Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143622.roa
File:                     AS143622.roa (raw, json)
Hash identifier:          vqMR2SO9tGn+BHCgrJzgTHaOd7RY8J0uHQk3iyqh3go=
Subject key identifier:   C5:76:F9:74:B2:4C:00:9E:A7:1C:40:4A:14:B2:DA:AB:F2:0A:91:9D
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       296B35581DB1F266FEDCF80CA2B4357D9A14006C
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143622.roa
Signing time:             Wed 04 Mar 2026 06:13:57 +0000
ROA not before:           Wed 04 Mar 2026 06:08:57 +0000
ROA not after:            Wed 03 Mar 2027 06:13:57 +0000
asID:                     143622
IP address blocks:        240a:a3cc::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            29:6b:35:58:1d:b1:f2:66:fe:dc:f8:0c:a2:b4:35:7d:9a:14:00:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:08:57 2026 GMT
            Not After : Mar  3 06:13:57 2027 GMT
        Subject: CN=C576F974B24C009EA71C404A14B2DAABF20A919D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:a2:0d:bf:1d:4e:bd:38:59:45:80:fc:e4:66:
                    87:fd:88:20:4b:43:c1:f5:9c:bf:c9:14:5e:6d:2f:
                    f9:00:96:47:76:49:9a:73:14:e8:02:3f:68:33:9e:
                    3e:38:5c:fc:7f:1a:12:bd:69:0e:7e:0b:00:e9:52:
                    7c:f5:05:fd:c6:02:3f:de:56:e4:c6:0a:4c:7a:a2:
                    dc:62:44:f4:58:8a:05:db:5c:bb:8d:02:26:55:71:
                    a2:8b:ac:51:0e:71:60:85:d5:53:8d:e6:01:9f:cb:
                    7b:68:b1:6a:40:12:b2:f2:bc:69:ef:47:8a:d8:f0:
                    87:0b:04:db:7f:33:0e:69:f9:fa:6e:3c:40:8c:d1:
                    fb:87:c3:3f:a6:02:fa:99:55:5e:7b:34:33:61:08:
                    4d:ff:cb:58:66:37:1f:8d:d5:f2:42:45:40:79:fc:
                    b7:20:4d:80:6b:5a:c0:ce:f0:f8:6c:3f:21:89:b8:
                    c9:d5:d0:a1:8e:35:95:d2:65:07:58:b9:17:33:5b:
                    41:6a:a6:1f:55:98:90:35:01:06:37:44:7c:c4:7b:
                    bb:8c:5c:a7:99:32:31:89:aa:78:0e:72:c0:69:f6:
                    96:0c:d3:62:bb:e6:08:cf:9d:a3:f6:d0:4a:db:ba:
                    59:84:cc:70:cb:67:e4:e3:6e:2b:e6:d8:8e:a9:e3:
                    01:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:76:F9:74:B2:4C:00:9E:A7:1C:40:4A:14:B2:DA:AB:F2:0A:91:9D
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143622.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a3cc::/32

    Signature Algorithm: sha256WithRSAEncryption
         42:b5:ee:50:85:52:23:13:63:a4:10:24:e3:36:2b:11:79:20:
         2e:8b:12:6c:d6:7f:9f:50:fe:d2:55:ce:42:b5:e5:d4:23:8a:
         dd:37:6d:d1:34:cd:eb:6e:c6:ad:66:c9:97:86:70:75:b8:66:
         c5:a5:a7:b0:2f:18:d1:0d:91:13:5e:2e:a3:8e:b7:91:e9:2d:
         21:51:2b:1c:d3:ae:96:fd:70:f7:c6:36:b6:7b:15:35:b2:c9:
         ff:09:73:f0:10:24:c2:63:42:a4:b1:34:ea:2d:9b:23:e7:92:
         ab:41:a7:dc:ba:5d:53:a8:c9:d2:af:78:fe:80:e7:73:5b:e0:
         37:a9:ff:f8:9e:08:de:a8:18:09:b3:75:f8:07:8f:9d:aa:0b:
         17:fd:6a:59:c3:f3:3f:8c:72:a2:95:ef:ba:5c:e3:82:32:d4:
         42:5b:26:c3:be:96:be:79:b2:8d:09:93:c6:e0:c9:5e:fc:b6:
         9b:4c:f3:80:0f:d4:65:ce:76:0d:b8:50:74:04:63:4f:e5:21:
         4c:f7:84:e0:11:f7:f2:2c:61:33:96:30:df:6e:d9:b8:9f:29:
         55:dc:ba:51:24:3c:53:bf:98:8c:f0:f3:47:98:fd:82:8a:9d:
         d4:ca:36:5f:cb:2c:1a:34:14:5c:df:89:75:ad:81:8f:51:3e:
         02:bf:fd:42
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUKWs1WB2x8mb+3PgMorQ1fZoUAGwwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDg1N1oX
DTI3MDMwMzA2MTM1N1owMzExMC8GA1UEAxMoQzU3NkY5NzRCMjRDMDA5RUE3MUM0
MDRBMTRCMkRBQUJGMjBBOTE5RDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOOiDb8dTr04WUWA/ORmh/2IIEtDwfWcv8kUXm0v+QCWR3ZJmnMU6AI/aDOe
Pjhc/H8aEr1pDn4LAOlSfPUF/cYCP95W5MYKTHqi3GJE9FiKBdtcu40CJlVxoous
UQ5xYIXVU43mAZ/Le2ixakASsvK8ae9HitjwhwsE238zDmn5+m48QIzR+4fDP6YC
+plVXns0M2EITf/LWGY3H43V8kJFQHn8tyBNgGtawM7w+Gw/IYm4ydXQoY41ldJl
B1i5FzNbQWqmH1WYkDUBBjdEfMR7u4xcp5kyMYmqeA5ywGn2lgzTYrvmCM+do/bQ
Stu6WYTMcMtn5ONuK+bYjqnjATcCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBTFdvl0
skwAnqccQEoUstqr8gqRnTAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MzYyMi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
o8wwDQYJKoZIhvcNAQELBQADggEBAEK17lCFUiMTY6QQJOM2KxF5IC6LEmzWf59Q
/tJVzkK15dQjit03bdE0zetuxq1myZeGcHW4ZsWlp7AvGNENkRNeLqOOt5HpLSFR
KxzTrpb9cPfGNrZ7FTWyyf8Jc/AQJMJjQqSxNOotmyPnkqtBp9y6XVOoydKveP6A
53Nb4Dep//ieCN6oGAmzdfgHj52qCxf9alnD8z+McqKV77pc44Iy1EJbJsO+lr55
so0Jk8bgyV78tptM84AP1GXOdg24UHQEY0/lIUz3hOAR9/IsYTOWMN9u2bifKVXc
ulEkPFO/mIzw80eY/YKKndTKNl/LLBo0FFzfiXWtgY9RPgK//UI=
-----END CERTIFICATE-----