Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143601.roa
File:                     AS143601.roa (raw, json)
Hash identifier:          gnL0sHaR5YFKUj0c9w1Cb/iw5opmyXkgta1bT7GV6Eo=
Subject key identifier:   3F:2F:CC:5F:F4:A8:83:86:99:22:83:65:90:86:6A:71:49:34:A8:5E
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       40D94E91C856AE5C5B3776698F31F42ECEE6BFF6
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143601.roa
Signing time:             Wed 04 Mar 2026 06:13:00 +0000
ROA not before:           Wed 04 Mar 2026 06:08:00 +0000
ROA not after:            Wed 03 Mar 2027 06:13:00 +0000
asID:                     143601
IP address blocks:        240a:a3b7::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:d9:4e:91:c8:56:ae:5c:5b:37:76:69:8f:31:f4:2e:ce:e6:bf:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:08:00 2026 GMT
            Not After : Mar  3 06:13:00 2027 GMT
        Subject: CN=3F2FCC5FF4A883869922836590866A714934A85E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:56:e6:e5:fc:64:94:dc:9f:92:ad:4a:85:d5:
                    48:ed:13:27:30:29:cf:6a:c1:ae:d2:24:84:6d:94:
                    37:2f:af:37:59:e5:1d:8d:b2:5a:06:77:45:c3:fc:
                    b9:63:9d:75:f8:6e:52:c6:94:ae:c8:30:c8:71:08:
                    f0:5a:f4:76:ea:76:d6:a5:e4:ff:34:75:fa:f2:cf:
                    19:0d:d1:42:65:13:b3:d6:e0:c6:8d:ec:d8:4e:b8:
                    65:cc:e4:fd:e6:19:1a:67:d7:f7:fe:bb:e4:d5:c3:
                    d6:9f:88:b1:c7:6d:ef:89:d1:a9:f6:9e:29:2b:da:
                    75:b8:43:35:20:d8:a9:3d:1a:bb:8b:47:13:8a:ad:
                    92:7b:a2:ad:56:a1:72:87:cd:19:06:f0:fe:d0:ea:
                    be:f4:25:02:e3:9f:f8:f6:d1:55:57:95:b2:3e:5e:
                    07:43:e4:b2:20:82:64:a8:80:ff:86:cb:b6:37:66:
                    00:ff:59:58:d5:da:8c:20:f7:26:f9:00:e2:e4:21:
                    5c:ba:3d:17:fa:a9:ee:a3:a8:ec:64:ca:53:72:dd:
                    a5:bf:e0:74:f5:75:5d:b4:15:34:d8:a7:21:80:82:
                    f5:a6:f7:73:63:9d:84:ec:47:2c:9c:3f:8c:e7:7a:
                    38:06:e1:6f:62:70:9e:a6:5e:72:53:76:6a:6b:60:
                    89:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:2F:CC:5F:F4:A8:83:86:99:22:83:65:90:86:6A:71:49:34:A8:5E
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143601.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a3b7::/32

    Signature Algorithm: sha256WithRSAEncryption
         3c:60:bf:7e:4a:54:44:89:ab:34:cd:de:10:1f:fc:9b:32:a8:
         0e:75:05:97:df:d7:6f:4b:a2:6c:5b:f8:f0:f5:c5:f6:b8:1d:
         8b:9f:ca:db:2b:ba:24:96:ac:a2:da:3b:b6:70:24:c4:f4:99:
         0b:16:82:5e:05:f1:8d:b7:3d:7c:c7:ac:79:7e:a8:8d:3d:3e:
         00:2a:a9:4c:a3:27:b9:d8:27:ff:e7:8e:b8:98:47:4d:56:fb:
         f4:4e:32:c1:4c:4b:e7:2c:49:90:c9:f3:46:e6:13:72:1f:8a:
         a8:78:4d:8d:86:aa:1f:ed:98:7f:23:58:af:b3:aa:e8:80:35:
         12:3f:e6:ad:11:64:61:37:c5:a8:09:5a:59:1a:70:e5:53:38:
         ff:bd:af:c2:62:be:f3:cd:6d:16:0e:88:09:e8:eb:50:60:24:
         be:7f:47:74:e9:e0:66:64:b0:5d:c5:7e:2f:25:51:7d:40:ec:
         75:83:ed:c8:71:6f:9f:30:6c:25:45:ad:88:b9:79:7a:cf:0d:
         e5:97:d7:a9:f1:71:11:29:73:a3:c9:ed:fd:89:ea:8e:0b:65:
         76:3b:9c:05:26:b6:fe:16:5c:e4:ed:5e:f4:e3:2a:ec:43:12:
         bc:32:30:ef:1a:23:d5:2f:34:50:17:e5:73:ca:d6:13:28:fe:
         42:a1:ee:06
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUQNlOkchWrlxbN3ZpjzH0Ls7mv/YwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDgwMFoX
DTI3MDMwMzA2MTMwMFowMzExMC8GA1UEAxMoM0YyRkNDNUZGNEE4ODM4Njk5MjI4
MzY1OTA4NjZBNzE0OTM0QTg1RTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANlW5uX8ZJTcn5KtSoXVSO0TJzApz2rBrtIkhG2UNy+vN1nlHY2yWgZ3RcP8
uWOddfhuUsaUrsgwyHEI8Fr0dup21qXk/zR1+vLPGQ3RQmUTs9bgxo3s2E64Zczk
/eYZGmfX9/675NXD1p+Iscdt74nRqfaeKSvadbhDNSDYqT0au4tHE4qtknuirVah
cofNGQbw/tDqvvQlAuOf+PbRVVeVsj5eB0PksiCCZKiA/4bLtjdmAP9ZWNXajCD3
JvkA4uQhXLo9F/qp7qOo7GTKU3Ldpb/gdPV1XbQVNNinIYCC9ab3c2OdhOxHLJw/
jOd6OAbhb2JwnqZeclN2amtgiecCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQ/L8xf
9KiDhpkig2WQhmpxSTSoXjAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MzYwMS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
o7cwDQYJKoZIhvcNAQELBQADggEBADxgv35KVESJqzTN3hAf/JsyqA51BZff129L
omxb+PD1xfa4HYufytsruiSWrKLaO7ZwJMT0mQsWgl4F8Y23PXzHrHl+qI09PgAq
qUyjJ7nYJ//njriYR01W+/ROMsFMS+csSZDJ80bmE3Ifiqh4TY2Gqh/tmH8jWK+z
quiANRI/5q0RZGE3xagJWlkacOVTOP+9r8JivvPNbRYOiAno61BgJL5/R3Tp4GZk
sF3Ffi8lUX1A7HWD7chxb58wbCVFrYi5eXrPDeWX16nxcREpc6PJ7f2J6o4LZXY7
nAUmtv4WXOTtXvTjKuxDErwyMO8aI9UvNFAX5XPK1hMo/kKh7gY=
-----END CERTIFICATE-----