Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143664.roa
File:                     AS143664.roa (raw, json)
Hash identifier:          IZO2Ubfl/prfzkgGFhWfHEPpZBA3mfU8kVS66y9VHIM=
Subject key identifier:   0D:8E:50:6C:AC:E2:E7:05:5F:09:3A:E0:FD:DA:12:FA:E5:DB:44:F8
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       671656AAAFB332829E4A4916EAB64F987B0AB82F
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143664.roa
Signing time:             Wed 04 Mar 2026 06:13:35 +0000
ROA not before:           Wed 04 Mar 2026 06:08:35 +0000
ROA not after:            Wed 03 Mar 2027 06:13:35 +0000
asID:                     143664
IP address blocks:        240a:a3f6::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            67:16:56:aa:af:b3:32:82:9e:4a:49:16:ea:b6:4f:98:7b:0a:b8:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:08:35 2026 GMT
            Not After : Mar  3 06:13:35 2027 GMT
        Subject: CN=0D8E506CACE2E7055F093AE0FDDA12FAE5DB44F8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:68:96:9e:b4:6e:29:a0:6c:f3:b7:79:47:ab:
                    fb:61:42:13:13:dd:8b:29:85:15:f8:cf:fc:aa:d7:
                    82:9e:9a:92:8a:5e:c7:89:0e:8f:f4:cf:ce:b6:27:
                    61:2a:56:c5:06:bd:86:73:4e:84:52:24:7e:16:a6:
                    51:33:48:5c:84:29:c4:10:bd:55:ab:e1:54:71:5f:
                    80:84:8c:d6:48:dc:3e:53:7c:53:23:46:8b:86:7f:
                    31:0c:1d:5c:bd:cf:62:22:19:5b:ba:0f:3b:47:b2:
                    db:65:6f:eb:73:2a:66:a5:49:13:60:f7:68:ae:06:
                    f8:ea:08:81:08:f0:ff:40:a6:a6:db:e4:9d:58:8e:
                    78:7d:22:f2:48:1b:c5:65:4f:68:b0:2f:c8:bb:e0:
                    7f:bc:90:99:eb:ff:fa:dd:69:b9:9a:68:fa:d1:c2:
                    a9:08:34:1b:fe:02:d8:25:9b:26:02:bc:20:69:78:
                    b3:2a:b6:58:42:e9:d7:d0:4d:3c:ef:b0:6c:d3:cd:
                    c3:34:eb:44:92:c6:d0:71:b8:e6:a6:c0:2f:5c:fc:
                    19:55:f3:c6:b1:6c:fd:84:3b:96:da:46:0e:c2:df:
                    c1:df:c0:d4:e5:2c:38:34:24:32:f8:26:12:9c:f8:
                    25:97:c4:b2:a0:18:ca:8e:53:d8:0d:6a:0d:61:82:
                    fa:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:8E:50:6C:AC:E2:E7:05:5F:09:3A:E0:FD:DA:12:FA:E5:DB:44:F8
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143664.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a3f6::/32

    Signature Algorithm: sha256WithRSAEncryption
         b9:2e:96:ea:05:58:a7:19:bf:12:21:fa:3e:24:d0:3e:f5:be:
         df:13:31:bf:82:5e:c5:75:a2:63:fa:f1:67:40:7a:c9:39:7d:
         08:b4:93:6c:bd:56:7c:d5:5a:11:cb:51:31:2d:7f:db:6e:00:
         ff:65:a6:07:8a:a3:4b:b3:35:5a:48:8b:ee:ce:c7:c3:6e:88:
         52:2e:bc:96:4d:1e:72:0f:ad:b8:53:92:83:91:d1:5d:d4:46:
         72:9a:db:87:4d:94:9a:55:80:dd:ef:ce:30:e9:73:ed:1e:fe:
         40:59:f6:51:bd:7a:23:ca:f6:49:1a:85:e1:dd:a7:90:31:bc:
         a5:92:84:a3:7c:aa:98:b2:47:2f:0b:2c:90:76:9a:42:f2:10:
         38:f4:ff:cd:d5:11:ec:7b:f1:3a:06:69:a3:86:c2:62:cd:a3:
         19:aa:44:45:b9:95:8a:eb:f5:f6:54:7f:80:dd:93:ea:75:03:
         ea:70:fd:18:bd:dc:e4:21:75:51:92:75:8c:9b:0a:4b:d6:d7:
         03:af:00:f1:36:b2:28:fb:c0:34:fd:63:49:3d:af:a2:0b:e0:
         6b:a5:92:36:3f:a8:1b:8e:0f:ab:cf:46:98:1d:5d:e9:72:ff:
         f3:d7:c4:c1:2b:c3:55:03:25:f5:12:8c:42:61:f0:dd:4d:17:
         7c:b8:68:fe
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUZxZWqq+zMoKeSkkW6rZPmHsKuC8wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDgzNVoX
DTI3MDMwMzA2MTMzNVowMzExMC8GA1UEAxMoMEQ4RTUwNkNBQ0UyRTcwNTVGMDkz
QUUwRkREQTEyRkFFNURCNDRGODCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJ5olp60bimgbPO3eUer+2FCExPdiymFFfjP/KrXgp6akopex4kOj/TPzrYn
YSpWxQa9hnNOhFIkfhamUTNIXIQpxBC9VavhVHFfgISM1kjcPlN8UyNGi4Z/MQwd
XL3PYiIZW7oPO0ey22Vv63MqZqVJE2D3aK4G+OoIgQjw/0CmptvknViOeH0i8kgb
xWVPaLAvyLvgf7yQmev/+t1puZpo+tHCqQg0G/4C2CWbJgK8IGl4syq2WELp19BN
PO+wbNPNwzTrRJLG0HG45qbAL1z8GVXzxrFs/YQ7ltpGDsLfwd/A1OUsODQkMvgm
Epz4JZfEsqAYyo5T2A1qDWGC+hUCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQNjlBs
rOLnBV8JOuD92hL65dtE+DAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MzY2NC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
o/YwDQYJKoZIhvcNAQELBQADggEBALkuluoFWKcZvxIh+j4k0D71vt8TMb+CXsV1
omP68WdAesk5fQi0k2y9VnzVWhHLUTEtf9tuAP9lpgeKo0uzNVpIi+7Ox8NuiFIu
vJZNHnIPrbhTkoOR0V3URnKa24dNlJpVgN3vzjDpc+0e/kBZ9lG9eiPK9kkaheHd
p5AxvKWShKN8qpiyRy8LLJB2mkLyEDj0/83VEex78ToGaaOGwmLNoxmqREW5lYrr
9fZUf4Ddk+p1A+pw/Ri93OQhdVGSdYybCkvW1wOvAPE2sij7wDT9Y0k9r6IL4Gul
kjY/qBuOD6vPRpgdXely//PXxMErw1UDJfUSjEJh8N1NF3y4aP4=
-----END CERTIFICATE-----