Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143608.roa
File:                     AS143608.roa (raw, json)
Hash identifier:          V2VEcU4jgC0yL7zbZilHK/e5Vx0vWp3el6qxeXbft6w=
Subject key identifier:   0A:A9:EF:E9:BC:15:7C:7A:70:06:11:E4:13:B1:74:0D:74:8D:68:5E
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       759129A1D260B3DE36F8B99366307E09755B3353
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143608.roa
Signing time:             Wed 04 Mar 2026 06:15:28 +0000
ROA not before:           Wed 04 Mar 2026 06:10:28 +0000
ROA not after:            Wed 03 Mar 2027 06:15:28 +0000
asID:                     143608
IP address blocks:        240a:a3be::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            75:91:29:a1:d2:60:b3:de:36:f8:b9:93:66:30:7e:09:75:5b:33:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:10:28 2026 GMT
            Not After : Mar  3 06:15:28 2027 GMT
        Subject: CN=0AA9EFE9BC157C7A700611E413B1740D748D685E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:89:3d:bc:96:b2:b4:03:24:ff:ee:4a:5f:43:
                    73:0f:be:de:b9:b1:a3:df:d7:dc:92:2f:d8:31:13:
                    fb:24:59:33:c8:1b:f0:32:95:39:71:a1:a5:60:be:
                    8a:af:b4:ef:c9:7e:38:d1:18:20:3c:7d:e1:bf:30:
                    8f:c7:33:2a:08:c5:e4:7e:91:9c:fb:45:58:e9:51:
                    c6:1f:b8:0d:f8:d7:11:32:d4:b2:18:d4:d9:4c:50:
                    0a:1a:a6:12:64:a8:ad:10:f1:5a:38:42:9b:79:c2:
                    b5:ff:9e:12:86:b5:3d:87:8a:04:77:52:0e:5c:e3:
                    93:c2:d7:ed:e4:38:50:05:36:c8:aa:26:e1:64:f0:
                    fb:bf:35:04:d4:25:b7:05:d8:a9:3c:26:a2:75:23:
                    bf:e7:17:76:e4:e3:f9:39:b0:36:1c:71:eb:a6:c3:
                    7c:1e:03:4a:b2:9a:fe:33:65:27:c7:c3:9f:d5:04:
                    78:1c:b3:37:1b:c0:f2:dc:05:45:1a:31:07:ae:57:
                    47:99:59:dd:13:f9:cf:53:ba:f1:ba:be:dc:cb:4b:
                    52:48:a9:83:aa:7f:35:9f:10:a6:a0:6e:a6:23:53:
                    a0:eb:a4:99:98:8c:30:1d:14:23:68:6b:d8:59:63:
                    68:08:90:e2:4e:c9:ed:89:dd:3a:1f:c6:ae:1d:4c:
                    23:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:A9:EF:E9:BC:15:7C:7A:70:06:11:E4:13:B1:74:0D:74:8D:68:5E
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143608.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a3be::/32

    Signature Algorithm: sha256WithRSAEncryption
         3d:b8:d1:ae:b8:8e:8f:a8:3d:78:8b:dc:bc:11:e2:22:b6:59:
         e7:cf:84:9d:88:0a:aa:5c:11:23:4a:91:0a:6c:35:9b:66:c2:
         e5:4e:2b:af:70:eb:7e:60:dd:40:56:be:dc:66:44:a4:a7:79:
         46:ad:53:56:de:b9:1e:6a:2f:9b:89:57:d2:08:7b:fc:72:83:
         d6:88:19:ad:f8:c8:ac:12:64:2f:07:13:ff:59:ea:11:a8:ed:
         f2:b6:c7:8b:8d:5f:63:e6:12:eb:3e:59:d5:c6:4e:94:d9:9e:
         56:1e:9f:38:df:9c:57:a3:d9:19:43:d8:1d:be:33:ed:4b:db:
         8f:35:fe:c1:bc:ae:a5:03:3e:66:1d:9c:69:a9:da:bf:b0:96:
         80:a6:a6:4b:e2:aa:af:23:20:dd:d7:b1:9f:f5:ac:6e:dc:9d:
         1e:44:06:a6:8b:98:54:2b:ce:92:93:1b:51:6d:56:64:bd:23:
         32:78:7e:64:1c:7b:5c:d2:67:24:b8:d5:86:04:e7:2a:b1:e4:
         5c:aa:de:c5:6e:68:50:c2:3e:29:7d:2d:f9:8a:7c:91:96:ac:
         f2:7d:f6:27:bb:4e:22:54:6e:f1:c8:9f:2f:13:e9:24:b4:b1:
         1d:f2:3b:cf:6e:ea:92:a5:e1:54:5b:23:f5:74:a4:da:ff:98:
         15:99:c2:2a
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUdZEpodJgs942+LmTZjB+CXVbM1MwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTAyOFoX
DTI3MDMwMzA2MTUyOFowMzExMC8GA1UEAxMoMEFBOUVGRTlCQzE1N0M3QTcwMDYx
MUU0MTNCMTc0MEQ3NDhENjg1RTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKaJPbyWsrQDJP/uSl9Dcw++3rmxo9/X3JIv2DET+yRZM8gb8DKVOXGhpWC+
iq+078l+ONEYIDx94b8wj8czKgjF5H6RnPtFWOlRxh+4DfjXETLUshjU2UxQChqm
EmSorRDxWjhCm3nCtf+eEoa1PYeKBHdSDlzjk8LX7eQ4UAU2yKom4WTw+781BNQl
twXYqTwmonUjv+cXduTj+TmwNhxx66bDfB4DSrKa/jNlJ8fDn9UEeByzNxvA8twF
RRoxB65XR5lZ3RP5z1O68bq+3MtLUkipg6p/NZ8QpqBupiNToOukmZiMMB0UI2hr
2FljaAiQ4k7J7YndOh/Grh1MI8kCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQKqe/p
vBV8enAGEeQTsXQNdI1oXjAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MzYwOC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
o74wDQYJKoZIhvcNAQELBQADggEBAD240a64jo+oPXiL3LwR4iK2WefPhJ2ICqpc
ESNKkQpsNZtmwuVOK69w635g3UBWvtxmRKSneUatU1beuR5qL5uJV9IIe/xyg9aI
Ga34yKwSZC8HE/9Z6hGo7fK2x4uNX2PmEus+WdXGTpTZnlYenzjfnFej2RlD2B2+
M+1L2481/sG8rqUDPmYdnGmp2r+wloCmpkviqq8jIN3XsZ/1rG7cnR5EBqaLmFQr
zpKTG1FtVmS9IzJ4fmQce1zSZyS41YYE5yqx5Fyq3sVuaFDCPil9LfmKfJGWrPJ9
9ie7TiJUbvHIny8T6SS0sR3yO89u6pKl4VRbI/V0pNr/mBWZwio=
-----END CERTIFICATE-----