Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143669.roa
File:                     AS143669.roa (raw, json)
Hash identifier:          GQX00R0VZjiUyH3BR9mn21HXWfdcuwvtY5aZyPOgVUI=
Subject key identifier:   74:78:F3:25:C7:0C:59:3F:71:62:80:A0:DA:32:06:31:AA:8F:B5:8E
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       208D89B9A2D68381D096207BEFBED32AC250E02E
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143669.roa
Signing time:             Wed 04 Mar 2026 06:13:36 +0000
ROA not before:           Wed 04 Mar 2026 06:08:36 +0000
ROA not after:            Wed 03 Mar 2027 06:13:36 +0000
asID:                     143669
IP address blocks:        240a:a3fb::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:8d:89:b9:a2:d6:83:81:d0:96:20:7b:ef:be:d3:2a:c2:50:e0:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:08:36 2026 GMT
            Not After : Mar  3 06:13:36 2027 GMT
        Subject: CN=7478F325C70C593F716280A0DA320631AA8FB58E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:de:cb:19:f6:47:81:86:80:d4:42:ec:e6:e5:
                    64:d2:1d:03:82:30:9d:50:85:58:49:26:2c:c4:60:
                    80:de:1e:c3:b6:4b:ed:e8:c0:ce:87:42:89:94:2c:
                    68:3a:c6:6a:4a:56:8e:c2:03:1a:33:43:4a:a9:72:
                    a5:9c:bd:94:10:f6:f5:a7:ca:02:c3:10:84:1d:37:
                    f1:74:32:ca:ed:7b:e3:3f:ec:f6:c6:ac:eb:7e:a2:
                    79:06:9a:1c:10:5e:5b:c0:4b:c5:21:ce:d7:d9:a0:
                    8b:ff:ab:36:8a:d8:8f:b0:2b:2c:35:7e:d6:35:08:
                    14:8d:7d:12:29:51:6d:19:6b:ea:e9:d3:36:d6:94:
                    65:ca:54:ab:45:04:a4:1b:80:67:c8:3d:7b:88:79:
                    d2:3c:ed:29:82:ef:d1:69:ab:5b:80:19:1d:a5:f9:
                    c3:c3:2e:6f:8f:e2:93:90:fd:de:18:04:97:08:8a:
                    ed:7e:e7:89:87:40:9d:cc:12:e3:73:ba:2b:21:75:
                    7d:29:69:6f:b3:f4:bd:51:06:19:de:0f:9d:33:2c:
                    70:38:b8:83:1e:87:cc:05:d3:54:b9:cf:7f:a0:80:
                    75:31:c7:86:53:e3:8d:0a:3c:d4:8c:6b:37:0a:62:
                    5f:19:d7:3d:f8:2e:13:71:97:8e:9b:99:87:66:ab:
                    50:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:78:F3:25:C7:0C:59:3F:71:62:80:A0:DA:32:06:31:AA:8F:B5:8E
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143669.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a3fb::/32

    Signature Algorithm: sha256WithRSAEncryption
         8d:d0:26:55:53:2d:7c:3a:9b:26:09:91:89:eb:cc:49:ae:f7:
         fd:d6:6c:fc:53:10:d0:6d:2e:55:63:11:3f:00:4d:a3:5d:46:
         d7:9c:97:33:85:b8:c7:e7:2e:db:e3:48:36:fa:13:cb:7c:3a:
         7d:dd:29:ae:80:a6:55:df:9d:2d:e6:35:80:ae:46:04:61:48:
         6e:fd:df:29:a7:46:81:cc:b0:3e:f4:32:2c:52:fb:b6:9b:a9:
         e2:61:a7:01:54:f1:90:58:c8:40:99:10:84:3c:1a:17:e9:6d:
         a2:d4:4b:c4:d2:0c:b1:f0:63:71:b8:dc:87:c7:c9:6c:db:84:
         4a:b7:fc:14:11:f8:e7:18:35:f1:d9:9f:51:93:b0:b7:83:e9:
         5d:0d:30:2f:64:8d:9c:d8:f9:46:2c:95:1c:25:d9:0b:f5:16:
         53:8f:26:3e:77:58:23:59:eb:2e:5f:b6:d2:d0:ff:18:bc:f3:
         66:ab:6d:f3:35:a6:9b:0f:97:bc:2a:35:31:ff:ea:de:6e:6c:
         b8:84:11:c9:37:2f:59:aa:0f:86:8d:3d:09:a1:eb:fd:77:01:
         a4:ab:cb:23:d8:21:a5:9e:5b:1a:e8:e5:f9:7e:76:af:e1:d1:
         ce:26:79:64:99:4e:49:de:d2:ef:81:f8:69:83:b1:f8:37:62:
         8f:be:e5:a5
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUII2JuaLWg4HQliB7777TKsJQ4C4wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDgzNloX
DTI3MDMwMzA2MTMzNlowMzExMC8GA1UEAxMoNzQ3OEYzMjVDNzBDNTkzRjcxNjI4
MEEwREEzMjA2MzFBQThGQjU4RTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKXeyxn2R4GGgNRC7OblZNIdA4IwnVCFWEkmLMRggN4ew7ZL7ejAzodCiZQs
aDrGakpWjsIDGjNDSqlypZy9lBD29afKAsMQhB038XQyyu174z/s9sas636ieQaa
HBBeW8BLxSHO19mgi/+rNorYj7ArLDV+1jUIFI19EilRbRlr6unTNtaUZcpUq0UE
pBuAZ8g9e4h50jztKYLv0WmrW4AZHaX5w8Mub4/ik5D93hgElwiK7X7niYdAncwS
43O6KyF1fSlpb7P0vVEGGd4PnTMscDi4gx6HzAXTVLnPf6CAdTHHhlPjjQo81Ixr
NwpiXxnXPfguE3GXjpuZh2arUDkCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBR0ePMl
xwxZP3FigKDaMgYxqo+1jjAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MzY2OS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
o/swDQYJKoZIhvcNAQELBQADggEBAI3QJlVTLXw6myYJkYnrzEmu9/3WbPxTENBt
LlVjET8ATaNdRteclzOFuMfnLtvjSDb6E8t8On3dKa6AplXfnS3mNYCuRgRhSG79
3ymnRoHMsD70MixS+7abqeJhpwFU8ZBYyECZEIQ8GhfpbaLUS8TSDLHwY3G43IfH
yWzbhEq3/BQR+OcYNfHZn1GTsLeD6V0NMC9kjZzY+UYslRwl2Qv1FlOPJj53WCNZ
6y5fttLQ/xi882arbfM1ppsPl7wqNTH/6t5ubLiEEck3L1mqD4aNPQmh6/13AaSr
yyPYIaWeWxro5fl+dq/h0c4meWSZTkne0u+B+GmDsfg3Yo++5aU=
-----END CERTIFICATE-----