Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143613.roa
File:                     AS143613.roa (raw, json)
Hash identifier:          BVvtw9ysafXML9HJgOFUm78nxlPYRb5Jp4GCgCmG+vw=
Subject key identifier:   0A:DB:A9:EF:CF:98:EF:C3:6D:5E:02:3D:EC:98:49:61:DB:5F:4E:63
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       457C87E40FF62164725E87A343530CC605B0DB40
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143613.roa
Signing time:             Wed 04 Mar 2026 06:13:10 +0000
ROA not before:           Wed 04 Mar 2026 06:08:10 +0000
ROA not after:            Wed 03 Mar 2027 06:13:10 +0000
asID:                     143613
IP address blocks:        240a:a3c3::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:7c:87:e4:0f:f6:21:64:72:5e:87:a3:43:53:0c:c6:05:b0:db:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:08:10 2026 GMT
            Not After : Mar  3 06:13:10 2027 GMT
        Subject: CN=0ADBA9EFCF98EFC36D5E023DEC984961DB5F4E63
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:e4:86:72:68:43:a8:52:63:a0:a2:65:2c:52:
                    19:c0:31:4a:8b:e2:64:c5:f4:6c:d2:da:c0:0d:9e:
                    fa:e5:81:b2:17:2c:b3:51:81:ea:b3:8d:19:3f:fb:
                    f6:5e:ed:0b:87:2b:93:0b:d4:e5:f3:70:78:f0:7c:
                    95:80:95:fa:ed:04:33:45:51:3c:b3:7e:8f:48:78:
                    8a:29:1a:e1:c3:6a:6c:57:3f:77:3d:49:a9:ca:9f:
                    a5:0c:2a:86:09:5b:42:09:79:73:2b:9a:9e:ee:7f:
                    e6:6a:53:6c:ea:80:a0:90:16:60:79:3e:67:99:6f:
                    42:04:13:d9:af:ef:93:d9:23:72:80:df:9d:18:42:
                    e0:29:5d:62:1e:03:d7:bb:08:de:09:83:13:4a:e8:
                    6d:6c:88:0d:82:d0:05:84:46:67:e9:87:7e:96:d3:
                    d8:a5:b0:22:fc:15:1e:4f:05:7e:43:64:c2:98:db:
                    2b:ff:d1:95:b3:5f:ee:e4:60:3a:ec:cf:2a:bd:76:
                    51:67:3c:9a:ad:32:a4:5c:13:22:76:96:22:63:2a:
                    93:94:fb:23:78:e0:00:5b:e1:87:83:9a:9b:63:62:
                    c6:b7:eb:d1:77:4a:29:39:34:b3:b2:ea:e5:4c:e3:
                    cd:ca:e7:41:4c:16:5e:45:2a:4e:ea:af:76:21:3f:
                    4a:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:DB:A9:EF:CF:98:EF:C3:6D:5E:02:3D:EC:98:49:61:DB:5F:4E:63
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143613.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a3c3::/32

    Signature Algorithm: sha256WithRSAEncryption
         b8:62:9e:b7:b8:0b:4a:9a:99:5f:08:5a:be:a5:61:4a:ac:81:
         d3:59:f4:76:39:ac:82:f4:e3:a6:46:99:a1:97:13:39:88:eb:
         cf:d2:53:97:49:84:16:cf:b2:13:ef:bd:75:d1:bf:4e:50:d2:
         1e:be:39:0c:11:8e:a0:2d:8e:fa:cd:b3:93:3a:21:7d:c5:17:
         95:cd:c8:39:59:82:d2:65:af:3f:ed:b2:76:b3:8d:3c:34:8b:
         1a:5c:af:8b:bf:05:bc:86:f9:ab:b0:2f:ff:08:91:ad:d5:91:
         8d:11:d6:8d:31:29:6e:b6:63:1b:74:07:d4:ac:5a:6a:7a:c8:
         57:64:34:be:5a:0d:71:5a:a6:e4:ad:d7:28:79:84:1b:98:5a:
         d6:8e:d4:57:80:1f:4b:03:ef:ce:c2:18:7e:74:90:dd:44:91:
         44:75:fc:8f:cd:ef:74:a8:a1:da:a6:48:d9:1d:4a:49:4c:50:
         7a:3e:fd:8e:91:75:ee:f5:47:5e:74:f6:b8:53:1a:9c:66:f2:
         a9:ef:1a:fe:7f:15:a1:c0:a3:19:ca:90:2a:df:a2:c2:73:1e:
         0d:91:3b:d8:68:a9:1d:f2:3d:ed:2d:6a:73:33:a6:6d:af:41:
         eb:1f:17:b9:b1:47:b1:57:16:46:a5:8f:e1:cc:a3:95:23:fb:
         18:ac:79:b7
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIURXyH5A/2IWRyXoejQ1MMxgWw20AwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDgxMFoX
DTI3MDMwMzA2MTMxMFowMzExMC8GA1UEAxMoMEFEQkE5RUZDRjk4RUZDMzZENUUw
MjNERUM5ODQ5NjFEQjVGNEU2MzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAM3khnJoQ6hSY6CiZSxSGcAxSoviZMX0bNLawA2e+uWBshcss1GB6rONGT/7
9l7tC4crkwvU5fNwePB8lYCV+u0EM0VRPLN+j0h4iika4cNqbFc/dz1JqcqfpQwq
hglbQgl5cyuanu5/5mpTbOqAoJAWYHk+Z5lvQgQT2a/vk9kjcoDfnRhC4CldYh4D
17sI3gmDE0robWyIDYLQBYRGZ+mHfpbT2KWwIvwVHk8FfkNkwpjbK//RlbNf7uRg
OuzPKr12UWc8mq0ypFwTInaWImMqk5T7I3jgAFvhh4Oam2Nixrfr0XdKKTk0s7Lq
5UzjzcrnQUwWXkUqTuqvdiE/SvUCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQK26nv
z5jvw21eAj3smElh219OYzAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MzYxMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
o8MwDQYJKoZIhvcNAQELBQADggEBALhinre4C0qamV8IWr6lYUqsgdNZ9HY5rIL0
46ZGmaGXEzmI68/SU5dJhBbPshPvvXXRv05Q0h6+OQwRjqAtjvrNs5M6IX3FF5XN
yDlZgtJlrz/tsnazjTw0ixpcr4u/BbyG+auwL/8Ika3VkY0R1o0xKW62Yxt0B9Ss
Wmp6yFdkNL5aDXFapuSt1yh5hBuYWtaO1FeAH0sD787CGH50kN1EkUR1/I/N73So
odqmSNkdSklMUHo+/Y6Rde71R1509rhTGpxm8qnvGv5/FaHAoxnKkCrfosJzHg2R
O9hoqR3yPe0tanMzpm2vQesfF7mxR7FXFkalj+HMo5Uj+xisebc=
-----END CERTIFICATE-----