Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143641.roa
File:                     AS143641.roa (raw, json)
Hash identifier:          MIMfcnKihsPIHKTDEqhGPVl+K/k7T13UuNHk0PolTf0=
Subject key identifier:   DC:68:64:A8:7B:82:E8:05:A1:B4:B5:4B:6F:5C:D4:75:50:5E:B3:4F
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       2B0D07EC46D8734D6DBA5BDDE174881E750D67D3
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143641.roa
Signing time:             Wed 04 Mar 2026 06:14:17 +0000
ROA not before:           Wed 04 Mar 2026 06:09:17 +0000
ROA not after:            Wed 03 Mar 2027 06:14:17 +0000
asID:                     143641
IP address blocks:        240a:a3df::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2b:0d:07:ec:46:d8:73:4d:6d:ba:5b:dd:e1:74:88:1e:75:0d:67:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:09:17 2026 GMT
            Not After : Mar  3 06:14:17 2027 GMT
        Subject: CN=DC6864A87B82E805A1B4B54B6F5CD475505EB34F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f5:ba:5f:0e:fd:f2:60:8b:cd:0f:ba:90:8c:a9:
                    cc:b0:42:78:ad:78:e4:49:2d:12:51:d9:0f:7c:42:
                    40:1a:64:34:df:54:3f:8d:ce:b5:be:a7:31:ba:10:
                    22:13:f0:1b:9e:1c:d5:b9:07:34:c4:9b:8d:3d:6c:
                    22:2e:a6:60:49:b6:7e:e9:f5:c9:59:12:9a:11:93:
                    ca:ce:c1:46:6f:ec:9d:1c:e3:af:c4:21:98:d9:26:
                    bf:18:24:d0:59:a2:e7:03:9c:96:7b:94:5f:95:21:
                    a2:83:65:a3:89:df:a5:b7:95:a2:11:6c:77:4e:fd:
                    3c:03:fb:f2:f9:ae:46:68:11:1b:b8:db:7f:cf:31:
                    51:fa:0a:e0:34:75:a4:f6:a5:6d:0c:5a:95:97:7c:
                    b4:04:90:4b:53:63:fb:1a:d3:24:37:0b:e8:27:bd:
                    8d:50:9a:c3:cf:c9:50:66:f3:34:6a:95:28:8c:c7:
                    64:32:33:ca:09:6d:34:d6:b7:02:49:9d:97:69:71:
                    6f:cc:ff:3f:29:3d:34:67:a5:23:25:95:af:9c:c9:
                    05:b4:dd:7a:a9:84:f7:9b:ad:24:4e:49:68:da:e6:
                    b1:a6:d9:7e:e1:e4:f4:31:ff:d8:6e:a2:33:b8:db:
                    2b:d4:7e:2b:12:13:b0:75:47:6a:fd:4e:ff:40:e5:
                    27:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:68:64:A8:7B:82:E8:05:A1:B4:B5:4B:6F:5C:D4:75:50:5E:B3:4F
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143641.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a3df::/32

    Signature Algorithm: sha256WithRSAEncryption
         9d:95:54:b7:11:4a:80:2d:51:ad:62:74:61:d8:46:bf:dd:c7:
         77:cb:22:27:f7:58:ab:54:d4:b8:c5:c9:91:dc:dc:d8:7a:8a:
         f7:bf:27:97:33:47:7b:ee:3d:ab:40:1a:bc:4c:5d:20:7b:8d:
         50:02:d4:4a:e2:85:e3:d9:7c:31:f8:56:a2:5c:95:22:46:7d:
         b8:42:83:0d:7e:b0:c5:ba:97:4d:b3:11:ae:d1:78:13:fb:46:
         f0:c1:33:12:7d:45:61:d4:25:b0:8a:cf:83:9d:b4:c4:65:24:
         11:47:13:29:a5:1c:e1:fc:73:cb:ec:16:b4:d9:3e:bd:7f:2c:
         f3:7b:de:c2:2c:4c:ce:ba:b6:59:bd:67:f3:e1:8e:4e:6f:55:
         b0:96:25:79:6d:82:32:b8:e7:20:43:7f:01:c8:0b:2f:55:bd:
         42:14:7c:a2:2f:00:59:8b:7c:95:af:c7:87:80:33:1f:12:5a:
         96:f3:96:02:ec:b5:0f:24:77:24:69:82:c1:58:4a:b9:90:50:
         3b:04:11:65:52:89:2b:2d:34:60:52:ff:a1:06:86:29:15:db:
         0f:3f:b3:53:7d:cb:a8:66:dc:24:20:7d:7f:23:af:f5:ff:23:
         f0:95:f2:88:3c:23:8e:ae:24:75:31:1c:69:1a:a1:ae:cc:5d:
         bb:ce:2d:40
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUKw0H7EbYc01tulvd4XSIHnUNZ9MwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDkxN1oX
DTI3MDMwMzA2MTQxN1owMzExMC8GA1UEAxMoREM2ODY0QTg3QjgyRTgwNUExQjRC
NTRCNkY1Q0Q0NzU1MDVFQjM0RjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAPW6Xw798mCLzQ+6kIypzLBCeK145EktElHZD3xCQBpkNN9UP43Otb6nMboQ
IhPwG54c1bkHNMSbjT1sIi6mYEm2fun1yVkSmhGTys7BRm/snRzjr8QhmNkmvxgk
0Fmi5wOclnuUX5UhooNlo4nfpbeVohFsd079PAP78vmuRmgRG7jbf88xUfoK4DR1
pPalbQxalZd8tASQS1Nj+xrTJDcL6Ce9jVCaw8/JUGbzNGqVKIzHZDIzygltNNa3
Akmdl2lxb8z/Pyk9NGelIyWVr5zJBbTdeqmE95utJE5JaNrmsabZfuHk9DH/2G6i
M7jbK9R+KxITsHVHav1O/0DlJy8CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBTcaGSo
e4LoBaG0tUtvXNR1UF6zTzAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MzY0MS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
o98wDQYJKoZIhvcNAQELBQADggEBAJ2VVLcRSoAtUa1idGHYRr/dx3fLIif3WKtU
1LjFyZHc3Nh6ive/J5czR3vuPatAGrxMXSB7jVAC1ErihePZfDH4VqJclSJGfbhC
gw1+sMW6l02zEa7ReBP7RvDBMxJ9RWHUJbCKz4OdtMRlJBFHEymlHOH8c8vsFrTZ
Pr1/LPN73sIsTM66tlm9Z/Phjk5vVbCWJXltgjK45yBDfwHICy9VvUIUfKIvAFmL
fJWvx4eAMx8SWpbzlgLstQ8kdyRpgsFYSrmQUDsEEWVSiSstNGBS/6EGhikV2w8/
s1N9y6hm3CQgfX8jr/X/I/CV8og8I46uJHUxHGkaoa7MXbvOLUA=
-----END CERTIFICATE-----