077FA6519DC56D80A560
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:96:30:13:f1:99:85:97:1a:a0:dd:0b:12:ba:
                    c8:75:46:2c:81:56:b0:73:e8:21:0a:a7:ec:04:0d:
                    0b:fb:70:ac:4b:87:89:39:76:9b:99:25:24:d6:b6:
                    93:90:48:bc:d6:1a:67:a9:70:5e:7f:a6:05:ec:00:
                    43:70:ec:5b:9e:17:84:85:b8:b2:11:11:88:ed:1f:
                    a8:36:95:82:e3:9c:19:a1:7b:ab:8b:d8:0c:73:41:
                    56:7d:97:0c:77:06:86:2d:30:e4:d2:4b:09:47:1b:
                    b1:2b:5d:58:36:3a:d3:de:79:08:65:58:e1:ac:08:
                    d7:c4:ed:c1:df:d9:49:a3:87:7c:8c:32:9c:70:76:
                    e5:be:b2:ea:ab:00:39:e4:68:fe:90:a4:5d:5e:e4:
                    dd:52:40:c5:d7:81:8c:89:e6:7a:24:36:4c:62:bb:
                    f0:78:3f:95:87:ae:8c:d7:b0:95:99:2f:12:0f:c7:
                    07:4c:41:84:be:1f:15:77:d6:8d:47:c0:ec:43:85:
                    d2:ed:87:49:04:7f:74:d9:3d:30:d0:64:e7:70:78:
                    5a:85:39:f7:70:e2:ee:57:06:24:b8:c1:c7:10:90:
                    21:a4:58:ff:0b:a3:2a:d3:25:1f:db:f5:15:6b:31:
                    92:fb:27:ca:cf:ac:43:e0:7a:7f:db:bc:6c:3c:cb:
                    c3:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:E5:25:FD:B1:C1:61:80:C2:E5:07:7F:A6:51:9D:C5:6D:80:A5:60
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143590.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a3ac::/32

    Signature Algorithm: sha256WithRSAEncryption
         a5:df:a8:bd:15:02:eb:58:80:42:ec:ea:33:3e:d9:ea:51:0a:
         2e:e0:87:05:61:d2:11:02:7a:b9:d1:20:24:26:82:8f:49:e6:
         8a:53:32:d8:74:6d:bc:7f:02:ba:d7:60:21:f1:aa:e6:58:a1:
         70:fc:e2:4d:c1:23:b8:27:1c:ab:3e:e7:c5:e9:ae:60:99:53:
         eb:38:34:11:43:10:11:f9:db:8f:4b:41:99:9a:ff:db:4d:1f:
         b2:2d:4e:df:54:99:3e:3c:3e:a3:a6:04:d4:b3:a8:0c:92:7d:
         e8:e0:12:59:63:95:5a:bd:2a:8a:6f:0e:6f:60:c6:e0:32:55:
         fc:a5:8d:a4:7f:78:3c:ca:53:eb:b5:84:b8:e9:58:6b:31:9e:
         a3:61:cc:6b:db:1c:ec:ca:40:7f:4e:13:f2:ea:0e:98:d9:35:
         50:1e:7e:dd:7f:43:16:41:38:5c:7a:ae:66:30:bf:04:40:1b:
         6e:cd:10:fa:94:0a:b1:8a:b4:4b:82:99:3c:0d:6e:5b:99:1c:
         b7:61:4e:ce:33:c9:ad:83:b1:ce:95:76:64:8d:e8:02:b4:e5:
         8a:0a:f0:ad:b9:30:22:6e:48:4d:4b:5e:e7:6e:c5:e7:14:45:
         ab:d2:da:3b:79:bb:bb:25:4a:6d:49:29:7f:28:e7:27:01:ea:
         ce:d8:04:6d
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUddXy9aM6+UqNhVJ1HHM+Q+9KOlAwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTA0OFoX
DTI3MDMwMzA2MTU0OFowMzExMC8GA1UEAxMoMjlFNTI1RkRCMUMxNjE4MEMyRTUw
NzdGQTY1MTlEQzU2RDgwQTU2MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALuWMBPxmYWXGqDdCxK6yHVGLIFWsHPoIQqn7AQNC/twrEuHiTl2m5klJNa2
k5BIvNYaZ6lwXn+mBewAQ3DsW54XhIW4shERiO0fqDaVguOcGaF7q4vYDHNBVn2X
DHcGhi0w5NJLCUcbsStdWDY60955CGVY4awI18Ttwd/ZSaOHfIwynHB25b6y6qsA
OeRo/pCkXV7k3VJAxdeBjInmeiQ2TGK78Hg/lYeujNewlZkvEg/HB0xBhL4fFXfW
jUfA7EOF0u2HSQR/dNk9MNBk53B4WoU593Di7lcGJLjBxxCQIaRY/wujKtMlH9v1
FWsxkvsnys+sQ+B6f9u8bDzLw88CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQp5SX9
scFhgMLlB3+mUZ3FbYClYDAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MzU5MC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
o6wwDQYJKoZIhvcNAQELBQADggEBAKXfqL0VAutYgELs6jM+2epRCi7ghwVh0hEC
ernRICQmgo9J5opTMth0bbx/ArrXYCHxquZYoXD84k3BI7gnHKs+58XprmCZU+s4
NBFDEBH5249LQZma/9tNH7ItTt9UmT48PqOmBNSzqAySfejgElljlVq9KopvDm9g
xuAyVfyljaR/eDzKU+u1hLjpWGsxnqNhzGvbHOzKQH9OE/LqDpjZNVAeft1/QxZB
OFx6rmYwvwRAG27NEPqUCrGKtEuCmTwNbluZHLdhTs4zya2Dsc6VdmSN6AK05YoK
8K25MCJuSE1LXuduxecURavS2jt5u7slSm1JKX8o5ycB6s7YBG0=
-----END CERTIFICATE-----