Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143758.roa
File:                     AS143758.roa (raw, json)
Hash identifier:          8TjxHGyARH4cdHsfEQ6yzsh9sZst2JVIjVc/xGE2AiU=
Subject key identifier:   C5:26:56:BA:A4:AE:13:19:C5:87:21:31:69:69:8D:0A:F2:50:80:9A
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       5279B8C1E6152F101BF3E17FDF86575C998141DB
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143758.roa
Signing time:             Wed 04 Mar 2026 06:13:53 +0000
ROA not before:           Wed 04 Mar 2026 06:08:53 +0000
ROA not after:            Wed 03 Mar 2027 06:13:53 +0000
asID:                     143758
IP address blocks:        240a:a454::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            52:79:b8:c1:e6:15:2f:10:1b:f3:e1:7f:df:86:57:5c:99:81:41:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:08:53 2026 GMT
            Not After : Mar  3 06:13:53 2027 GMT
        Subject: CN=C52656BAA4AE1319C587213169698D0AF250809A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:52:69:9d:b1:72:f2:88:17:36:35:7e:84:38:
                    6c:bd:2a:d9:0a:63:1c:97:80:dc:d3:24:f4:41:96:
                    ac:26:76:89:33:24:8e:62:9f:36:5d:1f:03:b6:a3:
                    ef:6f:4d:94:84:d2:bd:69:09:38:ac:5a:92:92:a6:
                    21:fd:04:ef:5b:15:48:4b:80:a8:03:e1:3c:d7:60:
                    6c:75:05:d1:0d:9e:1a:1b:a9:ca:2d:0d:c4:c1:8b:
                    2a:6b:6b:7f:9b:7f:24:04:72:b6:6b:28:26:4e:66:
                    e0:77:0c:e7:b6:75:3c:6c:3b:98:67:6b:e5:b7:0e:
                    5c:e2:49:69:f0:20:cf:0f:aa:6a:64:66:77:cf:01:
                    24:58:69:72:dd:61:0c:12:10:b7:b0:45:46:5c:f6:
                    47:16:86:51:17:2e:f2:ff:9c:98:89:d8:80:0b:ec:
                    5d:ca:9e:1d:b6:5e:9a:12:c6:00:f9:4f:04:f8:17:
                    03:df:6d:50:24:d3:68:41:58:7b:5c:63:12:a4:60:
                    cb:c5:74:31:5a:1b:d0:63:0e:c6:fe:d2:80:62:7c:
                    ea:d3:5c:36:37:bf:ff:7e:cc:39:90:77:23:ff:e7:
                    39:e7:11:63:af:5a:50:82:da:f0:0f:46:0f:c2:60:
                    b1:3b:26:10:d8:44:d8:21:da:5f:6f:69:1b:9f:b8:
                    e4:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:26:56:BA:A4:AE:13:19:C5:87:21:31:69:69:8D:0A:F2:50:80:9A
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143758.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a454::/32

    Signature Algorithm: sha256WithRSAEncryption
         9c:46:5a:a5:e0:d0:0c:ed:86:46:01:f5:2f:fe:b1:13:d0:b1:
         82:ee:ad:8f:d8:57:e2:d4:88:4c:91:92:c4:99:f8:5f:5d:7d:
         ac:10:e2:f7:7c:2e:0c:f6:24:77:57:20:a1:c3:3b:a2:b1:ae:
         af:e2:33:f0:a5:c2:a2:bc:05:0e:d0:52:81:d4:67:63:7f:dc:
         c1:83:d1:8f:d2:49:28:e2:b4:61:c9:98:dd:c0:90:ce:9a:e0:
         fe:10:6d:ee:c1:f2:c5:2e:22:a2:2c:d5:3c:35:7e:8b:30:34:
         24:52:7e:ed:cc:73:f1:d3:99:cb:8e:48:00:1a:ff:c8:81:d0:
         b6:ee:74:48:c4:05:8a:1a:75:26:30:f1:b9:db:b1:45:c5:c1:
         cd:c8:b0:96:32:68:af:1e:25:f8:9a:24:dd:a1:c2:f0:9d:50:
         8f:f8:9a:b4:bf:3b:73:ba:56:04:8a:49:d8:3f:bb:5a:b6:23:
         c0:43:25:fc:1f:5f:0d:b2:5a:ff:7b:57:42:e9:fb:6a:a6:ad:
         75:97:5d:1a:53:c3:e0:ef:00:4c:8e:94:9e:95:cb:9c:83:c1:
         d2:74:da:65:c5:af:2a:0a:51:99:45:42:a3:a4:17:44:8c:b2:
         f8:be:2e:52:68:4d:98:66:d2:95:2a:9c:ab:23:30:6a:38:9a:
         54:f9:0c:13
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUUnm4weYVLxAb8+F/34ZXXJmBQdswDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDg1M1oX
DTI3MDMwMzA2MTM1M1owMzExMC8GA1UEAxMoQzUyNjU2QkFBNEFFMTMxOUM1ODcy
MTMxNjk2OThEMEFGMjUwODA5QTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAN5SaZ2xcvKIFzY1foQ4bL0q2QpjHJeA3NMk9EGWrCZ2iTMkjmKfNl0fA7aj
729NlITSvWkJOKxakpKmIf0E71sVSEuAqAPhPNdgbHUF0Q2eGhupyi0NxMGLKmtr
f5t/JARytmsoJk5m4HcM57Z1PGw7mGdr5bcOXOJJafAgzw+qamRmd88BJFhpct1h
DBIQt7BFRlz2RxaGURcu8v+cmInYgAvsXcqeHbZemhLGAPlPBPgXA99tUCTTaEFY
e1xjEqRgy8V0MVob0GMOxv7SgGJ86tNcNje//37MOZB3I//nOecRY69aUILa8A9G
D8JgsTsmENhE2CHaX29pG5+45KkCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBTFJla6
pK4TGcWHITFpaY0K8lCAmjAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0Mzc1OC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
pFQwDQYJKoZIhvcNAQELBQADggEBAJxGWqXg0AzthkYB9S/+sRPQsYLurY/YV+LU
iEyRksSZ+F9dfawQ4vd8Lgz2JHdXIKHDO6Kxrq/iM/ClwqK8BQ7QUoHUZ2N/3MGD
0Y/SSSjitGHJmN3AkM6a4P4Qbe7B8sUuIqIs1Tw1foswNCRSfu3Mc/HTmcuOSAAa
/8iB0LbudEjEBYoadSYw8bnbsUXFwc3IsJYyaK8eJfiaJN2hwvCdUI/4mrS/O3O6
VgSKSdg/u1q2I8BDJfwfXw2yWv97V0Lp+2qmrXWXXRpTw+DvAEyOlJ6Vy5yDwdJ0
2mXFryoKUZlFQqOkF0SMsvi+LlJoTZhm0pUqnKsjMGo4mlT5DBM=
-----END CERTIFICATE-----