Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143602.roa
File:                     AS143602.roa (raw, json)
Hash identifier:          UJR7J4uhsorfIWo16gCeEcInHn6m9Dt2wleGRYMik+I=
Subject key identifier:   D1:15:D6:AF:E3:EF:42:F4:B4:EE:87:44:87:85:61:F3:25:10:08:92
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       632C0FFE2003C31D83824B9C3C26722E60372437
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143602.roa
Signing time:             Wed 04 Mar 2026 06:14:15 +0000
ROA not before:           Wed 04 Mar 2026 06:09:15 +0000
ROA not after:            Wed 03 Mar 2027 06:14:15 +0000
asID:                     143602
IP address blocks:        240a:a3b8::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:2c:0f:fe:20:03:c3:1d:83:82:4b:9c:3c:26:72:2e:60:37:24:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:09:15 2026 GMT
            Not After : Mar  3 06:14:15 2027 GMT
        Subject: CN=D115D6AFE3EF42F4B4EE8744878561F325100892
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:3b:91:4b:ec:6b:98:38:6b:ea:19:c3:f3:c6:
                    c1:dc:57:00:f1:f7:2a:2f:9a:f0:1f:75:b6:92:ca:
                    00:46:5f:f9:c7:38:64:3e:78:d5:79:7d:27:52:a3:
                    81:f2:4e:5d:c6:e2:18:42:21:a2:10:14:8e:00:65:
                    19:b2:15:7b:6a:03:a2:ce:35:e8:95:d7:06:1c:2d:
                    66:35:ab:76:6e:b0:e2:c8:38:09:14:05:f2:cb:df:
                    d1:b1:63:24:ab:23:84:28:32:cf:a5:17:8e:3f:39:
                    d3:bc:4d:2e:ea:9e:de:25:49:33:83:d0:6f:36:4d:
                    0a:6c:11:ec:22:5a:b8:45:7c:f0:5d:7c:ff:d4:6f:
                    3e:98:ff:02:1e:a0:0c:62:d8:fd:37:a5:57:b0:2e:
                    2b:1e:f5:f3:aa:98:30:bf:7b:d3:cb:f1:14:14:a2:
                    66:d4:f7:e8:c0:f8:98:88:e0:11:da:59:95:61:81:
                    b4:92:79:cf:10:72:45:7a:69:85:f2:e8:3c:be:20:
                    f6:39:59:ed:17:d9:f8:70:14:b3:e4:8a:a7:31:f4:
                    7b:95:a7:7d:ae:ab:7a:e8:19:52:30:11:cb:66:71:
                    2d:2f:5e:8d:d0:bb:eb:98:74:2a:09:09:e3:8c:17:
                    a0:7a:78:43:7e:b9:76:e7:be:9f:87:00:32:ef:b6:
                    10:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:15:D6:AF:E3:EF:42:F4:B4:EE:87:44:87:85:61:F3:25:10:08:92
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143602.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a3b8::/32

    Signature Algorithm: sha256WithRSAEncryption
         84:9e:04:d9:a7:0e:0a:2d:43:eb:62:b9:66:bf:0e:32:14:5c:
         8f:eb:b9:45:d8:6c:be:4c:8b:40:9e:1f:60:bd:73:ce:55:62:
         8c:04:a1:da:d2:af:37:37:b0:8d:fb:9f:7e:85:cb:3d:23:3b:
         71:a3:3b:ba:2f:43:e6:73:82:f6:f7:24:bd:c6:ea:e2:54:67:
         bb:31:1d:9e:94:94:b2:24:68:25:a4:7e:27:ad:7b:b7:b7:4b:
         4c:e6:ac:2e:55:3e:12:6a:60:c4:60:8c:9d:b8:a9:ff:e3:ed:
         5f:d0:b6:48:23:ba:39:16:79:b3:83:88:ed:90:fb:86:52:d1:
         e0:21:65:7e:31:97:fc:91:ca:ab:37:1a:be:90:17:93:d1:a2:
         3d:58:f7:57:54:d1:ce:96:bf:e9:9a:7d:54:d2:69:fa:d2:71:
         d0:8e:64:11:66:03:39:57:c3:7c:a8:d2:ee:02:30:53:5f:0d:
         32:ce:58:aa:a1:98:b8:72:17:89:73:8a:0a:cd:16:a6:30:a0:
         42:bc:b9:f2:ff:24:d8:ff:c8:72:ab:7b:79:c7:c5:b5:ec:83:
         1d:32:36:28:31:8a:c5:7e:30:41:45:87:aa:ca:56:ee:ca:a1:
         bc:37:21:1f:e8:25:c8:ca:88:be:a5:9a:32:ef:13:30:40:89:
         dc:6d:4d:23
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUYywP/iADwx2DgkucPCZyLmA3JDcwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDkxNVoX
DTI3MDMwMzA2MTQxNVowMzExMC8GA1UEAxMoRDExNUQ2QUZFM0VGNDJGNEI0RUU4
NzQ0ODc4NTYxRjMyNTEwMDg5MjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKc7kUvsa5g4a+oZw/PGwdxXAPH3Ki+a8B91tpLKAEZf+cc4ZD541Xl9J1Kj
gfJOXcbiGEIhohAUjgBlGbIVe2oDos416JXXBhwtZjWrdm6w4sg4CRQF8svf0bFj
JKsjhCgyz6UXjj8507xNLuqe3iVJM4PQbzZNCmwR7CJauEV88F18/9RvPpj/Ah6g
DGLY/TelV7AuKx7186qYML9708vxFBSiZtT36MD4mIjgEdpZlWGBtJJ5zxByRXpp
hfLoPL4g9jlZ7RfZ+HAUs+SKpzH0e5Wnfa6reugZUjARy2ZxLS9ejdC765h0KgkJ
44wXoHp4Q365due+n4cAMu+2EAMCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBTRFdav
4+9C9LTuh0SHhWHzJRAIkjAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MzYwMi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
o7gwDQYJKoZIhvcNAQELBQADggEBAISeBNmnDgotQ+tiuWa/DjIUXI/ruUXYbL5M
i0CeH2C9c85VYowEodrSrzc3sI37n36Fyz0jO3GjO7ovQ+Zzgvb3JL3G6uJUZ7sx
HZ6UlLIkaCWkfiete7e3S0zmrC5VPhJqYMRgjJ24qf/j7V/QtkgjujkWebODiO2Q
+4ZS0eAhZX4xl/yRyqs3Gr6QF5PRoj1Y91dU0c6Wv+mafVTSafrScdCOZBFmAzlX
w3yo0u4CMFNfDTLOWKqhmLhyF4lzigrNFqYwoEK8ufL/JNj/yHKre3nHxbXsgx0y
NigxisV+MEFFh6rKVu7Kobw3IR/oJcjKiL6lmjLvEzBAidxtTSM=
-----END CERTIFICATE-----