Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143782.roa
File:                     AS143782.roa (raw, json)
Hash identifier:          nx9asCJ7a+/0bjsuYesdQYhOkeSMPlO0rCbRwErRlXM=
Subject key identifier:   F4:C1:CE:C3:EF:DB:6E:82:EE:79:07:8E:9E:13:E4:51:7B:63:3C:18
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       7C2142C317087DFA2E2E11AD1733EBE5566338D0
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143782.roa
Signing time:             Wed 04 Mar 2026 06:14:44 +0000
ROA not before:           Wed 04 Mar 2026 06:09:44 +0000
ROA not after:            Wed 03 Mar 2027 06:14:44 +0000
asID:                     143782
IP address blocks:        240a:a46c::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:21:42:c3:17:08:7d:fa:2e:2e:11:ad:17:33:eb:e5:56:63:38:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:09:44 2026 GMT
            Not After : Mar  3 06:14:44 2027 GMT
        Subject: CN=F4C1CEC3EFDB6E82EE79078E9E13E4517B633C18
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:7e:bf:97:75:a0:5c:a2:c9:c2:ac:88:77:2e:
                    36:2a:80:af:21:c3:61:18:fd:f7:d3:d3:da:54:48:
                    0d:1c:fb:20:91:c2:01:12:1f:eb:07:e3:b0:16:b3:
                    a7:44:66:87:77:27:63:8c:61:c1:cd:3a:62:4c:60:
                    a7:74:38:12:d7:5b:f9:b1:3c:6d:81:a2:64:20:fc:
                    6d:53:c2:ce:2b:5a:74:6e:a9:6b:e5:1c:ea:e0:94:
                    98:18:1a:92:50:4b:94:e1:9b:e6:14:18:12:ca:61:
                    63:bf:f4:c7:41:d5:41:21:e9:23:5f:0d:c6:88:b5:
                    06:ca:6b:c4:7b:86:c8:93:22:38:f4:71:ca:18:ed:
                    3b:19:1b:82:b1:c6:c1:da:f3:97:e3:97:94:a6:9c:
                    50:13:9c:71:c4:12:0d:15:cd:9f:16:c5:c9:21:29:
                    1f:93:0e:68:d1:c1:dc:78:ec:47:b6:f4:f3:82:67:
                    5d:95:fe:bf:bd:7c:ae:60:49:a7:e9:09:68:be:39:
                    c6:37:43:e9:dc:27:73:70:90:93:3a:31:90:51:46:
                    92:8c:78:86:06:bb:eb:39:2e:64:59:31:fa:5a:71:
                    fd:68:10:4b:fa:7e:80:a5:40:38:9c:82:75:ec:bf:
                    59:01:61:e4:7d:c0:e8:48:9f:a3:79:07:84:40:e4:
                    58:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:C1:CE:C3:EF:DB:6E:82:EE:79:07:8E:9E:13:E4:51:7B:63:3C:18
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143782.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a46c::/32

    Signature Algorithm: sha256WithRSAEncryption
         a9:a2:3c:85:8e:92:bb:2a:93:96:34:17:da:e2:ed:3d:37:7b:
         f2:26:67:76:13:97:9f:3c:98:75:3b:28:c8:6e:81:6e:50:bf:
         76:ce:21:8d:26:8a:0a:49:d6:15:cc:a1:fb:42:b8:37:42:88:
         db:f2:38:68:42:84:14:6b:2a:c6:49:6a:df:22:b6:bf:b4:c2:
         b9:7a:1a:75:ba:16:23:97:ee:5e:40:3a:bd:5f:ad:93:c8:72:
         6b:08:11:b2:d3:eb:36:5d:25:94:8b:05:35:ab:a0:98:7d:95:
         ba:33:e2:8c:ce:25:41:07:d9:e9:e9:e4:b6:9c:fc:6a:a0:b5:
         6c:ce:a3:69:44:a6:85:e5:0e:bc:ef:a0:4d:43:b9:d3:2c:5c:
         86:11:6b:a4:33:5e:a6:7a:98:a9:13:d2:63:c3:cc:b6:2a:18:
         82:ff:07:3b:a6:d0:0b:cf:28:e9:cc:62:b7:56:ec:f7:8d:dc:
         be:f1:ac:48:ed:c0:fb:e7:9c:d4:45:d9:b9:79:6e:f0:92:28:
         bc:3d:7f:58:bb:c7:60:7b:30:d1:65:d2:46:13:d7:d9:68:84:
         2d:97:fd:fb:d7:8d:3b:2c:72:6c:63:b5:9b:54:3d:50:5b:d3:
         e6:b3:17:b5:ff:b0:c4:7e:14:f4:dc:9e:7b:f7:48:7d:aa:14:
         7a:be:a9:65
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUfCFCwxcIffouLhGtFzPr5VZjONAwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDk0NFoX
DTI3MDMwMzA2MTQ0NFowMzExMC8GA1UEAxMoRjRDMUNFQzNFRkRCNkU4MkVFNzkw
NzhFOUUxM0U0NTE3QjYzM0MxODCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKp+v5d1oFyiycKsiHcuNiqAryHDYRj999PT2lRIDRz7IJHCARIf6wfjsBaz
p0Rmh3cnY4xhwc06Ykxgp3Q4Etdb+bE8bYGiZCD8bVPCzitadG6pa+Uc6uCUmBga
klBLlOGb5hQYEsphY7/0x0HVQSHpI18Nxoi1BsprxHuGyJMiOPRxyhjtOxkbgrHG
wdrzl+OXlKacUBOcccQSDRXNnxbFySEpH5MOaNHB3HjsR7b084JnXZX+v718rmBJ
p+kJaL45xjdD6dwnc3CQkzoxkFFGkox4hga76zkuZFkx+lpx/WgQS/p+gKVAOJyC
dey/WQFh5H3A6Eifo3kHhEDkWHsCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBT0wc7D
79tugu55B46eE+RRe2M8GDAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0Mzc4Mi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
pGwwDQYJKoZIhvcNAQELBQADggEBAKmiPIWOkrsqk5Y0F9ri7T03e/ImZ3YTl588
mHU7KMhugW5Qv3bOIY0migpJ1hXMoftCuDdCiNvyOGhChBRrKsZJat8itr+0wrl6
GnW6FiOX7l5AOr1frZPIcmsIEbLT6zZdJZSLBTWroJh9lboz4ozOJUEH2enp5Lac
/GqgtWzOo2lEpoXlDrzvoE1DudMsXIYRa6QzXqZ6mKkT0mPDzLYqGIL/Bzum0AvP
KOnMYrdW7PeN3L7xrEjtwPvnnNRF2bl5bvCSKLw9f1i7x2B7MNFl0kYT19lohC2X
/fvXjTsscmxjtZtUPVBb0+azF7X/sMR+FPTcnnv3SH2qFHq+qWU=
-----END CERTIFICATE-----