Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143636.roa
File:                     AS143636.roa (raw, json)
Hash identifier:          aqG0wk++2zAe1ecloaAup1MCPde7BLOHaX63LcKyal8=
Subject key identifier:   3B:65:FA:A6:2D:4C:B7:33:CC:A8:2E:90:A1:17:8F:00:70:31:E5:6E
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       1C269008C24A35B926A1D26696B2053417F5C0A6
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143636.roa
Signing time:             Wed 04 Mar 2026 06:12:34 +0000
ROA not before:           Wed 04 Mar 2026 06:07:34 +0000
ROA not after:            Wed 03 Mar 2027 06:12:34 +0000
asID:                     143636
IP address blocks:        240a:a3da::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1c:26:90:08:c2:4a:35:b9:26:a1:d2:66:96:b2:05:34:17:f5:c0:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:07:34 2026 GMT
            Not After : Mar  3 06:12:34 2027 GMT
        Subject: CN=3B65FAA62D4CB733CCA82E90A1178F007031E56E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:e3:86:90:e3:45:dd:3d:c9:17:f3:bd:d7:18:
                    ab:2d:de:f3:16:a8:dc:87:db:1b:fa:aa:6f:00:bc:
                    2d:ed:c8:03:5f:d8:2f:0b:c7:68:14:d2:61:c3:ba:
                    41:5a:1c:1d:eb:65:ef:d7:8f:71:28:14:61:84:55:
                    14:19:fc:a2:55:cf:d0:57:2a:2d:ba:34:8e:87:bc:
                    ff:26:85:46:ad:a8:4c:19:01:33:4f:bf:61:0b:f7:
                    29:ef:b3:73:b7:a7:3b:73:86:de:e1:36:1c:5d:fe:
                    ae:a1:4d:da:85:bc:48:37:24:c3:aa:6f:4f:1d:23:
                    f3:ff:d3:5e:f7:99:6d:3f:7f:88:7d:a5:ca:ff:18:
                    9d:dd:51:7b:73:b5:63:2b:43:28:c5:2b:95:78:ae:
                    19:02:9d:59:f0:2f:73:a5:19:06:f7:1d:26:b8:7e:
                    e6:99:b5:68:e0:cd:7e:ec:eb:1e:19:73:c7:81:b6:
                    a8:c7:73:f5:07:0a:14:07:cc:a4:a3:33:fd:19:bb:
                    a5:a2:a8:fc:f0:69:b3:62:b5:4b:85:dd:de:37:2d:
                    e4:b0:6d:fe:e3:b1:41:e6:de:00:65:47:a2:05:0b:
                    65:50:f3:93:87:dc:32:6e:f9:9c:34:37:1b:f1:a3:
                    d7:0e:01:5f:78:aa:5d:0a:02:80:5e:e2:9c:3f:29:
                    8e:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:65:FA:A6:2D:4C:B7:33:CC:A8:2E:90:A1:17:8F:00:70:31:E5:6E
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143636.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a3da::/32

    Signature Algorithm: sha256WithRSAEncryption
         55:e9:af:78:4d:ac:38:1e:45:62:a9:6c:1e:af:0c:1a:95:38:
         0c:e9:e2:15:ac:e6:f6:67:de:bb:7d:e2:18:42:53:01:83:73:
         95:7f:c2:d0:ca:b0:32:dd:9c:bc:a5:dc:f9:ff:75:17:1f:7a:
         18:7f:a3:21:4b:7c:e6:54:4e:b3:41:de:2f:b0:fd:13:95:e4:
         1b:28:1e:e5:d9:af:38:63:ea:ac:fc:ad:dd:d0:ca:1f:9d:70:
         8d:8e:2f:c4:58:92:23:e1:29:b8:d9:9c:75:68:c4:ac:17:a7:
         71:7b:e1:46:ff:2f:92:61:7b:5d:13:61:bb:45:c6:fa:e6:ac:
         00:d8:6f:af:d3:99:da:d5:39:fd:ac:81:f1:0a:b8:f2:e7:ed:
         a3:fc:ce:c2:9d:f2:65:c3:42:fa:a7:f2:a0:32:4c:64:aa:43:
         ac:ce:74:9d:54:53:7d:be:8f:16:c5:88:a7:b4:f1:7b:47:4d:
         96:10:3b:a8:9f:63:d7:2a:fa:20:92:34:d7:5a:77:86:7c:24:
         36:43:c0:d0:2e:1b:9a:88:7a:65:82:4c:9e:9e:3b:dc:9c:64:
         0f:84:03:25:22:82:af:a6:e1:dc:de:71:76:32:87:c3:ba:e2:
         db:18:31:a2:89:0c:2e:f0:8e:b9:e9:b5:72:8b:bc:11:c7:8f:
         41:05:24:ec
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUHCaQCMJKNbkmodJmlrIFNBf1wKYwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDczNFoX
DTI3MDMwMzA2MTIzNFowMzExMC8GA1UEAxMoM0I2NUZBQTYyRDRDQjczM0NDQTgy
RTkwQTExNzhGMDA3MDMxRTU2RTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKzjhpDjRd09yRfzvdcYqy3e8xao3IfbG/qqbwC8Le3IA1/YLwvHaBTSYcO6
QVocHetl79ePcSgUYYRVFBn8olXP0FcqLbo0joe8/yaFRq2oTBkBM0+/YQv3Ke+z
c7enO3OG3uE2HF3+rqFN2oW8SDckw6pvTx0j8//TXveZbT9/iH2lyv8Ynd1Re3O1
YytDKMUrlXiuGQKdWfAvc6UZBvcdJrh+5pm1aODNfuzrHhlzx4G2qMdz9QcKFAfM
pKMz/Rm7paKo/PBps2K1S4Xd3jct5LBt/uOxQebeAGVHogULZVDzk4fcMm75nDQ3
G/Gj1w4BX3iqXQoCgF7inD8pjkkCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQ7Zfqm
LUy3M8yoLpChF48AcDHlbjAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MzYzNi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
o9owDQYJKoZIhvcNAQELBQADggEBAFXpr3hNrDgeRWKpbB6vDBqVOAzp4hWs5vZn
3rt94hhCUwGDc5V/wtDKsDLdnLyl3Pn/dRcfehh/oyFLfOZUTrNB3i+w/ROV5Bso
HuXZrzhj6qz8rd3Qyh+dcI2OL8RYkiPhKbjZnHVoxKwXp3F74Ub/L5Jhe10TYbtF
xvrmrADYb6/TmdrVOf2sgfEKuPLn7aP8zsKd8mXDQvqn8qAyTGSqQ6zOdJ1UU32+
jxbFiKe08XtHTZYQO6ifY9cq+iCSNNdad4Z8JDZDwNAuG5qIemWCTJ6eO9ycZA+E
AyUigq+m4dzecXYyh8O64tsYMaKJDC7wjrnptXKLvBHHj0EFJOw=
-----END CERTIFICATE-----