Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143736.roa
File:                     AS143736.roa (raw, json)
Hash identifier:          Nbxu6ygkfhLDqj/8aWwAAl9R9mZdZ52IYY21UB8cPR4=
Subject key identifier:   EA:90:D2:66:5F:B6:2F:7F:CD:79:8C:89:52:16:40:9D:E7:A5:24:B1
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       1457FF0A79C32619F27C0F2FFE0B7275389CAF35
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143736.roa
Signing time:             Wed 04 Mar 2026 06:15:04 +0000
ROA not before:           Wed 04 Mar 2026 06:10:04 +0000
ROA not after:            Wed 03 Mar 2027 06:15:04 +0000
asID:                     143736
IP address blocks:        240a:a43e::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            14:57:ff:0a:79:c3:26:19:f2:7c:0f:2f:fe:0b:72:75:38:9c:af:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:10:04 2026 GMT
            Not After : Mar  3 06:15:04 2027 GMT
        Subject: CN=EA90D2665FB62F7FCD798C895216409DE7A524B1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:e8:a1:9b:8a:75:a8:65:f2:49:32:cb:fa:07:
                    94:d1:29:e7:ac:3a:37:74:9c:08:fc:23:d5:51:ad:
                    47:ca:b3:85:46:90:5e:15:30:2e:6a:0d:c0:50:05:
                    64:0e:80:0a:50:5d:08:98:7e:fe:46:4c:5f:2b:a4:
                    f0:4f:bb:f0:fa:d9:79:0a:ae:f1:d9:5f:ae:34:0f:
                    c7:52:38:8d:71:a1:5e:40:8b:80:99:c7:fc:e0:b2:
                    87:f9:39:55:a5:1a:c9:fe:83:0d:50:89:5f:5a:88:
                    94:e6:13:74:f3:77:20:0b:16:9d:96:87:1c:98:31:
                    d8:11:fa:f9:23:58:c4:97:cd:0f:41:a5:fd:a4:81:
                    a1:74:3e:8c:b9:4e:e2:86:db:16:b6:65:85:13:53:
                    b8:7e:35:38:5e:91:3b:94:fe:42:1c:d1:54:37:49:
                    fb:88:85:90:fe:f1:00:c7:80:ac:bb:f4:56:a9:24:
                    77:22:01:11:41:ea:38:0f:71:90:b6:21:97:9c:21:
                    c7:10:c0:f0:95:94:d7:ce:42:1e:e6:29:83:44:4f:
                    6e:6c:d2:6f:5b:4c:95:de:06:59:51:25:7a:e6:ee:
                    a0:84:02:64:bc:e8:15:d9:95:65:8c:d6:48:8d:12:
                    88:f4:ab:4f:da:99:11:5a:d2:36:f4:fa:e6:67:c2:
                    34:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:90:D2:66:5F:B6:2F:7F:CD:79:8C:89:52:16:40:9D:E7:A5:24:B1
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143736.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a43e::/32

    Signature Algorithm: sha256WithRSAEncryption
         0e:cd:47:43:a7:08:93:7e:b9:2b:b7:fb:12:ab:ca:14:9d:9a:
         e3:e0:36:04:2a:cb:c2:3d:97:af:30:d1:8a:89:a9:7a:2c:ef:
         45:3a:95:cf:ce:4e:d6:43:4f:00:2d:52:65:3c:8d:d9:c6:c2:
         1b:b7:43:dd:c5:cb:c0:52:ba:d6:96:3d:a9:e0:01:63:3a:ad:
         9b:eb:67:d8:43:c5:78:43:14:fe:9f:07:6f:a4:64:ca:46:ee:
         4d:74:32:35:7a:6f:34:36:5f:74:d8:14:5b:64:ff:e9:6e:1b:
         8f:51:56:45:80:c3:3b:10:9e:6d:a0:46:44:83:98:89:01:fc:
         a3:06:2b:39:b2:84:c0:90:2c:30:9a:b8:e9:6d:b2:a9:44:fa:
         9d:4a:55:a3:c8:e7:ac:a5:5e:a9:f2:ff:db:98:1f:8b:14:d7:
         0d:b1:6a:45:46:13:0a:51:92:02:cd:e5:96:a6:02:c4:ef:79:
         82:72:90:ec:08:d5:c6:71:3c:63:8d:4f:42:15:9f:1f:82:73:
         c3:bf:07:11:a1:b1:4d:4b:6b:f3:97:a8:84:ca:ce:d7:8d:bd:
         87:ef:d0:1c:f3:f8:63:fa:9c:08:17:e2:3c:3c:bb:bb:4f:cb:
         81:a6:c4:52:1f:ed:cf:c0:98:c4:c9:cf:a8:c4:ec:72:26:af:
         25:d2:da:31
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUFFf/CnnDJhnyfA8v/gtydTicrzUwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTAwNFoX
DTI3MDMwMzA2MTUwNFowMzExMC8GA1UEAxMoRUE5MEQyNjY1RkI2MkY3RkNENzk4
Qzg5NTIxNjQwOURFN0E1MjRCMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJTooZuKdahl8kkyy/oHlNEp56w6N3ScCPwj1VGtR8qzhUaQXhUwLmoNwFAF
ZA6AClBdCJh+/kZMXyuk8E+78PrZeQqu8dlfrjQPx1I4jXGhXkCLgJnH/OCyh/k5
VaUayf6DDVCJX1qIlOYTdPN3IAsWnZaHHJgx2BH6+SNYxJfND0Gl/aSBoXQ+jLlO
4obbFrZlhRNTuH41OF6RO5T+QhzRVDdJ+4iFkP7xAMeArLv0VqkkdyIBEUHqOA9x
kLYhl5whxxDA8JWU185CHuYpg0RPbmzSb1tMld4GWVEleubuoIQCZLzoFdmVZYzW
SI0SiPSrT9qZEVrSNvT65mfCNG0CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBTqkNJm
X7Yvf815jIlSFkCd56UksTAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MzczNi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
pD4wDQYJKoZIhvcNAQELBQADggEBAA7NR0OnCJN+uSu3+xKryhSdmuPgNgQqy8I9
l68w0YqJqXos70U6lc/OTtZDTwAtUmU8jdnGwhu3Q93Fy8BSutaWPangAWM6rZvr
Z9hDxXhDFP6fB2+kZMpG7k10MjV6bzQ2X3TYFFtk/+luG49RVkWAwzsQnm2gRkSD
mIkB/KMGKzmyhMCQLDCauOltsqlE+p1KVaPI56ylXqny/9uYH4sU1w2xakVGEwpR
kgLN5ZamAsTveYJykOwI1cZxPGONT0IVnx+Cc8O/BxGhsU1La/OXqITKzteNvYfv
0Bzz+GP6nAgX4jw8u7tPy4GmxFIf7c/AmMTJz6jE7HImryXS2jE=
-----END CERTIFICATE-----