Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143668.roa
File:                     AS143668.roa (raw, json)
Hash identifier:          DftlC22dLkpEdxhXFEHfmc8NU8ev8hsDiVX2N6WppUU=
Subject key identifier:   58:8A:9C:A2:A1:1B:09:A6:43:EC:2E:E0:65:A6:55:C6:77:AA:3F:3D
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       6386AC42233A5D531A6B07402CCA78BF904834B2
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143668.roa
Signing time:             Wed 04 Mar 2026 06:15:06 +0000
ROA not before:           Wed 04 Mar 2026 06:10:06 +0000
ROA not after:            Wed 03 Mar 2027 06:15:06 +0000
asID:                     143668
IP address blocks:        240a:a3fa::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:86:ac:42:23:3a:5d:53:1a:6b:07:40:2c:ca:78:bf:90:48:34:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:10:06 2026 GMT
            Not After : Mar  3 06:15:06 2027 GMT
        Subject: CN=588A9CA2A11B09A643EC2EE065A655C677AA3F3D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:8d:da:ca:b8:81:04:b6:a8:45:98:dc:40:45:
                    8e:99:ac:2a:ba:3e:d3:07:8f:63:d1:bc:e7:96:53:
                    eb:39:c8:5e:af:58:a8:66:a2:71:d1:2c:17:84:b7:
                    2d:bd:b7:3f:02:e0:11:1c:17:bb:9e:1f:a4:83:fc:
                    02:23:2e:e7:9e:91:f1:9e:74:95:87:3a:f3:14:57:
                    fa:df:7e:a5:82:39:35:83:43:0b:40:5b:ce:90:3c:
                    e8:fe:67:ec:09:4a:6b:ca:c0:62:ee:b6:93:7c:f4:
                    51:11:3a:7b:01:47:63:c0:31:7e:a6:b4:c4:85:23:
                    1c:55:cc:3d:e6:0d:e5:49:85:89:70:d5:b5:5a:9f:
                    5f:5b:1d:fc:60:cf:75:43:df:92:b7:a1:17:10:c9:
                    a0:b2:14:26:2a:0e:12:df:7c:70:e0:7b:26:07:98:
                    01:14:4b:b9:0f:fd:24:c1:d7:a2:6f:9f:13:d7:c1:
                    17:be:99:a6:4c:9e:12:09:a2:f0:1a:e2:de:6a:39:
                    9d:88:1e:1d:cf:1e:b1:b7:de:ea:66:e3:5a:8e:3a:
                    7c:5d:32:36:5d:c1:c6:bb:22:02:e5:d3:e8:7f:25:
                    2f:cd:a8:fc:3c:27:a6:c5:3b:98:ef:2b:b9:97:27:
                    bb:dd:0a:14:54:d7:19:47:50:02:b0:ab:68:59:6a:
                    b4:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:8A:9C:A2:A1:1B:09:A6:43:EC:2E:E0:65:A6:55:C6:77:AA:3F:3D
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143668.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a3fa::/32

    Signature Algorithm: sha256WithRSAEncryption
         d2:cd:57:d3:02:69:88:12:aa:21:8f:55:99:93:a4:ae:dd:9f:
         b9:3e:f4:d1:00:10:87:17:c2:12:9d:01:27:9b:dd:fd:fb:65:
         9d:e3:44:69:2a:ed:90:9b:48:d5:64:4b:71:74:90:ef:01:19:
         e5:fc:5d:3e:20:0e:e4:e2:68:70:6b:99:59:1e:63:b9:70:6d:
         13:80:cb:c8:5b:c9:f4:34:3c:ef:57:5a:bd:00:0f:a2:6f:a4:
         10:f8:7e:e5:67:dc:b4:69:eb:67:0d:1a:be:59:9b:fb:8e:99:
         17:11:da:62:e2:e0:1b:d4:02:19:2a:00:43:7d:58:a8:0e:df:
         7d:11:84:33:48:c2:db:14:80:17:97:07:c4:99:1d:3b:de:af:
         85:3f:b0:90:e9:32:f3:78:b5:5b:a5:d7:d8:ed:91:8f:70:e7:
         77:f4:f4:c8:82:68:d4:c2:5a:6d:60:af:98:9d:e4:bc:92:bb:
         e5:4a:24:f7:d2:d8:cd:d5:0d:5d:d0:a7:81:bf:9d:a8:ec:f5:
         58:5d:24:94:4a:9f:3d:ee:e7:2c:bb:c4:68:d9:a6:ab:c8:67:
         70:8a:81:f6:58:86:79:c5:5d:20:62:bf:45:76:0a:2b:7e:c6:
         de:81:85:f0:91:08:8e:36:21:01:3c:8c:84:46:6b:15:d5:fd:
         5b:4c:01:db
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUY4asQiM6XVMaawdALMp4v5BINLIwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTAwNloX
DTI3MDMwMzA2MTUwNlowMzExMC8GA1UEAxMoNTg4QTlDQTJBMTFCMDlBNjQzRUMy
RUUwNjVBNjU1QzY3N0FBM0YzRDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAO6N2sq4gQS2qEWY3EBFjpmsKro+0wePY9G855ZT6znIXq9YqGaicdEsF4S3
Lb23PwLgERwXu54fpIP8AiMu556R8Z50lYc68xRX+t9+pYI5NYNDC0BbzpA86P5n
7AlKa8rAYu62k3z0URE6ewFHY8Axfqa0xIUjHFXMPeYN5UmFiXDVtVqfX1sd/GDP
dUPfkrehFxDJoLIUJioOEt98cOB7JgeYARRLuQ/9JMHXom+fE9fBF76ZpkyeEgmi
8Bri3mo5nYgeHc8esbfe6mbjWo46fF0yNl3BxrsiAuXT6H8lL82o/DwnpsU7mO8r
uZcnu90KFFTXGUdQArCraFlqtEsCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBRYipyi
oRsJpkPsLuBlplXGd6o/PTAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MzY2OC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
o/owDQYJKoZIhvcNAQELBQADggEBANLNV9MCaYgSqiGPVZmTpK7dn7k+9NEAEIcX
whKdASeb3f37ZZ3jRGkq7ZCbSNVkS3F0kO8BGeX8XT4gDuTiaHBrmVkeY7lwbROA
y8hbyfQ0PO9XWr0AD6JvpBD4fuVn3LRp62cNGr5Zm/uOmRcR2mLi4BvUAhkqAEN9
WKgO330RhDNIwtsUgBeXB8SZHTver4U/sJDpMvN4tVul19jtkY9w53f09MiCaNTC
Wm1gr5id5LySu+VKJPfS2M3VDV3Qp4G/najs9VhdJJRKnz3u5yy7xGjZpqvIZ3CK
gfZYhnnFXSBiv0V2Cit+xt6BhfCRCI42IQE8jIRGaxXV/VtMAds=
-----END CERTIFICATE-----