Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143826.roa
File:                     AS143826.roa (raw, json)
Hash identifier:          TtXQkSqnLRolnLLLNs794+LCnbx21JmTM9P6h3ewem4=
Subject key identifier:   66:DA:D5:E5:4A:CD:E1:81:EB:54:E8:ED:8C:6B:D2:E9:D8:00:81:F9
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       1C945F2DB2788E7F0A10BB21B58CBB921FA2B97B
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143826.roa
Signing time:             Wed 04 Mar 2026 06:13:08 +0000
ROA not before:           Wed 04 Mar 2026 06:08:08 +0000
ROA not after:            Wed 03 Mar 2027 06:13:08 +0000
asID:                     143826
IP address blocks:        240a:a498::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1c:94:5f:2d:b2:78:8e:7f:0a:10:bb:21:b5:8c:bb:92:1f:a2:b9:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:08:08 2026 GMT
            Not After : Mar  3 06:13:08 2027 GMT
        Subject: CN=66DAD5E54ACDE181EB54E8ED8C6BD2E9D80081F9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:e0:25:f5:a7:4b:c3:75:92:a9:dc:7d:db:2c:
                    48:11:85:4d:26:c3:1e:0b:4b:d0:9e:e5:0b:63:ff:
                    73:c7:76:a1:c1:57:dc:46:c1:ba:b1:2c:fe:60:6f:
                    c7:46:dc:90:77:00:fe:0c:5f:ad:51:e3:7e:0f:c4:
                    07:a4:d9:7a:12:04:97:21:a7:d0:14:a2:bd:9d:11:
                    c2:ff:f1:43:f6:8c:45:dd:ee:9d:64:be:25:e7:82:
                    ec:4e:79:1e:2f:ea:2e:b9:02:0a:bd:48:d3:9c:da:
                    81:e2:62:2d:78:89:55:1f:4e:48:1c:74:56:92:00:
                    9c:ca:eb:56:ce:64:bc:20:01:7a:7c:30:5f:4a:22:
                    8a:2b:e6:d2:da:e7:a5:c7:04:da:77:43:36:6c:5f:
                    0e:57:ac:15:ec:df:f3:83:96:c2:e7:14:4e:5a:97:
                    ee:58:66:5c:5c:f9:13:7d:68:4c:a3:ac:38:7e:b4:
                    71:f6:c3:c0:f3:ca:c5:c0:fd:bf:ac:af:ef:7a:9c:
                    37:de:76:f0:80:b2:84:99:8b:61:77:31:57:d4:fa:
                    96:17:ca:c4:ab:e6:3b:44:53:87:da:42:80:bb:ba:
                    67:09:43:32:42:24:00:fa:a3:eb:20:a8:69:5f:23:
                    e2:61:c7:4a:f6:41:13:6f:eb:97:63:70:45:09:ce:
                    72:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:DA:D5:E5:4A:CD:E1:81:EB:54:E8:ED:8C:6B:D2:E9:D8:00:81:F9
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143826.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a498::/32

    Signature Algorithm: sha256WithRSAEncryption
         a9:1d:10:f5:a6:cb:32:1e:0c:e8:35:fc:8c:34:0f:cc:66:e7:
         bf:09:44:72:0f:c0:70:3b:ac:3e:08:35:fc:45:e6:34:e5:46:
         de:47:39:fb:ee:6f:58:21:c4:4e:c2:d5:b6:50:2b:e9:10:be:
         37:b5:55:ba:6b:07:ee:db:30:97:4d:3d:c3:ae:47:73:52:67:
         7f:11:87:45:51:58:80:89:03:49:cc:9a:a6:29:49:a8:96:ce:
         de:b9:8e:85:70:27:a9:42:c9:f3:de:f3:37:d0:28:6c:d4:e0:
         e6:12:53:c6:70:25:60:57:ed:e2:7c:96:5c:fd:03:e9:44:f0:
         58:38:12:f6:8c:44:21:79:97:61:29:73:90:77:f6:2d:13:37:
         2c:5a:03:02:e6:b2:4b:38:80:e6:e7:f8:ab:59:c8:64:b1:61:
         a6:47:65:bd:ee:75:77:c5:68:00:9a:a0:2a:ca:98:9f:35:b6:
         a8:39:22:b4:d9:1f:63:58:5d:6b:69:e9:f2:d2:42:0f:55:2f:
         83:53:6e:64:75:0e:63:6a:07:99:6b:6d:6a:32:9e:7d:68:b4:
         34:ed:77:d2:4b:84:b4:5d:19:8c:6e:ff:4c:60:2a:52:7d:6a:
         6f:db:e7:f9:3b:34:74:cc:2e:3a:bc:04:86:d4:16:a0:66:ae:
         5d:1f:00:cf
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUHJRfLbJ4jn8KELshtYy7kh+iuXswDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDgwOFoX
DTI3MDMwMzA2MTMwOFowMzExMC8GA1UEAxMoNjZEQUQ1RTU0QUNERTE4MUVCNTRF
OEVEOEM2QkQyRTlEODAwODFGOTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALjgJfWnS8N1kqncfdssSBGFTSbDHgtL0J7lC2P/c8d2ocFX3EbBurEs/mBv
x0bckHcA/gxfrVHjfg/EB6TZehIElyGn0BSivZ0Rwv/xQ/aMRd3unWS+JeeC7E55
Hi/qLrkCCr1I05zageJiLXiJVR9OSBx0VpIAnMrrVs5kvCABenwwX0oiiivm0trn
pccE2ndDNmxfDlesFezf84OWwucUTlqX7lhmXFz5E31oTKOsOH60cfbDwPPKxcD9
v6yv73qcN9528ICyhJmLYXcxV9T6lhfKxKvmO0RTh9pCgLu6ZwlDMkIkAPqj6yCo
aV8j4mHHSvZBE2/rl2NwRQnOcoUCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBRm2tXl
Ss3hgetU6O2Ma9Lp2ACB+TAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MzgyNi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
pJgwDQYJKoZIhvcNAQELBQADggEBAKkdEPWmyzIeDOg1/Iw0D8xm578JRHIPwHA7
rD4INfxF5jTlRt5HOfvub1ghxE7C1bZQK+kQvje1VbprB+7bMJdNPcOuR3NSZ38R
h0VRWICJA0nMmqYpSaiWzt65joVwJ6lCyfPe8zfQKGzU4OYSU8ZwJWBX7eJ8llz9
A+lE8Fg4EvaMRCF5l2Epc5B39i0TNyxaAwLmsks4gObn+KtZyGSxYaZHZb3udXfF
aACaoCrKmJ81tqg5IrTZH2NYXWtp6fLSQg9VL4NTbmR1DmNqB5lrbWoynn1otDTt
d9JLhLRdGYxu/0xgKlJ9am/b5/k7NHTMLjq8BIbUFqBmrl0fAM8=
-----END CERTIFICATE-----