Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143820.roa
File:                     AS143820.roa (raw, json)
Hash identifier:          DyrdcUPBaIkP9WJozSU+xCzL3vr5ANk4egaCVEmbZiA=
Subject key identifier:   58:B8:8B:81:F3:61:BB:17:ED:83:40:75:8A:D3:F5:CF:7F:E3:0B:70
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       13102A0AD171C09471BBE3907B389C7C0294B326
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143820.roa
Signing time:             Wed 04 Mar 2026 06:13:02 +0000
ROA not before:           Wed 04 Mar 2026 06:08:02 +0000
ROA not after:            Wed 03 Mar 2027 06:13:02 +0000
asID:                     143820
IP address blocks:        240a:a492::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:10:2a:0a:d1:71:c0:94:71:bb:e3:90:7b:38:9c:7c:02:94:b3:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:08:02 2026 GMT
            Not After : Mar  3 06:13:02 2027 GMT
        Subject: CN=58B88B81F361BB17ED8340758AD3F5CF7FE30B70
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:c6:c0:6e:37:82:d0:15:df:73:13:63:93:3c:
                    94:30:25:f8:aa:40:4a:5e:ef:15:ef:12:3b:cb:a8:
                    54:95:2c:6b:77:9e:de:68:5e:e2:b7:6d:61:0c:fe:
                    aa:d5:11:7a:34:e3:48:1f:2e:d1:d5:94:0b:bf:46:
                    22:41:ce:7d:5f:3f:e0:b4:bf:6a:e0:2e:52:41:7e:
                    f6:73:22:08:ef:eb:dc:45:7f:e2:62:cb:23:22:d1:
                    ba:04:a5:9c:1f:87:17:e5:c5:a1:b6:69:f6:c2:f0:
                    57:2e:cc:8d:43:7d:8b:ce:cf:4e:c1:74:04:22:c2:
                    1f:7b:09:26:ee:f8:46:ed:32:38:9b:6c:81:85:5b:
                    1d:e8:21:11:63:8d:0c:95:13:22:86:10:ed:18:d4:
                    e3:89:11:bc:b0:81:44:ee:21:71:5b:ed:a2:9b:b5:
                    09:02:b8:dd:f3:f2:db:af:a5:52:f2:fd:52:30:dd:
                    da:da:60:a0:d1:c7:46:76:3a:c7:9b:b1:ee:cb:f4:
                    ea:a2:9c:ad:97:8d:1f:97:9a:29:4b:98:33:75:ae:
                    4c:2f:fb:30:4d:a4:60:b9:9e:38:f3:5f:b3:ad:72:
                    92:de:31:e7:04:53:1b:8a:e8:3e:3a:2b:10:a6:d1:
                    fd:ce:d4:95:d4:82:98:d8:e2:b3:39:da:a3:dc:1f:
                    fc:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:B8:8B:81:F3:61:BB:17:ED:83:40:75:8A:D3:F5:CF:7F:E3:0B:70
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143820.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a492::/32

    Signature Algorithm: sha256WithRSAEncryption
         5d:bd:70:41:ab:b5:f1:83:9b:19:92:d2:a5:1f:0e:63:ee:a4:
         dd:2a:b9:2b:22:8d:ea:c1:88:ed:61:f1:53:ef:5f:5b:2a:3a:
         f6:a0:c4:35:d8:83:15:63:01:b3:2c:06:af:a5:f5:dc:92:96:
         21:e8:e6:fa:18:5b:af:4a:52:60:4c:22:e5:65:44:25:c3:ff:
         41:3a:05:1d:cc:09:5d:5e:d8:5f:a3:bd:cb:90:64:db:12:84:
         cc:60:d6:48:4e:be:41:64:dd:87:04:d7:f1:37:ef:98:fa:af:
         bd:84:6f:01:f5:91:cf:91:2d:a8:58:34:c3:4a:21:a5:29:9c:
         bc:7c:03:2e:76:5e:de:59:77:81:9b:4d:72:54:b5:49:49:ca:
         f5:c3:dc:1a:cb:a3:77:c3:b4:96:ba:6d:56:63:4a:d9:ac:4b:
         64:76:b4:ff:d3:2e:a2:49:b4:fe:1c:e9:c4:2d:02:f2:d2:bb:
         a9:c7:71:fb:f3:57:4b:74:8f:ea:b1:44:21:2c:91:4e:0d:5e:
         4c:c4:90:43:b0:f0:ea:a1:3a:92:73:f1:e9:dc:2a:67:3f:ac:
         72:a9:93:1b:f4:6b:25:ad:73:91:b5:59:d0:ac:84:66:6e:84:
         4a:66:1e:03:6e:2a:68:66:6e:c2:42:00:41:b3:f9:b3:4f:1a:
         61:7d:19:5d
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUExAqCtFxwJRxu+OQezicfAKUsyYwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDgwMloX
DTI3MDMwMzA2MTMwMlowMzExMC8GA1UEAxMoNThCODhCODFGMzYxQkIxN0VEODM0
MDc1OEFEM0Y1Q0Y3RkUzMEI3MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKjGwG43gtAV33MTY5M8lDAl+KpASl7vFe8SO8uoVJUsa3ee3mhe4rdtYQz+
qtURejTjSB8u0dWUC79GIkHOfV8/4LS/auAuUkF+9nMiCO/r3EV/4mLLIyLRugSl
nB+HF+XFobZp9sLwVy7MjUN9i87PTsF0BCLCH3sJJu74Ru0yOJtsgYVbHeghEWON
DJUTIoYQ7RjU44kRvLCBRO4hcVvtopu1CQK43fPy26+lUvL9UjDd2tpgoNHHRnY6
x5ux7sv06qKcrZeNH5eaKUuYM3WuTC/7ME2kYLmeOPNfs61ykt4x5wRTG4roPjor
EKbR/c7UldSCmNjisznao9wf/E0CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBRYuIuB
82G7F+2DQHWK0/XPf+MLcDAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MzgyMC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
pJIwDQYJKoZIhvcNAQELBQADggEBAF29cEGrtfGDmxmS0qUfDmPupN0quSsijerB
iO1h8VPvX1sqOvagxDXYgxVjAbMsBq+l9dySliHo5voYW69KUmBMIuVlRCXD/0E6
BR3MCV1e2F+jvcuQZNsShMxg1khOvkFk3YcE1/E375j6r72EbwH1kc+RLahYNMNK
IaUpnLx8Ay52Xt5Zd4GbTXJUtUlJyvXD3BrLo3fDtJa6bVZjStmsS2R2tP/TLqJJ
tP4c6cQtAvLSu6nHcfvzV0t0j+qxRCEskU4NXkzEkEOw8OqhOpJz8encKmc/rHKp
kxv0ayWtc5G1WdCshGZuhEpmHgNuKmhmbsJCAEGz+bNPGmF9GV0=
-----END CERTIFICATE-----