Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143678.roa
File:                     AS143678.roa (raw, json)
Hash identifier:          rE6fekvY0TKYYeW9WJXDXkIofq1xciFPihyvnthbZSs=
Subject key identifier:   33:67:94:BD:EE:F7:A1:81:4F:61:FE:47:F1:08:95:44:E9:4F:A7:A4
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       31ABFE87A503128DB3CCB0CB753FADA33FBA9BBA
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143678.roa
Signing time:             Wed 04 Mar 2026 06:12:40 +0000
ROA not before:           Wed 04 Mar 2026 06:07:40 +0000
ROA not after:            Wed 03 Mar 2027 06:12:40 +0000
asID:                     143678
IP address blocks:        240a:a404::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            31:ab:fe:87:a5:03:12:8d:b3:cc:b0:cb:75:3f:ad:a3:3f:ba:9b:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:07:40 2026 GMT
            Not After : Mar  3 06:12:40 2027 GMT
        Subject: CN=336794BDEEF7A1814F61FE47F1089544E94FA7A4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:3f:a0:a7:63:b8:6c:13:e0:19:a9:f5:e2:f4:
                    64:70:77:69:c3:62:c8:8d:1d:11:cf:6f:ea:b8:4f:
                    77:a5:f1:0d:71:23:30:14:44:4f:15:c0:d3:04:20:
                    f9:74:a2:70:f7:87:25:9e:65:a7:2c:58:dd:f5:1f:
                    1c:41:14:dd:a0:e4:9c:97:14:d5:49:af:c3:f4:af:
                    09:f6:bb:86:39:99:55:81:6d:68:91:a8:3a:fd:a6:
                    16:9d:e6:48:1e:d4:7e:52:c6:cd:64:1d:2d:21:97:
                    f6:65:d7:36:99:c1:f5:51:d7:07:51:a6:15:9c:ee:
                    41:9d:6b:b2:95:ad:3a:1d:f3:0d:aa:c1:37:b7:39:
                    aa:2c:da:32:63:cf:a4:5e:94:f7:4d:51:65:f9:b7:
                    e7:dc:54:7d:de:fb:0b:76:89:d7:f9:37:b3:56:aa:
                    c7:39:90:9e:25:52:5f:33:8c:0c:b5:d8:97:5c:7b:
                    cd:a5:c1:d7:a8:af:22:94:d4:76:99:d8:7c:95:fb:
                    33:02:1b:b0:65:e8:02:97:7b:bc:bb:be:ec:3f:02:
                    17:a0:b3:e5:b2:e4:db:09:de:0a:46:ed:e4:3b:d7:
                    ca:26:e2:27:72:a1:f7:c5:f9:87:f7:50:f2:82:a4:
                    57:e7:20:17:8f:f1:7a:8f:71:5a:6e:92:27:81:d8:
                    2a:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:67:94:BD:EE:F7:A1:81:4F:61:FE:47:F1:08:95:44:E9:4F:A7:A4
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143678.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a404::/32

    Signature Algorithm: sha256WithRSAEncryption
         91:0b:ef:1d:d6:ae:08:7e:bd:ff:df:97:71:0c:52:97:5d:1c:
         1b:6b:6f:e5:8a:b7:e9:e9:b1:45:e5:41:1b:ed:44:71:3a:d1:
         70:9c:a2:61:d2:24:f4:1c:0f:ab:1b:02:fa:9f:cc:d7:b6:49:
         5f:42:83:97:e0:8e:c7:f4:c4:1b:fd:26:1f:9d:f5:8f:60:dc:
         c0:92:96:e1:39:7b:db:5f:c1:da:d9:b5:89:46:a8:f4:f7:c0:
         cc:62:54:f3:61:21:45:f1:0b:b6:3a:7b:3a:1d:a7:57:f2:70:
         24:e5:58:db:c0:e6:b8:9c:6d:3a:52:43:42:87:a0:c9:40:f8:
         a5:32:bc:2a:e3:55:89:4e:ee:8d:c3:f8:fa:fa:14:d0:55:6f:
         22:d7:ff:29:8d:4c:3d:02:92:5b:a0:d7:11:8a:b2:1e:c6:3c:
         21:02:b8:17:75:bd:00:c3:97:db:94:9a:3a:b1:7d:7a:02:a6:
         3c:7b:0b:d1:f8:b4:a9:09:62:ed:e2:de:b2:5c:0d:e9:0d:49:
         9c:7a:ed:49:68:ed:71:2b:90:a8:c1:08:f9:76:be:a6:35:9a:
         62:82:55:27:75:60:ca:96:f1:d8:2a:02:6f:42:de:e8:33:14:
         dc:88:d0:98:b8:43:3d:12:f2:e1:82:e8:c5:bc:a6:37:73:9e:
         f0:a0:bd:00
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUMav+h6UDEo2zzLDLdT+toz+6m7owDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDc0MFoX
DTI3MDMwMzA2MTI0MFowMzExMC8GA1UEAxMoMzM2Nzk0QkRFRUY3QTE4MTRGNjFG
RTQ3RjEwODk1NDRFOTRGQTdBNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL4/oKdjuGwT4Bmp9eL0ZHB3acNiyI0dEc9v6rhPd6XxDXEjMBRETxXA0wQg
+XSicPeHJZ5lpyxY3fUfHEEU3aDknJcU1Umvw/SvCfa7hjmZVYFtaJGoOv2mFp3m
SB7UflLGzWQdLSGX9mXXNpnB9VHXB1GmFZzuQZ1rspWtOh3zDarBN7c5qizaMmPP
pF6U901RZfm359xUfd77C3aJ1/k3s1aqxzmQniVSXzOMDLXYl1x7zaXB16ivIpTU
dpnYfJX7MwIbsGXoApd7vLu+7D8CF6Cz5bLk2wneCkbt5DvXyibiJ3Kh98X5h/dQ
8oKkV+cgF4/xeo9xWm6SJ4HYKk8CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQzZ5S9
7vehgU9h/kfxCJVE6U+npDAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MzY3OC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
pAQwDQYJKoZIhvcNAQELBQADggEBAJEL7x3Wrgh+vf/fl3EMUpddHBtrb+WKt+np
sUXlQRvtRHE60XCcomHSJPQcD6sbAvqfzNe2SV9Cg5fgjsf0xBv9Jh+d9Y9g3MCS
luE5e9tfwdrZtYlGqPT3wMxiVPNhIUXxC7Y6ezodp1fycCTlWNvA5ricbTpSQ0KH
oMlA+KUyvCrjVYlO7o3D+Pr6FNBVbyLX/ymNTD0Cklug1xGKsh7GPCECuBd1vQDD
l9uUmjqxfXoCpjx7C9H4tKkJYu3i3rJcDekNSZx67Ulo7XErkKjBCPl2vqY1mmKC
VSd1YMqW8dgqAm9C3ugzFNyI0Ji4Qz0S8uGC6MW8pjdznvCgvQA=
-----END CERTIFICATE-----