Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143770.roa
File:                     AS143770.roa (raw, json)
Hash identifier:          RBIVh3GYdo5/to/UpJBDH68LGRWxl6GEWzv16JmHFnc=
Subject key identifier:   52:FD:DF:0A:AD:94:4C:80:5B:8F:60:1E:6A:8E:E1:C3:6B:FD:F9:A1
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       6CD3242CCC67B12A5302213193E41F3D55171DAD
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143770.roa
Signing time:             Wed 04 Mar 2026 06:13:34 +0000
ROA not before:           Wed 04 Mar 2026 06:08:34 +0000
ROA not after:            Wed 03 Mar 2027 06:13:34 +0000
asID:                     143770
IP address blocks:        240a:a460::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:d3:24:2c:cc:67:b1:2a:53:02:21:31:93:e4:1f:3d:55:17:1d:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:08:34 2026 GMT
            Not After : Mar  3 06:13:34 2027 GMT
        Subject: CN=52FDDF0AAD944C805B8F601E6A8EE1C36BFDF9A1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:c6:40:d3:e3:2c:ea:ac:96:f1:c4:a6:27:12:
                    68:a7:f2:3a:27:25:0d:c0:aa:2b:63:7e:4a:fd:04:
                    3d:ae:98:f9:a5:38:c8:24:4a:be:46:4a:68:98:db:
                    b7:c6:37:64:fe:93:ad:cf:5e:8f:6a:41:b2:26:33:
                    b1:b8:b7:ba:dc:8c:70:88:16:ce:74:ef:9a:77:a1:
                    5a:b2:b9:7e:ec:04:89:c9:38:8a:3a:43:a9:94:d2:
                    93:ea:e7:1e:20:e2:20:fe:48:d1:04:70:db:94:1d:
                    82:0c:8c:c6:1f:b8:45:04:3f:7a:81:be:0a:23:52:
                    5f:c6:df:2b:28:40:09:f2:9f:0d:79:43:9a:b1:55:
                    d3:46:28:b5:65:5f:73:9b:c1:50:ca:38:8c:a5:47:
                    76:8e:1e:ef:56:10:71:c4:f2:4b:40:6e:ec:68:11:
                    0b:4c:0f:8f:17:9b:2d:cb:2e:75:90:84:93:cc:ff:
                    6f:3c:8c:75:2e:6b:59:93:fa:c6:b5:51:ab:34:0d:
                    0f:f0:da:54:9b:c8:9e:b8:39:21:bb:72:e8:72:13:
                    bc:00:8e:7c:ce:57:36:b4:b4:85:f0:d6:d3:98:65:
                    34:fb:3f:fd:79:58:c0:24:9b:83:72:38:61:4e:bf:
                    a8:82:97:ef:66:75:47:fc:81:c5:b5:25:ba:56:1b:
                    0b:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:FD:DF:0A:AD:94:4C:80:5B:8F:60:1E:6A:8E:E1:C3:6B:FD:F9:A1
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143770.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a460::/32

    Signature Algorithm: sha256WithRSAEncryption
         c0:1f:a1:cd:53:de:6b:e5:2d:6b:e2:70:75:d8:4c:58:dd:47:
         bf:ed:d6:c2:00:e9:8d:17:1f:b6:c1:70:d8:c3:85:c6:10:22:
         70:6e:01:94:c4:ec:df:6d:21:f9:29:b6:56:ec:ee:fc:e6:7c:
         f1:62:45:3b:82:b5:e4:b4:b6:91:b2:4a:56:87:f4:91:fc:0c:
         97:77:a5:34:9a:d2:a0:42:46:31:c2:5a:af:dc:99:d4:31:fe:
         e9:9d:fe:ce:d8:98:17:e3:31:fb:65:50:cf:b2:31:6e:b8:7e:
         f4:df:aa:b4:eb:8e:b4:d8:61:72:b7:64:50:13:3b:6a:5d:dc:
         eb:6c:2f:ae:f9:97:54:3a:ea:13:f3:91:61:da:5d:6c:c4:4d:
         f6:51:40:86:68:50:26:dd:6b:5e:e8:1b:96:13:c5:62:6e:8d:
         11:3a:f7:26:ae:fe:34:bc:84:83:8f:22:9b:05:cd:a7:7a:11:
         e6:ca:79:d2:a3:e7:50:24:8c:6f:39:04:ee:24:b7:00:c0:be:
         b9:81:b3:15:26:42:e8:d3:78:ed:8a:53:3f:5a:6a:c3:b5:60:
         e6:76:13:a0:7c:50:d3:7a:1f:fb:f3:61:ec:97:04:d8:c5:51:
         86:fb:f3:73:cf:0f:d8:d1:a9:3e:2d:00:4e:27:ce:13:9e:45:
         ed:43:e2:3e
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUbNMkLMxnsSpTAiExk+QfPVUXHa0wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDgzNFoX
DTI3MDMwMzA2MTMzNFowMzExMC8GA1UEAxMoNTJGRERGMEFBRDk0NEM4MDVCOEY2
MDFFNkE4RUUxQzM2QkZERjlBMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALDGQNPjLOqslvHEpicSaKfyOiclDcCqK2N+Sv0EPa6Y+aU4yCRKvkZKaJjb
t8Y3ZP6Trc9ej2pBsiYzsbi3utyMcIgWznTvmnehWrK5fuwEick4ijpDqZTSk+rn
HiDiIP5I0QRw25QdggyMxh+4RQQ/eoG+CiNSX8bfKyhACfKfDXlDmrFV00YotWVf
c5vBUMo4jKVHdo4e71YQccTyS0Bu7GgRC0wPjxebLcsudZCEk8z/bzyMdS5rWZP6
xrVRqzQND/DaVJvInrg5Ibty6HITvACOfM5XNrS0hfDW05hlNPs//XlYwCSbg3I4
YU6/qIKX72Z1R/yBxbUlulYbCy8CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBRS/d8K
rZRMgFuPYB5qjuHDa/35oTAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0Mzc3MC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
pGAwDQYJKoZIhvcNAQELBQADggEBAMAfoc1T3mvlLWvicHXYTFjdR7/t1sIA6Y0X
H7bBcNjDhcYQInBuAZTE7N9tIfkptlbs7vzmfPFiRTuCteS0tpGySlaH9JH8DJd3
pTSa0qBCRjHCWq/cmdQx/umd/s7YmBfjMftlUM+yMW64fvTfqrTrjrTYYXK3ZFAT
O2pd3OtsL675l1Q66hPzkWHaXWzETfZRQIZoUCbda17oG5YTxWJujRE69yau/jS8
hIOPIpsFzad6EebKedKj51AkjG85BO4ktwDAvrmBsxUmQujTeO2KUz9aasO1YOZ2
E6B8UNN6H/vzYeyXBNjFUYb783PPD9jRqT4tAE4nzhOeRe1D4j4=
-----END CERTIFICATE-----