Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143632.roa
File:                     AS143632.roa (raw, json)
Hash identifier:          IAMaQ6v85F2kYo6WWpg0yocQ3ItjhcTh+4e6RNX7Ev4=
Subject key identifier:   51:FF:C5:24:C0:E7:35:C4:8B:80:37:A4:1B:76:9C:9E:51:01:8A:3F
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       1794208C5BE9F7892C56F74518D92E699CB5C140
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143632.roa
Signing time:             Wed 04 Mar 2026 06:15:29 +0000
ROA not before:           Wed 04 Mar 2026 06:10:29 +0000
ROA not after:            Wed 03 Mar 2027 06:15:29 +0000
asID:                     143632
IP address blocks:        240a:a3d6::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:94:20:8c:5b:e9:f7:89:2c:56:f7:45:18:d9:2e:69:9c:b5:c1:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:10:29 2026 GMT
            Not After : Mar  3 06:15:29 2027 GMT
        Subject: CN=51FFC524C0E735C48B8037A41B769C9E51018A3F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:4f:4a:ce:fc:7a:1b:8a:15:ff:47:ce:78:1b:
                    ba:41:6e:50:25:bd:87:27:bf:1a:d0:a3:fc:3b:af:
                    6d:e6:0a:93:af:85:6e:17:e1:b4:81:d8:b6:4a:0d:
                    35:c3:18:08:5f:fc:c6:45:06:ba:ae:c0:15:3c:2d:
                    70:6f:b6:ab:e9:ba:f1:52:8d:a9:9e:43:78:13:f6:
                    94:98:e1:bd:f6:6c:8a:48:c4:25:ff:a6:59:5c:d5:
                    71:5b:9b:e7:7b:f3:c8:11:13:34:44:2d:6a:38:91:
                    54:62:7e:92:ff:d9:33:4c:68:20:d7:b8:33:02:9d:
                    14:98:98:5c:5d:47:6c:61:c4:86:73:af:db:e5:da:
                    f3:a2:ca:9a:8d:56:e8:1f:38:0e:a8:64:d4:5b:9a:
                    88:fc:c0:62:3d:e4:3b:c0:a8:ff:75:80:2d:4d:67:
                    a1:11:78:e0:8a:95:c5:d5:dd:0b:69:98:c5:60:37:
                    3c:4d:fa:8c:32:73:26:b6:81:d4:66:33:1b:f0:ff:
                    ee:15:81:b7:07:54:f4:b5:f7:88:e0:71:69:ce:c2:
                    f1:83:ea:ab:a7:e7:dc:9e:bd:62:02:f8:aa:5f:10:
                    cc:5b:a2:01:dd:7a:5b:f7:67:a6:d7:5c:26:97:91:
                    68:04:aa:9e:dd:0f:b7:6f:08:f0:af:a7:5e:74:77:
                    e6:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:FF:C5:24:C0:E7:35:C4:8B:80:37:A4:1B:76:9C:9E:51:01:8A:3F
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143632.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a3d6::/32

    Signature Algorithm: sha256WithRSAEncryption
         57:65:32:20:1a:97:f2:d5:4e:c8:40:a4:91:65:db:23:aa:ef:
         90:aa:bb:70:41:eb:00:7e:b4:d9:f6:b3:cf:9b:25:bf:24:de:
         8e:a8:9a:1f:31:00:72:9b:18:78:d8:52:73:60:9c:74:fe:2d:
         e4:95:54:9b:f5:e7:26:17:75:0e:3c:ff:93:74:65:4e:14:64:
         3c:07:50:bc:46:53:ad:94:a1:2c:57:4a:ff:af:81:34:e5:b7:
         7b:da:b2:e1:06:db:c1:eb:6d:ea:24:3e:d5:4c:db:a3:37:76:
         1f:72:05:18:f6:3e:6f:6f:01:9e:90:ef:41:a8:8b:c1:77:5c:
         aa:f5:ec:2f:7e:bd:af:84:8e:b7:c6:d6:15:3c:1a:84:8b:e6:
         4a:88:ee:c9:b2:e9:90:74:ec:e4:ec:bf:6a:46:4b:3e:c9:e2:
         26:1e:be:57:b7:77:20:b8:8f:7c:e8:67:a9:4e:af:61:0f:b2:
         d7:d8:b9:52:86:6c:f4:6e:94:d3:ae:6c:a5:3c:da:24:9e:4b:
         73:ed:dd:94:26:b8:53:99:1b:c6:d4:af:cc:8c:c9:ec:ee:0b:
         0f:50:ab:32:be:50:8d:14:ba:e0:1d:9b:22:02:65:6c:d2:21:
         00:96:83:65:19:9a:e7:e8:08:99:b8:aa:8b:75:05:a3:db:79:
         a8:60:ac:47
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUF5QgjFvp94ksVvdFGNkuaZy1wUAwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTAyOVoX
DTI3MDMwMzA2MTUyOVowMzExMC8GA1UEAxMoNTFGRkM1MjRDMEU3MzVDNDhCODAz
N0E0MUI3NjlDOUU1MTAxOEEzRjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALJPSs78ehuKFf9HzngbukFuUCW9hye/GtCj/DuvbeYKk6+FbhfhtIHYtkoN
NcMYCF/8xkUGuq7AFTwtcG+2q+m68VKNqZ5DeBP2lJjhvfZsikjEJf+mWVzVcVub
53vzyBETNEQtajiRVGJ+kv/ZM0xoINe4MwKdFJiYXF1HbGHEhnOv2+Xa86LKmo1W
6B84Dqhk1FuaiPzAYj3kO8Co/3WALU1noRF44IqVxdXdC2mYxWA3PE36jDJzJraB
1GYzG/D/7hWBtwdU9LX3iOBxac7C8YPqq6fn3J69YgL4ql8QzFuiAd16W/dnptdc
JpeRaASqnt0Pt28I8K+nXnR35hcCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBRR/8Uk
wOc1xIuAN6QbdpyeUQGKPzAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MzYzMi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
o9YwDQYJKoZIhvcNAQELBQADggEBAFdlMiAal/LVTshApJFl2yOq75Cqu3BB6wB+
tNn2s8+bJb8k3o6omh8xAHKbGHjYUnNgnHT+LeSVVJv15yYXdQ48/5N0ZU4UZDwH
ULxGU62UoSxXSv+vgTTlt3vasuEG28HrbeokPtVM26M3dh9yBRj2Pm9vAZ6Q70Go
i8F3XKr17C9+va+EjrfG1hU8GoSL5kqI7smy6ZB07OTsv2pGSz7J4iYevle3dyC4
j3zoZ6lOr2EPstfYuVKGbPRulNOubKU82iSeS3Pt3ZQmuFOZG8bUr8yMyezuCw9Q
qzK+UI0UuuAdmyICZWzSIQCWg2UZmufoCJm4qot1BaPbeahgrEc=
-----END CERTIFICATE-----