Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143624.roa
File:                     AS143624.roa (raw, json)
Hash identifier:          sQrI3edNSj3fQNKH3NOmGOsQ7LUMaFZBbcU6q4K2TGY=
Subject key identifier:   51:54:E2:AD:1D:1A:20:3C:C2:C9:97:0B:1C:72:00:53:EB:AE:FD:E2
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       16899F4FFB9FC5B999B85F5403DE20191713B509
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143624.roa
Signing time:             Wed 04 Mar 2026 06:15:07 +0000
ROA not before:           Wed 04 Mar 2026 06:10:07 +0000
ROA not after:            Wed 03 Mar 2027 06:15:07 +0000
asID:                     143624
IP address blocks:        240a:a3ce::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            16:89:9f:4f:fb:9f:c5:b9:99:b8:5f:54:03:de:20:19:17:13:b5:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:10:07 2026 GMT
            Not After : Mar  3 06:15:07 2027 GMT
        Subject: CN=5154E2AD1D1A203CC2C9970B1C720053EBAEFDE2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:0b:7b:61:c4:2d:8b:c1:70:07:cd:8a:fe:52:
                    0f:90:65:32:7b:b6:b8:5d:72:71:4b:ae:b6:99:96:
                    ca:51:e9:68:49:df:bf:7d:5e:56:9c:b2:de:29:dc:
                    c5:16:75:bd:d0:22:ef:09:24:c4:c5:4a:c1:3d:a6:
                    f2:ea:b9:f2:50:15:dd:13:ef:48:83:80:d2:34:74:
                    db:31:e6:e9:2b:64:2e:35:87:73:3b:e4:b0:10:63:
                    bd:69:ac:d2:90:09:f1:39:da:db:65:cb:8f:9e:15:
                    59:31:f9:2c:71:a7:c5:f3:41:01:c6:3c:e2:2d:2d:
                    7a:7a:e2:af:e9:2a:11:12:c8:04:c0:ba:5f:c4:89:
                    27:1a:50:a8:82:dc:7c:d5:65:df:35:f6:fc:57:72:
                    9d:38:69:60:df:d1:65:ce:2f:16:59:10:96:36:94:
                    4e:eb:98:28:4a:33:3f:41:eb:c8:dc:36:dc:3c:a2:
                    f4:c1:fa:ba:60:03:57:c1:98:b9:73:35:83:21:00:
                    dd:de:29:22:a6:0d:af:6d:a0:19:80:58:90:31:7a:
                    a7:52:00:a8:bc:79:f7:b2:d6:4e:dc:87:23:3b:a3:
                    5e:48:93:cc:5c:23:66:e0:e4:01:59:c2:c5:12:24:
                    50:c3:9c:b9:df:47:3c:ca:d4:2d:4b:92:31:2d:df:
                    c8:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:54:E2:AD:1D:1A:20:3C:C2:C9:97:0B:1C:72:00:53:EB:AE:FD:E2
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143624.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a3ce::/32

    Signature Algorithm: sha256WithRSAEncryption
         14:d8:c4:e0:1e:33:2f:47:d0:69:ee:bc:bb:ee:12:b1:06:8d:
         fd:47:c0:b6:12:6f:b4:68:dc:d5:5d:3b:65:58:a0:4d:08:0d:
         33:96:c9:67:39:98:67:99:00:34:ff:89:a2:fd:aa:3d:88:54:
         62:aa:a0:81:c4:23:e1:25:d3:26:6c:14:f5:51:5a:42:86:e1:
         dc:9f:bd:14:e0:e9:df:bc:ed:49:17:79:4f:3a:9f:5e:e8:a3:
         b5:90:d2:d3:93:91:56:4b:a6:57:57:0e:38:e8:27:44:fd:b1:
         b9:1e:5e:07:6b:17:a4:7b:2e:b0:cb:92:08:45:c7:b0:79:27:
         f2:4a:61:8e:bc:c9:a2:ed:61:a7:e0:41:19:53:b1:b7:6d:39:
         77:f4:d7:1d:1a:72:a9:72:27:7b:1b:ef:31:02:db:69:70:d0:
         4a:f9:a0:58:a9:ce:58:04:2f:6e:ce:8e:19:c4:c3:bd:97:ee:
         7b:fc:43:87:82:d1:a6:dd:07:96:3a:04:7a:75:5c:12:87:76:
         fa:1d:ba:98:32:3f:82:bd:fe:17:2b:54:65:18:16:c7:fa:11:
         8b:58:5c:cc:c7:5e:85:c8:4d:c8:80:9c:b4:cd:5e:83:be:b7:
         ff:35:c4:ef:cf:2e:6a:b4:a7:68:9f:45:81:62:63:f4:b3:01:
         8b:c2:16:fa
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUFomfT/ufxbmZuF9UA94gGRcTtQkwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTAwN1oX
DTI3MDMwMzA2MTUwN1owMzExMC8GA1UEAxMoNTE1NEUyQUQxRDFBMjAzQ0MyQzk5
NzBCMUM3MjAwNTNFQkFFRkRFMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMQLe2HELYvBcAfNiv5SD5BlMnu2uF1ycUuutpmWylHpaEnfv31eVpyy3inc
xRZ1vdAi7wkkxMVKwT2m8uq58lAV3RPvSIOA0jR02zHm6StkLjWHczvksBBjvWms
0pAJ8Tna22XLj54VWTH5LHGnxfNBAcY84i0tenrir+kqERLIBMC6X8SJJxpQqILc
fNVl3zX2/FdynThpYN/RZc4vFlkQljaUTuuYKEozP0HryNw23Dyi9MH6umADV8GY
uXM1gyEA3d4pIqYNr22gGYBYkDF6p1IAqLx597LWTtyHIzujXkiTzFwjZuDkAVnC
xRIkUMOcud9HPMrULUuSMS3fyEECAwEAAaOCAcUwggHBMB0GA1UdDgQWBBRRVOKt
HRogPMLJlwsccgBT66794jAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MzYyNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
o84wDQYJKoZIhvcNAQELBQADggEBABTYxOAeMy9H0GnuvLvuErEGjf1HwLYSb7Ro
3NVdO2VYoE0IDTOWyWc5mGeZADT/iaL9qj2IVGKqoIHEI+El0yZsFPVRWkKG4dyf
vRTg6d+87UkXeU86n17oo7WQ0tOTkVZLpldXDjjoJ0T9sbkeXgdrF6R7LrDLkghF
x7B5J/JKYY68yaLtYafgQRlTsbdtOXf01x0acqlyJ3sb7zEC22lw0Er5oFipzlgE
L27OjhnEw72X7nv8Q4eC0abdB5Y6BHp1XBKHdvodupgyP4K9/hcrVGUYFsf6EYtY
XMzHXoXITciAnLTNXoO+t/81xO/PLmq0p2ifRYFiY/SzAYvCFvo=
-----END CERTIFICATE-----