Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143605.roa
File:                     AS143605.roa (raw, json)
Hash identifier:          hTDHGtbvjFhtFE9IbFHp9/x3bb/IU9R3KuOkAG47u2w=
Subject key identifier:   F8:3D:6C:EB:1D:6F:D6:8F:BF:17:6C:D8:A8:D0:43:D3:98:D3:C6:64
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       0467553A95BEC499E46EAAFF4D7DE649E99B0009
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143605.roa
Signing time:             Wed 04 Mar 2026 06:13:52 +0000
ROA not before:           Wed 04 Mar 2026 06:08:52 +0000
ROA not after:            Wed 03 Mar 2027 06:13:52 +0000
asID:                     143605
IP address blocks:        240a:a3bb::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:67:55:3a:95:be:c4:99:e4:6e:aa:ff:4d:7d:e6:49:e9:9b:00:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:08:52 2026 GMT
            Not After : Mar  3 06:13:52 2027 GMT
        Subject: CN=F83D6CEB1D6FD68FBF176CD8A8D043D398D3C664
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:3d:60:dc:f2:e2:7e:81:8a:3a:cd:a4:72:d6:
                    4d:8c:64:56:a7:e2:69:df:3c:87:16:61:1a:25:9e:
                    3d:fb:28:9b:d7:c2:a1:ca:12:5d:f7:26:c9:6c:be:
                    2b:d3:99:b6:81:0b:ea:3b:e1:16:7d:50:63:37:e5:
                    36:bd:55:6e:98:f1:b3:b0:1a:04:0a:ce:89:b0:44:
                    21:99:39:d3:b3:a9:a3:ee:f0:3c:6a:b7:2a:8a:18:
                    ab:99:b4:ad:96:32:29:0f:38:37:2b:9f:66:48:a2:
                    09:ed:b9:10:fb:58:c4:ff:e9:8e:b1:17:17:df:0c:
                    7e:3c:36:2e:8b:ac:c5:64:0b:db:98:79:16:23:d4:
                    56:33:d2:b8:b7:d1:95:61:b5:91:56:04:ba:89:ab:
                    89:22:f7:e4:58:10:a0:42:b3:f1:1a:80:14:70:07:
                    24:58:4c:68:cc:6a:6a:f2:b9:1b:fb:db:a3:54:4e:
                    be:aa:03:c9:da:0a:e9:3b:e9:9e:dc:a5:d9:c0:f1:
                    59:ee:d5:88:0e:22:62:49:95:43:ce:1f:67:ca:3b:
                    47:a8:06:3f:8d:14:72:3f:fe:5c:bb:76:b4:29:55:
                    ed:2b:cb:3d:6f:c2:9a:32:b3:90:d8:a6:51:f8:11:
                    af:ed:e3:a0:75:2c:b4:dc:f5:11:54:a6:d3:91:b1:
                    37:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:3D:6C:EB:1D:6F:D6:8F:BF:17:6C:D8:A8:D0:43:D3:98:D3:C6:64
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143605.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a3bb::/32

    Signature Algorithm: sha256WithRSAEncryption
         b8:34:df:87:3e:92:b3:51:58:c6:3d:df:8a:f7:66:d8:ab:f9:
         ee:45:ae:49:c1:28:f8:c3:9d:a0:fc:ed:5c:c4:99:c4:b4:34:
         ac:08:9b:4e:44:7e:db:b9:5e:35:7e:14:7a:6c:42:31:68:79:
         5d:9d:b1:2b:07:ae:13:a7:99:5a:3e:be:f8:40:e6:e2:eb:f2:
         d9:94:a8:3c:20:2f:22:27:5b:38:63:97:a9:a5:e6:d5:55:57:
         0b:2e:68:f3:d9:60:ac:b1:02:48:e1:df:d3:c1:7d:03:9c:9b:
         47:7b:e9:fd:d2:a2:81:d6:0f:ee:1a:06:58:72:ec:f0:bc:03:
         a1:3c:0b:f1:c0:f6:83:ce:8a:43:0a:a0:80:ce:be:8a:76:e4:
         df:cc:44:e1:3a:b3:02:71:cb:df:6d:33:52:71:6b:b0:e9:1b:
         15:33:04:f3:26:dd:cf:61:eb:c4:a7:73:f7:d2:29:bd:bb:96:
         de:39:c7:30:69:d6:4e:50:e3:a3:01:16:87:56:eb:98:58:e6:
         3f:f8:28:57:e4:ba:cd:ce:17:bd:b4:f1:47:05:86:6d:01:c7:
         f0:2c:35:03:a3:45:7a:20:02:28:29:87:ec:b5:67:bb:fe:af:
         34:f1:e7:94:cb:34:87:e8:61:b4:9e:25:dd:e6:fc:df:c8:ee:
         e0:a8:4e:fb
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUBGdVOpW+xJnkbqr/TX3mSembAAkwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDg1MloX
DTI3MDMwMzA2MTM1MlowMzExMC8GA1UEAxMoRjgzRDZDRUIxRDZGRDY4RkJGMTc2
Q0Q4QThEMDQzRDM5OEQzQzY2NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKE9YNzy4n6BijrNpHLWTYxkVqfiad88hxZhGiWePfsom9fCocoSXfcmyWy+
K9OZtoEL6jvhFn1QYzflNr1Vbpjxs7AaBArOibBEIZk507Opo+7wPGq3KooYq5m0
rZYyKQ84NyufZkiiCe25EPtYxP/pjrEXF98Mfjw2LousxWQL25h5FiPUVjPSuLfR
lWG1kVYEuomriSL35FgQoEKz8RqAFHAHJFhMaMxqavK5G/vbo1ROvqoDydoK6Tvp
ntyl2cDxWe7ViA4iYkmVQ84fZ8o7R6gGP40Ucj/+XLt2tClV7SvLPW/CmjKzkNim
UfgRr+3joHUstNz1EVSm05GxN7ECAwEAAaOCAcUwggHBMB0GA1UdDgQWBBT4PWzr
HW/Wj78XbNio0EPTmNPGZDAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MzYwNS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
o7swDQYJKoZIhvcNAQELBQADggEBALg034c+krNRWMY934r3Ztir+e5FrknBKPjD
naD87VzEmcS0NKwIm05Eftu5XjV+FHpsQjFoeV2dsSsHrhOnmVo+vvhA5uLr8tmU
qDwgLyInWzhjl6ml5tVVVwsuaPPZYKyxAkjh39PBfQOcm0d76f3SooHWD+4aBlhy
7PC8A6E8C/HA9oPOikMKoIDOvop25N/MROE6swJxy99tM1Jxa7DpGxUzBPMm3c9h
68Snc/fSKb27lt45xzBp1k5Q46MBFodW65hY5j/4KFfkus3OF7208UcFhm0Bx/As
NQOjRXogAigph+y1Z7v+rzTx55TLNIfoYbSeJd3m/N/I7uCoTvs=
-----END CERTIFICATE-----