Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143686.roa
File:                     AS143686.roa (raw, json)
Hash identifier:          qoJ/3BWR4KhjbRnTQzBdrZUoxtiMcDJ+BzELYDWCNkc=
Subject key identifier:   80:23:CE:99:80:F2:BF:1F:1B:23:89:84:03:79:DE:92:A0:57:3B:CD
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       54CE0F815F2A459BC0F6853F70CC521BE4DDE5E6
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143686.roa
Signing time:             Wed 04 Mar 2026 06:15:18 +0000
ROA not before:           Wed 04 Mar 2026 06:10:18 +0000
ROA not after:            Wed 03 Mar 2027 06:15:18 +0000
asID:                     143686
IP address blocks:        240a:a40c::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            54:ce:0f:81:5f:2a:45:9b:c0:f6:85:3f:70:cc:52:1b:e4:dd:e5:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:10:18 2026 GMT
            Not After : Mar  3 06:15:18 2027 GMT
        Subject: CN=8023CE9980F2BF1F1B2389840379DE92A0573BCD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:1e:e0:18:e2:56:1b:97:f5:ed:c2:56:7f:76:
                    ae:ab:18:ff:1d:c5:83:dd:84:d0:7b:a6:e9:08:c6:
                    10:83:d1:a7:a2:ae:7a:ae:7d:97:83:d3:18:dd:72:
                    06:57:af:53:05:d1:3d:03:e5:b7:90:55:94:4e:a2:
                    4f:be:ad:22:9f:74:0a:91:23:15:f8:5f:b9:51:27:
                    4d:b3:9d:54:1e:eb:30:0f:6c:dd:fb:b0:9f:dd:11:
                    27:5e:bf:5c:7c:74:2b:6d:29:c1:37:71:da:e7:11:
                    b5:95:1e:e3:d7:10:ca:7e:f5:ca:55:94:98:af:91:
                    37:c3:39:04:8f:b0:99:ab:97:fe:59:ef:ac:9a:2b:
                    34:cf:b9:39:de:8f:82:ba:b9:7a:a4:f4:24:15:af:
                    be:ba:99:07:5e:2d:32:ea:47:7b:0a:50:13:cc:34:
                    4e:d2:cd:fd:8b:c2:75:7b:dd:e8:47:ac:51:44:9b:
                    e9:a2:ff:6f:8b:36:7f:91:65:a3:d4:39:e8:de:ec:
                    41:17:3e:ec:91:fe:33:4c:3b:b1:d5:73:20:0a:c7:
                    97:f6:26:e1:bf:fb:57:88:22:1b:c5:c9:6e:fd:08:
                    4f:55:9c:2d:0e:74:50:75:c3:e7:61:de:1c:1a:6c:
                    31:8e:cb:4d:4d:25:c5:eb:bb:b7:7e:05:e8:2a:0d:
                    ad:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:23:CE:99:80:F2:BF:1F:1B:23:89:84:03:79:DE:92:A0:57:3B:CD
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143686.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a40c::/32

    Signature Algorithm: sha256WithRSAEncryption
         d4:df:2d:62:2b:49:6e:78:05:c9:83:e7:6f:74:0d:45:30:b5:
         e2:c0:0f:eb:7c:cc:27:26:cd:fc:1a:68:06:db:10:de:7d:8a:
         5e:2d:a4:a2:ac:c6:88:00:c9:8f:ad:55:83:c8:70:05:cf:08:
         0d:93:a1:f5:8f:cf:69:89:44:4b:6e:3d:96:d1:2e:34:71:f3:
         8e:61:7e:0d:36:43:9c:6d:85:62:13:e5:45:a4:ee:4d:6b:05:
         a8:b6:b2:dd:64:f3:8e:ca:6d:a7:62:dc:af:e7:e8:02:08:4f:
         6d:3f:b9:89:b8:4f:87:a3:a7:0f:11:42:95:9a:2d:b4:20:e6:
         d1:2d:10:67:88:01:9d:b6:10:52:4b:c8:98:7f:ba:89:c1:44:
         b9:39:73:71:bc:77:c1:87:06:73:14:13:9d:98:76:56:b3:f6:
         04:21:46:bc:92:b8:32:47:91:28:03:46:7e:7d:ba:2e:fa:b8:
         ce:76:7a:b4:6f:e5:bd:e4:cb:9b:4a:b7:6e:aa:4d:50:05:37:
         36:0e:e3:3a:be:dd:8d:5d:72:e9:f9:a4:79:05:8a:df:9f:b4:
         86:35:14:03:61:f3:be:62:2e:c2:54:7c:7c:89:a0:70:a2:2f:
         1a:7b:09:6e:a1:0e:f8:a6:aa:a2:f2:75:68:57:34:5d:12:8d:
         88:de:22:41
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUVM4PgV8qRZvA9oU/cMxSG+Td5eYwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTAxOFoX
DTI3MDMwMzA2MTUxOFowMzExMC8GA1UEAxMoODAyM0NFOTk4MEYyQkYxRjFCMjM4
OTg0MDM3OURFOTJBMDU3M0JDRDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANUe4BjiVhuX9e3CVn92rqsY/x3Fg92E0Hum6QjGEIPRp6Kueq59l4PTGN1y
BlevUwXRPQPlt5BVlE6iT76tIp90CpEjFfhfuVEnTbOdVB7rMA9s3fuwn90RJ16/
XHx0K20pwTdx2ucRtZUe49cQyn71ylWUmK+RN8M5BI+wmauX/lnvrJorNM+5Od6P
grq5eqT0JBWvvrqZB14tMupHewpQE8w0TtLN/YvCdXvd6EesUUSb6aL/b4s2f5Fl
o9Q56N7sQRc+7JH+M0w7sdVzIArHl/Ym4b/7V4giG8XJbv0IT1WcLQ50UHXD52He
HBpsMY7LTU0lxeu7t34F6CoNrbMCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBSAI86Z
gPK/HxsjiYQDed6SoFc7zTAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MzY4Ni5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
pAwwDQYJKoZIhvcNAQELBQADggEBANTfLWIrSW54BcmD5290DUUwteLAD+t8zCcm
zfwaaAbbEN59il4tpKKsxogAyY+tVYPIcAXPCA2TofWPz2mJREtuPZbRLjRx845h
fg02Q5xthWIT5UWk7k1rBai2st1k847Kbadi3K/n6AIIT20/uYm4T4ejpw8RQpWa
LbQg5tEtEGeIAZ22EFJLyJh/uonBRLk5c3G8d8GHBnMUE52Ydlaz9gQhRrySuDJH
kSgDRn59ui76uM52erRv5b3ky5tKt26qTVAFNzYO4zq+3Y1dcun5pHkFit+ftIY1
FANh875iLsJUfHyJoHCiLxp7CW6hDvimqqLydWhXNF0SjYjeIkE=
-----END CERTIFICATE-----