Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143762.roa
File:                     AS143762.roa (raw, json)
Hash identifier:          PJv7kX1cpqVvVhyS/SLDuLGQO2OSqmYr0GH/kEH4W8c=
Subject key identifier:   7F:8F:6E:EA:A7:63:49:0D:7A:DC:1D:B6:9B:47:29:44:7E:00:78:70
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       09B34F91CBF2C3EC1CB4A00AB3CFDE397119A210
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143762.roa
Signing time:             Wed 04 Mar 2026 06:15:05 +0000
ROA not before:           Wed 04 Mar 2026 06:10:05 +0000
ROA not after:            Wed 03 Mar 2027 06:15:05 +0000
asID:                     143762
IP address blocks:        240a:a458::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            09:b3:4f:91:cb:f2:c3:ec:1c:b4:a0:0a:b3:cf:de:39:71:19:a2:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:10:05 2026 GMT
            Not After : Mar  3 06:15:05 2027 GMT
        Subject: CN=7F8F6EEAA763490D7ADC1DB69B4729447E007870
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:58:35:fa:db:df:d0:e6:38:4b:a0:6a:f9:52:
                    7a:16:4b:dd:70:03:9b:bf:a4:41:cf:60:5a:aa:4a:
                    e5:86:72:e5:90:98:d7:ed:77:20:2b:89:77:aa:b4:
                    b3:2a:e0:c2:d9:72:f5:33:32:5f:eb:a0:48:76:20:
                    f5:5d:2e:d6:48:16:fd:b5:98:a1:06:1c:1d:a4:1b:
                    40:4c:3f:a5:ac:3d:00:a4:37:10:82:67:e6:49:5a:
                    cb:ff:3b:ae:d1:fd:5a:ce:43:68:1f:1a:eb:f4:d2:
                    45:fd:86:d8:16:d7:24:b1:59:5b:ed:20:1f:36:b3:
                    34:41:de:45:7c:71:2d:45:7f:eb:d1:23:af:69:d8:
                    8e:6b:9c:aa:67:60:21:8f:ef:89:32:29:c7:f2:05:
                    b0:c8:e2:4f:0d:42:01:75:fb:22:dd:d3:2c:b6:41:
                    15:60:67:19:b5:c2:64:43:90:e8:7c:30:4f:54:98:
                    2e:89:36:b6:57:b1:4c:18:13:05:d3:eb:e8:09:d7:
                    dc:da:a7:9f:db:09:b0:78:31:f8:78:cc:8c:21:2c:
                    df:be:81:46:09:42:cc:c3:f6:a8:72:e2:85:9c:af:
                    0b:38:36:74:e1:da:a4:d2:4d:e3:fa:cf:a5:f9:c5:
                    e8:05:36:63:a4:eb:b5:97:e9:1d:3b:b9:a8:30:71:
                    cf:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:8F:6E:EA:A7:63:49:0D:7A:DC:1D:B6:9B:47:29:44:7E:00:78:70
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143762.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a458::/32

    Signature Algorithm: sha256WithRSAEncryption
         b3:0a:21:b0:d8:2d:d0:d0:c3:41:0f:ee:65:80:53:6e:f6:4e:
         18:ea:d1:45:c3:92:34:6d:03:aa:11:8c:1d:a4:55:b6:68:ab:
         00:fa:d0:c5:5f:99:5a:59:6c:4e:0d:90:20:78:0d:59:22:81:
         ee:a3:bc:94:6d:68:e7:d3:50:44:f6:e9:b9:5a:14:37:88:7f:
         86:f2:3b:58:b6:42:09:8a:9b:fd:77:90:be:d9:fc:29:9a:c0:
         dc:86:ba:a5:22:d2:92:f1:a6:a9:c0:1d:d4:b2:c7:ed:44:61:
         8f:62:5c:5f:ce:16:c6:9a:07:4c:d0:4d:e9:36:30:84:dc:97:
         4b:3f:dd:91:88:59:78:b0:23:d5:30:53:74:73:6f:f3:5e:03:
         67:c6:81:cb:ef:83:56:e1:2c:34:89:b8:ae:5a:4f:a6:7d:0a:
         83:af:28:91:58:86:d6:86:74:1e:a3:bb:e1:a8:a8:86:4d:88:
         a9:c7:57:22:98:19:92:f8:22:fe:41:3a:46:1f:00:03:98:e1:
         31:9c:3a:c1:8f:df:12:91:7a:c7:e5:5f:c0:43:9d:fc:bb:b3:
         2b:f9:a2:16:7e:71:54:f8:02:a3:fc:2a:55:ec:24:7f:52:8d:
         d8:a0:a4:4d:0a:ab:a0:82:60:fc:90:2e:94:eb:cf:8a:e9:65:
         a3:d1:bb:43
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUCbNPkcvyw+wctKAKs8/eOXEZohAwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTAwNVoX
DTI3MDMwMzA2MTUwNVowMzExMC8GA1UEAxMoN0Y4RjZFRUFBNzYzNDkwRDdBREMx
REI2OUI0NzI5NDQ3RTAwNzg3MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMZYNfrb39DmOEugavlSehZL3XADm7+kQc9gWqpK5YZy5ZCY1+13ICuJd6q0
syrgwtly9TMyX+ugSHYg9V0u1kgW/bWYoQYcHaQbQEw/paw9AKQ3EIJn5klay/87
rtH9Ws5DaB8a6/TSRf2G2BbXJLFZW+0gHzazNEHeRXxxLUV/69Ejr2nYjmucqmdg
IY/viTIpx/IFsMjiTw1CAXX7It3TLLZBFWBnGbXCZEOQ6HwwT1SYLok2tlexTBgT
BdPr6AnX3Nqnn9sJsHgx+HjMjCEs376BRglCzMP2qHLihZyvCzg2dOHapNJN4/rP
pfnF6AU2Y6TrtZfpHTu5qDBxz9UCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBR/j27q
p2NJDXrcHbabRylEfgB4cDAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0Mzc2Mi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
pFgwDQYJKoZIhvcNAQELBQADggEBALMKIbDYLdDQw0EP7mWAU272Thjq0UXDkjRt
A6oRjB2kVbZoqwD60MVfmVpZbE4NkCB4DVkige6jvJRtaOfTUET26blaFDeIf4by
O1i2QgmKm/13kL7Z/CmawNyGuqUi0pLxpqnAHdSyx+1EYY9iXF/OFsaaB0zQTek2
MITcl0s/3ZGIWXiwI9UwU3Rzb/NeA2fGgcvvg1bhLDSJuK5aT6Z9CoOvKJFYhtaG
dB6ju+GoqIZNiKnHVyKYGZL4Iv5BOkYfAAOY4TGcOsGP3xKResflX8BDnfy7syv5
ohZ+cVT4AqP8KlXsJH9SjdigpE0Kq6CCYPyQLpTrz4rpZaPRu0M=
-----END CERTIFICATE-----