Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143825.roa
File:                     AS143825.roa (raw, json)
Hash identifier:          +OnNlXF2JM12Cm6FK9ZnQJJxJv4jL8uXIG1CNEHascY=
Subject key identifier:   0A:40:B8:09:F8:23:74:C6:94:A4:6E:51:68:02:C3:15:D9:AF:14:6D
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       5CC430C4F4563FEFF914F1938E74EC7F13AD139C
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143825.roa
Signing time:             Wed 04 Mar 2026 06:15:35 +0000
ROA not before:           Wed 04 Mar 2026 06:10:35 +0000
ROA not after:            Wed 03 Mar 2027 06:15:35 +0000
asID:                     143825
IP address blocks:        240a:a497::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5c:c4:30:c4:f4:56:3f:ef:f9:14:f1:93:8e:74:ec:7f:13:ad:13:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:10:35 2026 GMT
            Not After : Mar  3 06:15:35 2027 GMT
        Subject: CN=0A40B809F82374C694A46E516802C315D9AF146D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:cc:41:df:06:f9:53:13:75:3b:fc:9e:ac:10:
                    05:6e:40:2e:42:17:40:c3:3e:2c:91:29:77:fa:bb:
                    91:ba:08:12:7a:c5:fe:9b:4d:a3:74:27:b3:33:12:
                    30:b1:56:ac:55:b0:a8:5e:cd:d5:5e:0b:97:4c:df:
                    ae:b7:11:0a:b9:9b:c9:7d:a4:89:f3:12:10:33:58:
                    d6:e1:49:7a:f9:bb:21:50:f3:98:bc:0e:75:14:b6:
                    36:13:b1:e6:d5:d1:05:32:d0:f7:e5:3e:14:6a:e1:
                    ae:de:63:7b:6a:50:ae:25:e3:03:51:00:5d:99:a8:
                    81:b5:4f:d8:42:30:24:f5:6c:06:c8:00:1f:68:d6:
                    e3:85:7b:5e:0a:ed:b5:fd:5c:47:ee:89:68:38:54:
                    d5:86:06:d3:cc:2c:f8:06:a7:18:e9:85:9e:b3:3d:
                    7c:28:8c:6f:5a:06:2a:9f:1f:e1:06:e7:d1:a0:7f:
                    76:55:17:e8:a7:f3:29:ea:d9:cd:bb:d7:6b:23:69:
                    40:e0:f7:24:00:93:cb:b1:05:49:07:72:71:8f:44:
                    74:b3:a4:cc:b2:91:e6:3c:d6:8c:9e:63:9f:08:35:
                    92:b2:f9:f5:20:5e:cd:4e:9c:da:84:c8:89:6d:d0:
                    83:26:fc:eb:d1:1e:e0:17:aa:8a:01:ae:29:69:47:
                    8b:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:40:B8:09:F8:23:74:C6:94:A4:6E:51:68:02:C3:15:D9:AF:14:6D
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143825.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a497::/32

    Signature Algorithm: sha256WithRSAEncryption
         0b:34:b9:86:ba:a8:0b:0c:cb:bf:da:32:b1:35:46:1b:05:b9:
         2c:ec:79:10:d7:cb:7c:aa:c2:07:90:8e:a6:00:1c:d5:cf:5c:
         6c:06:c5:fa:a3:fc:17:33:bb:4f:b1:2f:3e:d3:25:b9:7d:9c:
         b6:7b:f3:d5:82:12:64:4b:be:5f:60:aa:50:34:df:f1:66:c1:
         9a:78:8d:00:40:1a:f0:4a:73:f9:e0:c5:0b:e4:7e:6b:1f:66:
         9d:ce:ef:26:04:eb:b0:fb:e8:50:da:d1:3e:ce:b8:c5:00:13:
         70:4d:4c:c1:91:0f:34:ad:4b:e2:5b:c3:6d:d7:66:bb:d6:c8:
         0e:19:d0:37:b7:2c:67:3e:69:01:40:13:45:37:77:ab:3a:ee:
         8e:90:88:5d:82:ce:33:5b:00:02:1e:ef:e0:7f:2e:6c:90:44:
         41:1c:b1:15:ac:38:91:7d:e9:ce:35:36:43:d0:9d:3d:a9:9a:
         bd:ab:95:89:d4:7f:b8:9f:ce:43:68:69:4a:2b:8f:1d:61:d1:
         c1:c2:8a:21:89:d3:79:00:fb:a6:d0:3a:5a:f2:b4:2d:0d:c6:
         88:fe:df:ce:2a:b2:49:90:e7:1c:09:42:3f:a2:b0:14:d1:8c:
         8a:e1:49:0f:ce:f8:95:f4:6b:20:94:47:8b:49:ff:b2:31:a6:
         f3:99:94:bd
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUXMQwxPRWP+/5FPGTjnTsfxOtE5wwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTAzNVoX
DTI3MDMwMzA2MTUzNVowMzExMC8GA1UEAxMoMEE0MEI4MDlGODIzNzRDNjk0QTQ2
RTUxNjgwMkMzMTVEOUFGMTQ2RDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALjMQd8G+VMTdTv8nqwQBW5ALkIXQMM+LJEpd/q7kboIEnrF/ptNo3QnszMS
MLFWrFWwqF7N1V4Ll0zfrrcRCrmbyX2kifMSEDNY1uFJevm7IVDzmLwOdRS2NhOx
5tXRBTLQ9+U+FGrhrt5je2pQriXjA1EAXZmogbVP2EIwJPVsBsgAH2jW44V7Xgrt
tf1cR+6JaDhU1YYG08ws+AanGOmFnrM9fCiMb1oGKp8f4Qbn0aB/dlUX6KfzKerZ
zbvXayNpQOD3JACTy7EFSQdycY9EdLOkzLKR5jzWjJ5jnwg1krL59SBezU6c2oTI
iW3Qgyb869Ee4BeqigGuKWlHixsCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQKQLgJ
+CN0xpSkblFoAsMV2a8UbTAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MzgyNS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
pJcwDQYJKoZIhvcNAQELBQADggEBAAs0uYa6qAsMy7/aMrE1RhsFuSzseRDXy3yq
wgeQjqYAHNXPXGwGxfqj/Bczu0+xLz7TJbl9nLZ789WCEmRLvl9gqlA03/FmwZp4
jQBAGvBKc/ngxQvkfmsfZp3O7yYE67D76FDa0T7OuMUAE3BNTMGRDzStS+Jbw23X
ZrvWyA4Z0De3LGc+aQFAE0U3d6s67o6QiF2CzjNbAAIe7+B/LmyQREEcsRWsOJF9
6c41NkPQnT2pmr2rlYnUf7ifzkNoaUorjx1h0cHCiiGJ03kA+6bQOlrytC0Nxoj+
384qskmQ5xwJQj+isBTRjIrhSQ/O+JX0ayCUR4tJ/7IxpvOZlL0=
-----END CERTIFICATE-----