Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143772.roa
File:                     AS143772.roa (raw, json)
Hash identifier:          R/+M4qGbqBd51PiCDYlwYmAspNuwMT/20u2uPYFNCxo=
Subject key identifier:   6A:01:CB:5E:1B:E0:18:D1:CE:5B:CD:CF:C4:DD:8D:91:56:90:EF:43
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       24C2AB4D77C382099532F4D353A30F4E589F57E7
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143772.roa
Signing time:             Wed 04 Mar 2026 06:14:55 +0000
ROA not before:           Wed 04 Mar 2026 06:09:55 +0000
ROA not after:            Wed 03 Mar 2027 06:14:55 +0000
asID:                     143772
IP address blocks:        240a:a462::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            24:c2:ab:4d:77:c3:82:09:95:32:f4:d3:53:a3:0f:4e:58:9f:57:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:09:55 2026 GMT
            Not After : Mar  3 06:14:55 2027 GMT
        Subject: CN=6A01CB5E1BE018D1CE5BCDCFC4DD8D915690EF43
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:9b:0f:54:68:66:29:c0:f4:ca:db:62:9b:a5:
                    79:cc:92:d0:b7:ef:7c:35:b2:84:c9:41:d5:80:03:
                    cc:87:94:b6:54:77:35:39:c9:af:3e:c9:83:3e:d5:
                    49:ed:85:05:87:16:58:84:56:b4:6a:5f:72:67:19:
                    7c:aa:29:d0:60:1c:29:71:24:40:af:e8:cf:c7:c7:
                    3e:71:4e:db:e9:a5:ed:22:ed:35:a4:be:a6:76:73:
                    2e:39:64:60:a2:82:41:39:09:e2:51:e7:f3:fd:0e:
                    98:d9:80:94:ca:31:ba:65:b0:24:72:39:68:69:0b:
                    af:a1:63:09:c1:73:16:b2:a2:6a:18:9f:2e:ec:4d:
                    00:21:03:7b:2f:5a:78:50:07:d4:15:c9:b4:69:5c:
                    eb:76:9e:2a:ac:68:13:6b:63:f8:52:c3:3e:2a:e5:
                    ae:bd:8f:8c:c8:a7:2b:b1:74:77:95:ac:35:20:b0:
                    1d:6f:df:98:d6:6b:73:a8:c6:7f:dd:d0:35:74:93:
                    b0:b4:42:c3:dd:89:4d:c5:42:f2:4b:ba:0f:98:37:
                    93:2f:9a:3a:97:fe:a0:f1:56:08:b7:5a:0d:af:28:
                    fa:16:7f:47:db:c3:0b:04:fd:96:8e:96:2a:12:7e:
                    f3:69:ca:bb:b2:a8:24:34:43:ed:e8:40:57:d4:ce:
                    16:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:01:CB:5E:1B:E0:18:D1:CE:5B:CD:CF:C4:DD:8D:91:56:90:EF:43
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143772.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a462::/32

    Signature Algorithm: sha256WithRSAEncryption
         83:28:3e:dd:b7:d9:85:ed:9c:ab:ba:5e:12:96:5a:e6:c6:90:
         8b:30:76:44:2b:5e:f6:61:cb:1e:e5:03:aa:1e:f6:05:6e:70:
         63:6c:e6:90:2b:8c:20:84:72:82:a8:72:dd:59:27:ef:f2:26:
         68:a2:3e:be:e4:67:26:b5:8a:e5:8d:bf:ea:c1:7e:23:ef:10:
         e9:a7:f9:0a:41:db:0a:52:42:16:46:d6:ba:2d:f6:d7:c2:22:
         49:e1:8d:6e:8f:eb:af:ae:22:66:98:92:f0:c9:08:95:9a:a7:
         71:10:c4:ac:78:77:f5:37:11:9f:71:0e:ff:c4:95:5d:de:7e:
         3f:c4:3b:0d:14:67:29:e6:f7:51:ea:ef:09:3c:cf:f6:01:b0:
         11:ca:9f:0d:70:fa:fc:34:02:81:8a:9a:1e:d3:83:e5:d0:3c:
         19:0b:e3:d1:ec:f3:0d:c9:51:55:4e:37:7f:40:23:a9:7e:52:
         43:c4:89:6a:9f:62:6e:08:09:b2:5f:22:b4:b4:fd:37:18:77:
         fb:1e:66:17:93:82:1c:86:ab:c7:06:5a:de:fa:13:78:a6:9f:
         05:56:60:a1:a3:46:02:b3:3b:f0:85:87:6e:8f:43:33:8e:9a:
         9e:87:16:bb:d0:7d:54:2e:65:35:23:62:3c:03:ca:91:fd:07:
         aa:89:a8:c8
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUJMKrTXfDggmVMvTTU6MPTlifV+cwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDk1NVoX
DTI3MDMwMzA2MTQ1NVowMzExMC8GA1UEAxMoNkEwMUNCNUUxQkUwMThEMUNFNUJD
RENGQzRERDhEOTE1NjkwRUY0MzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJebD1RoZinA9MrbYpulecyS0LfvfDWyhMlB1YADzIeUtlR3NTnJrz7Jgz7V
Se2FBYcWWIRWtGpfcmcZfKop0GAcKXEkQK/oz8fHPnFO2+ml7SLtNaS+pnZzLjlk
YKKCQTkJ4lHn8/0OmNmAlMoxumWwJHI5aGkLr6FjCcFzFrKiahifLuxNACEDey9a
eFAH1BXJtGlc63aeKqxoE2tj+FLDPirlrr2PjMinK7F0d5WsNSCwHW/fmNZrc6jG
f93QNXSTsLRCw92JTcVC8ku6D5g3ky+aOpf+oPFWCLdaDa8o+hZ/R9vDCwT9lo6W
KhJ+82nKu7KoJDRD7ehAV9TOFokCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBRqActe
G+AY0c5bzc/E3Y2RVpDvQzAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0Mzc3Mi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
pGIwDQYJKoZIhvcNAQELBQADggEBAIMoPt232YXtnKu6XhKWWubGkIswdkQrXvZh
yx7lA6oe9gVucGNs5pArjCCEcoKoct1ZJ+/yJmiiPr7kZya1iuWNv+rBfiPvEOmn
+QpB2wpSQhZG1rot9tfCIknhjW6P66+uImaYkvDJCJWap3EQxKx4d/U3EZ9xDv/E
lV3efj/EOw0UZynm91Hq7wk8z/YBsBHKnw1w+vw0AoGKmh7Tg+XQPBkL49Hs8w3J
UVVON39AI6l+UkPEiWqfYm4ICbJfIrS0/TcYd/seZheTghyGq8cGWt76E3imnwVW
YKGjRgKzO/CFh26PQzOOmp6HFrvQfVQuZTUjYjwDypH9B6qJqMg=
-----END CERTIFICATE-----