Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143682.roa
File:                     AS143682.roa (raw, json)
Hash identifier:          EED9tvnfL5dBExRWTCcU+IHEG3wvXRKiia+GR70gAvQ=
Subject key identifier:   F3:64:F1:C7:AC:EA:0C:17:65:42:38:EA:E1:3F:64:6B:F1:7F:F7:A8
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       23907E15739FCB1695029A3990D9F7CA8064A469
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143682.roa
Signing time:             Wed 04 Mar 2026 06:14:26 +0000
ROA not before:           Wed 04 Mar 2026 06:09:26 +0000
ROA not after:            Wed 03 Mar 2027 06:14:26 +0000
asID:                     143682
IP address blocks:        240a:a408::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            23:90:7e:15:73:9f:cb:16:95:02:9a:39:90:d9:f7:ca:80:64:a4:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:09:26 2026 GMT
            Not After : Mar  3 06:14:26 2027 GMT
        Subject: CN=F364F1C7ACEA0C17654238EAE13F646BF17FF7A8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:d0:9a:11:76:d4:94:c4:d1:8c:b7:f9:75:47:
                    34:f2:e4:4f:ab:83:26:36:fa:43:2b:56:30:73:1f:
                    da:0f:a4:f8:d6:39:22:cd:f2:5a:07:c9:71:56:f6:
                    49:21:af:14:1c:7e:3f:53:ce:ed:68:f1:e6:1b:5e:
                    e8:68:3c:3d:13:50:f1:a2:f2:bf:f3:0d:45:79:61:
                    22:3d:9f:cc:00:68:b5:d5:c5:d1:8a:83:ef:d4:f0:
                    d7:ed:03:6e:de:f8:fd:23:e3:8e:fa:dd:b7:69:b8:
                    b3:92:64:ed:50:71:33:ca:6d:0d:c6:fd:d2:55:f8:
                    5b:a7:73:ee:07:4c:c8:83:78:f8:25:a1:26:b8:9a:
                    6a:9a:ee:5e:ea:d2:2f:39:6c:0d:c9:d0:65:6b:1d:
                    f2:18:d1:bb:22:da:2f:76:5b:9b:c7:56:c9:3c:1b:
                    c5:86:db:76:9c:23:60:d7:6a:7d:f3:4e:db:46:30:
                    ec:9f:a8:e0:15:df:92:f3:26:55:1b:f0:64:1c:e3:
                    e5:ee:60:89:9e:aa:e8:40:0a:4d:1b:e7:6c:c6:1a:
                    04:ea:23:e9:9c:04:8f:76:eb:ea:e4:c5:d8:7f:1a:
                    b2:93:29:be:81:a5:a3:c7:e5:a2:a2:0e:ea:70:7d:
                    c5:ab:36:96:bd:f3:bd:0b:5c:78:61:c5:b6:57:c9:
                    0b:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:64:F1:C7:AC:EA:0C:17:65:42:38:EA:E1:3F:64:6B:F1:7F:F7:A8
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143682.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a408::/32

    Signature Algorithm: sha256WithRSAEncryption
         ab:43:de:83:01:13:9c:6e:ee:64:6f:59:17:94:65:d8:8c:f7:
         93:ef:8b:24:35:dd:ca:c6:1e:c8:44:0c:6f:16:a1:51:be:e1:
         9a:3a:05:68:0e:ab:60:a8:7a:1d:97:df:a5:57:30:79:34:05:
         9b:5d:4c:3a:9b:7b:45:3c:64:4d:24:72:dd:86:bf:ab:fb:d3:
         fb:f0:da:64:27:f7:bc:d5:6b:b3:5d:07:f6:36:d6:fe:10:bd:
         e8:13:58:a0:70:3b:d1:c6:1e:fe:1e:f4:6e:df:92:db:e0:e2:
         98:5e:94:02:f2:f4:ce:ec:35:90:32:7b:54:c3:c1:8e:cd:eb:
         81:6f:01:dc:2f:09:33:0a:8c:37:3d:c4:09:a8:80:fd:6a:5b:
         9f:cc:52:11:b6:72:73:ce:60:9a:97:32:ec:69:34:de:19:5a:
         6b:97:b8:d0:36:cf:27:d6:0a:6e:8a:59:d4:69:74:76:79:07:
         e6:2b:36:8e:2f:09:b9:b2:70:2d:56:d7:a0:a5:76:d5:5d:21:
         f6:84:09:07:f8:67:b4:eb:29:88:7f:ff:f8:86:5d:4f:9c:c1:
         4c:78:64:c5:54:19:e4:17:90:cc:26:a0:81:8c:81:2d:b6:ac:
         8d:a9:4f:96:46:e6:cf:0c:54:db:d1:ea:ed:9d:59:fb:5a:0e:
         71:4a:30:ec
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUI5B+FXOfyxaVApo5kNn3yoBkpGkwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDkyNloX
DTI3MDMwMzA2MTQyNlowMzExMC8GA1UEAxMoRjM2NEYxQzdBQ0VBMEMxNzY1NDIz
OEVBRTEzRjY0NkJGMTdGRjdBODCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAO3QmhF21JTE0Yy3+XVHNPLkT6uDJjb6QytWMHMf2g+k+NY5Is3yWgfJcVb2
SSGvFBx+P1PO7Wjx5hte6Gg8PRNQ8aLyv/MNRXlhIj2fzABotdXF0YqD79Tw1+0D
bt74/SPjjvrdt2m4s5Jk7VBxM8ptDcb90lX4W6dz7gdMyIN4+CWhJriaapruXurS
LzlsDcnQZWsd8hjRuyLaL3Zbm8dWyTwbxYbbdpwjYNdqffNO20Yw7J+o4BXfkvMm
VRvwZBzj5e5giZ6q6EAKTRvnbMYaBOoj6ZwEj3br6uTF2H8aspMpvoGlo8floqIO
6nB9xas2lr3zvQtceGHFtlfJC1UCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBTzZPHH
rOoMF2VCOOrhP2Rr8X/3qDAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MzY4Mi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
pAgwDQYJKoZIhvcNAQELBQADggEBAKtD3oMBE5xu7mRvWReUZdiM95PviyQ13crG
HshEDG8WoVG+4Zo6BWgOq2Coeh2X36VXMHk0BZtdTDqbe0U8ZE0kct2Gv6v70/vw
2mQn97zVa7NdB/Y21v4QvegTWKBwO9HGHv4e9G7fktvg4phelALy9M7sNZAye1TD
wY7N64FvAdwvCTMKjDc9xAmogP1qW5/MUhG2cnPOYJqXMuxpNN4ZWmuXuNA2zyfW
Cm6KWdRpdHZ5B+YrNo4vCbmycC1W16CldtVdIfaECQf4Z7TrKYh///iGXU+cwUx4
ZMVUGeQXkMwmoIGMgS22rI2pT5ZG5s8MVNvR6u2dWftaDnFKMOw=
-----END CERTIFICATE-----