Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143592.roa
File:                     AS143592.roa (raw, json)
Hash identifier:          AxhJn/2SQscp7zrGlshyyeOjaQ/ProTVRhyQhh38LNc=
Subject key identifier:   7D:DD:2E:05:9C:88:E2:9D:EB:FC:99:75:09:D5:D3:E8:5E:C0:5D:B1
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       5ABCD5EC556981AD85F38AEC08FB0755485753F8
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143592.roa
Signing time:             Wed 04 Mar 2026 06:15:10 +0000
ROA not before:           Wed 04 Mar 2026 06:10:10 +0000
ROA not after:            Wed 03 Mar 2027 06:15:10 +0000
asID:                     143592
IP address blocks:        240a:a3ae::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5a:bc:d5:ec:55:69:81:ad:85:f3:8a:ec:08:fb:07:55:48:57:53:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:10:10 2026 GMT
            Not After : Mar  3 06:15:10 2027 GMT
        Subject: CN=7DDD2E059C88E29DEBFC997509D5D3E85EC05DB1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:24:de:e3:47:87:09:8d:5d:99:c7:85:e4:d0:
                    6b:a5:52:ce:6c:d7:e6:f9:e1:8f:c7:59:41:4d:c0:
                    01:cd:b2:94:8e:f8:74:4b:8f:da:15:16:0f:99:b9:
                    7b:6f:63:d0:bd:24:9a:99:b2:74:2f:57:25:89:78:
                    52:3f:8b:d3:7b:1a:97:05:ab:7f:49:56:ee:9b:eb:
                    79:79:f6:51:bf:51:ab:ee:c8:90:16:ed:df:3c:75:
                    ff:82:9c:f9:85:6c:2c:f1:e9:ed:7e:d9:1a:a7:07:
                    06:e1:81:ae:14:d4:f3:c1:00:af:6e:8a:5f:58:0a:
                    5a:ae:30:e9:9f:a9:03:ba:3e:4e:b1:77:65:21:bc:
                    79:40:8b:ba:ad:dd:47:1e:3c:02:42:ce:98:db:f7:
                    68:37:46:33:37:a6:5a:f3:2c:7b:9f:66:bf:d5:d3:
                    bd:38:de:74:31:d9:c5:69:89:f3:d5:18:e1:c5:54:
                    34:2d:bb:a4:12:2b:86:c6:f0:17:82:d1:28:b3:f9:
                    ef:03:72:cd:b9:7d:78:0e:56:bd:b9:1e:4c:6a:c1:
                    63:d0:8e:11:28:d3:e6:89:9d:e0:5e:06:b1:0f:cd:
                    69:4c:ec:6e:c5:1f:8d:e0:d6:ba:11:d9:cc:0e:07:
                    02:20:7f:53:f4:f9:17:0d:88:d0:2a:55:6c:60:05:
                    4a:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:DD:2E:05:9C:88:E2:9D:EB:FC:99:75:09:D5:D3:E8:5E:C0:5D:B1
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143592.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a3ae::/32

    Signature Algorithm: sha256WithRSAEncryption
         a3:d6:0e:bf:49:4d:3e:03:c7:79:2c:c9:5a:43:5d:a5:a8:f2:
         58:09:68:fe:76:f8:6e:b9:70:53:fb:e4:88:5b:e9:44:ed:9d:
         08:56:3d:3d:6e:0d:ee:ed:0e:ec:6e:d6:c6:b3:89:c0:2c:d3:
         59:8c:4f:4d:6e:5d:f7:a1:ad:1d:9c:e1:d2:cb:8f:41:b8:ad:
         a3:7b:73:c1:c0:c2:65:f2:fd:02:dc:c0:f4:2a:08:8b:b1:17:
         aa:14:cb:02:55:28:96:d0:09:a4:b4:6f:68:c7:ae:f8:7b:2a:
         7e:2c:da:b1:23:ce:67:c1:fa:cd:4d:6d:21:d2:8a:5f:45:e2:
         5a:d9:fc:c2:8d:ed:93:e2:75:0d:ee:46:82:67:1b:d6:e1:dc:
         42:19:21:be:25:fb:f7:d0:59:fd:7f:96:e7:ea:32:bb:14:81:
         9e:c6:a3:e4:f5:04:71:ab:e4:a6:67:e5:6e:d4:9a:5a:8e:9f:
         2d:58:06:8e:0a:c5:a3:03:63:5d:4b:b7:fc:44:03:f0:11:43:
         b9:22:2f:bd:63:39:20:46:c2:bf:92:9c:f4:5a:c9:bf:3f:ee:
         e8:47:8b:75:8f:c7:fd:b9:35:c2:8d:42:c5:6d:99:8c:3d:06:
         21:76:63:92:8d:59:ce:b3:a2:3f:10:6e:c6:e3:43:b9:32:8c:
         95:de:a4:8f
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUWrzV7FVpga2F84rsCPsHVUhXU/gwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTAxMFoX
DTI3MDMwMzA2MTUxMFowMzExMC8GA1UEAxMoN0RERDJFMDU5Qzg4RTI5REVCRkM5
OTc1MDlENUQzRTg1RUMwNURCMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMsk3uNHhwmNXZnHheTQa6VSzmzX5vnhj8dZQU3AAc2ylI74dEuP2hUWD5m5
e29j0L0kmpmydC9XJYl4Uj+L03salwWrf0lW7pvreXn2Ub9Rq+7IkBbt3zx1/4Kc
+YVsLPHp7X7ZGqcHBuGBrhTU88EAr26KX1gKWq4w6Z+pA7o+TrF3ZSG8eUCLuq3d
Rx48AkLOmNv3aDdGMzemWvMse59mv9XTvTjedDHZxWmJ89UY4cVUNC27pBIrhsbw
F4LRKLP57wNyzbl9eA5WvbkeTGrBY9COESjT5omd4F4GsQ/NaUzsbsUfjeDWuhHZ
zA4HAiB/U/T5Fw2I0CpVbGAFSmECAwEAAaOCAcUwggHBMB0GA1UdDgQWBBR93S4F
nIjinev8mXUJ1dPoXsBdsTAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MzU5Mi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
o64wDQYJKoZIhvcNAQELBQADggEBAKPWDr9JTT4Dx3ksyVpDXaWo8lgJaP52+G65
cFP75Ihb6UTtnQhWPT1uDe7tDuxu1sazicAs01mMT01uXfehrR2c4dLLj0G4raN7
c8HAwmXy/QLcwPQqCIuxF6oUywJVKJbQCaS0b2jHrvh7Kn4s2rEjzmfB+s1NbSHS
il9F4lrZ/MKN7ZPidQ3uRoJnG9bh3EIZIb4l+/fQWf1/lufqMrsUgZ7Go+T1BHGr
5KZn5W7UmlqOny1YBo4KxaMDY11Lt/xEA/ARQ7kiL71jOSBGwr+SnPRayb8/7uhH
i3WPx/25NcKNQsVtmYw9BiF2Y5KNWc6zoj8QbsbjQ7kyjJXepI8=
-----END CERTIFICATE-----