Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143720.roa
File:                     AS143720.roa (raw, json)
Hash identifier:          XGVo8sRZKNL3xJXcGNG39Q8ACQgthPrO8tV5jHmXvJg=
Subject key identifier:   3B:D0:04:11:E8:56:B7:EE:28:9F:AB:49:5B:0D:25:5A:EF:26:6E:DF
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       5B34EDE19EC8CA8784FD12EA6BAE3B8C604C7ADF
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143720.roa
Signing time:             Wed 04 Mar 2026 06:13:42 +0000
ROA not before:           Wed 04 Mar 2026 06:08:42 +0000
ROA not after:            Wed 03 Mar 2027 06:13:42 +0000
asID:                     143720
IP address blocks:        240a:a42e::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5b:34:ed:e1:9e:c8:ca:87:84:fd:12:ea:6b:ae:3b:8c:60:4c:7a:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:08:42 2026 GMT
            Not After : Mar  3 06:13:42 2027 GMT
        Subject: CN=3BD00411E856B7EE289FAB495B0D255AEF266EDF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:aa:9d:5d:6b:d2:ef:dd:27:b0:24:31:81:e2:
                    9d:0c:86:db:59:88:d2:75:86:4f:4b:8f:f9:28:c2:
                    92:9e:9c:e4:b5:d8:ca:fd:8d:8c:00:23:a3:71:06:
                    46:1a:a9:58:e5:a0:19:98:f7:d0:82:ed:61:36:39:
                    ed:28:2d:4b:7a:8a:53:53:a8:0d:84:67:d8:c9:cb:
                    38:56:62:71:9c:47:7f:b1:a1:f7:18:e6:fb:bc:f6:
                    5c:ed:25:1e:5c:e5:8a:e0:19:ab:63:a1:73:1e:2b:
                    3d:39:96:e9:d9:0c:90:07:86:3f:6b:d5:80:32:b7:
                    1d:53:a3:0d:9c:67:38:a9:99:6c:e1:ff:bd:41:2a:
                    52:70:8b:e7:60:43:51:19:10:2e:78:5f:3e:cf:17:
                    ee:46:85:71:42:8b:79:b8:7a:a8:b7:0a:ae:57:32:
                    52:91:98:a3:cb:ed:f6:3a:01:bf:dd:4a:f2:35:34:
                    89:47:c6:0d:33:1d:aa:88:d0:60:41:fc:39:b5:4e:
                    84:5a:fa:a1:89:1e:2f:b4:7d:79:5b:89:98:5f:5e:
                    e7:ab:7d:c7:d4:41:9f:b9:82:26:aa:1d:b5:73:fc:
                    f1:c6:f6:2d:67:89:13:4f:3b:41:17:0d:1b:07:fe:
                    b4:9c:f9:bb:9d:fe:49:2d:b6:be:68:1c:a5:06:72:
                    2d:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:D0:04:11:E8:56:B7:EE:28:9F:AB:49:5B:0D:25:5A:EF:26:6E:DF
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143720.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a42e::/32

    Signature Algorithm: sha256WithRSAEncryption
         13:5e:2c:79:b6:cd:e1:aa:83:80:1e:08:d4:fb:a1:55:6d:d4:
         6d:e8:11:30:85:a0:25:a3:98:c5:96:d9:7e:a4:37:ae:1e:ac:
         49:91:37:5d:92:96:d2:9a:37:0e:98:62:b8:94:c4:ee:50:28:
         c4:44:22:c9:4b:bb:b6:23:d3:85:74:05:b1:15:15:58:73:3a:
         22:f4:17:76:f8:c6:9e:23:b1:d2:a5:76:d8:24:2b:d5:c4:39:
         17:b2:ce:6b:f1:c9:a6:db:5d:26:82:69:ef:fa:a6:2b:c2:29:
         3c:a4:81:de:39:45:09:84:99:a0:eb:c3:d5:47:a6:39:6a:c8:
         1c:cb:0e:67:d1:db:c6:00:94:65:31:1f:ce:a5:54:e5:f9:86:
         80:11:c0:b1:e6:0e:a8:52:a3:29:74:a0:b3:b0:3e:db:7b:8d:
         44:b2:0c:ee:ee:e0:1d:6a:81:b9:3d:48:a5:5a:4a:dc:ae:c6:
         09:82:2f:bb:c7:2c:9d:c1:58:95:0c:07:5e:85:93:8e:4b:e6:
         6f:48:56:ed:18:73:3e:61:49:53:dd:ab:35:a1:d5:49:94:78:
         6f:c8:16:08:ae:c6:a9:80:b3:1f:1c:46:9b:d6:e2:e2:7f:38:
         14:8a:05:8c:40:ee:17:f1:62:cb:6e:bd:bf:24:00:80:18:e0:
         71:3a:a0:85
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUWzTt4Z7IyoeE/RLqa647jGBMet8wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDg0MloX
DTI3MDMwMzA2MTM0MlowMzExMC8GA1UEAxMoM0JEMDA0MTFFODU2QjdFRTI4OUZB
QjQ5NUIwRDI1NUFFRjI2NkVERjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOOqnV1r0u/dJ7AkMYHinQyG21mI0nWGT0uP+SjCkp6c5LXYyv2NjAAjo3EG
RhqpWOWgGZj30ILtYTY57SgtS3qKU1OoDYRn2MnLOFZicZxHf7Gh9xjm+7z2XO0l
HlzliuAZq2Ohcx4rPTmW6dkMkAeGP2vVgDK3HVOjDZxnOKmZbOH/vUEqUnCL52BD
URkQLnhfPs8X7kaFcUKLebh6qLcKrlcyUpGYo8vt9joBv91K8jU0iUfGDTMdqojQ
YEH8ObVOhFr6oYkeL7R9eVuJmF9e56t9x9RBn7mCJqodtXP88cb2LWeJE087QRcN
Gwf+tJz5u53+SS22vmgcpQZyLZECAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQ70AQR
6Fa37iifq0lbDSVa7yZu3zAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MzcyMC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
pC4wDQYJKoZIhvcNAQELBQADggEBABNeLHm2zeGqg4AeCNT7oVVt1G3oETCFoCWj
mMWW2X6kN64erEmRN12SltKaNw6YYriUxO5QKMREIslLu7Yj04V0BbEVFVhzOiL0
F3b4xp4jsdKldtgkK9XEOReyzmvxyabbXSaCae/6pivCKTykgd45RQmEmaDrw9VH
pjlqyBzLDmfR28YAlGUxH86lVOX5hoARwLHmDqhSoyl0oLOwPtt7jUSyDO7u4B1q
gbk9SKVaStyuxgmCL7vHLJ3BWJUMB16Fk45L5m9IVu0Ycz5hSVPdqzWh1UmUeG/I
FgiuxqmAsx8cRpvW4uJ/OBSKBYxA7hfxYstuvb8kAIAY4HE6oIU=
-----END CERTIFICATE-----