Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143831.roa
File:                     AS143831.roa (raw, json)
Hash identifier:          D6HTGGK4LLuijx2nko6Z2jyXA8o4IAc9EpTRIRkxv14=
Subject key identifier:   9A:0D:4F:78:E5:66:4D:EB:45:3F:79:A2:A6:76:67:FD:E6:13:DD:2F
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       01BB35774FA8FECFA49E1A9135BF77F21710441E
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143831.roa
Signing time:             Wed 04 Mar 2026 06:14:40 +0000
ROA not before:           Wed 04 Mar 2026 06:09:40 +0000
ROA not after:            Wed 03 Mar 2027 06:14:40 +0000
asID:                     143831
IP address blocks:        240a:a49d::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:bb:35:77:4f:a8:fe:cf:a4:9e:1a:91:35:bf:77:f2:17:10:44:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:09:40 2026 GMT
            Not After : Mar  3 06:14:40 2027 GMT
        Subject: CN=9A0D4F78E5664DEB453F79A2A67667FDE613DD2F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:8b:25:af:d0:9d:b3:b4:dd:1e:fa:dc:47:ee:
                    49:b9:af:07:cb:db:63:8c:9d:a7:11:c6:bc:e5:ff:
                    21:e8:03:f1:4b:b0:1a:49:75:94:f0:74:c5:98:71:
                    8d:04:60:ab:10:b4:51:17:13:6c:5f:6a:ec:2c:d4:
                    c1:22:37:dd:28:05:2f:5b:09:b2:7d:89:e4:3b:90:
                    05:1e:b7:60:11:c5:1b:05:95:5b:04:78:ca:f4:2d:
                    f5:43:50:00:19:ba:05:43:ff:02:96:f8:4a:bc:d1:
                    d9:a3:c8:13:b4:87:58:03:ab:dd:fd:36:aa:52:4a:
                    7b:98:3a:6f:ac:f3:07:cf:3e:e5:ec:c6:4d:55:94:
                    3d:b3:56:89:09:37:b4:af:4d:10:ac:8a:39:f5:35:
                    06:d6:7a:6e:53:e0:7d:86:31:60:a3:75:c6:f5:80:
                    46:69:d7:ba:b7:6e:1f:5b:50:6a:8f:00:5b:89:2c:
                    bc:5c:83:9b:44:c8:b1:ca:7d:52:56:2b:e3:90:d4:
                    3f:00:f5:a0:87:1c:8c:7b:1b:ae:f8:09:b6:88:58:
                    6d:69:08:c2:d2:5f:f2:0d:e9:63:95:7d:21:7b:8b:
                    de:e0:1a:ed:a8:48:d3:05:fd:ba:bf:2e:42:37:63:
                    c1:d1:81:e7:ab:f7:e9:47:7a:3a:82:d2:9f:76:3e:
                    95:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:0D:4F:78:E5:66:4D:EB:45:3F:79:A2:A6:76:67:FD:E6:13:DD:2F
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143831.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a49d::/32

    Signature Algorithm: sha256WithRSAEncryption
         9b:11:be:b7:5c:de:d3:cc:29:6c:c9:75:d0:80:be:21:d9:04:
         04:8c:f6:d8:79:c9:67:74:7e:19:ac:f8:fe:5b:6f:b8:bf:d0:
         d5:fd:fb:f0:ec:24:9e:2f:ce:00:22:20:7b:da:08:43:61:ef:
         27:3c:bd:86:bf:4e:0d:1d:19:46:7a:1e:31:fd:ee:0e:ce:6a:
         82:38:c7:62:2b:ef:98:2c:90:f4:5a:e5:b3:22:00:3b:1c:ed:
         ac:a2:83:27:4c:18:14:cd:d0:ae:22:8b:c9:0b:9b:3f:1a:c1:
         a4:5e:50:52:43:90:22:5b:99:24:2e:ff:0e:8c:53:e8:15:86:
         95:a5:de:74:61:34:fb:39:ab:9c:d0:f9:28:23:88:0e:fa:1e:
         c2:9b:57:62:2b:2b:09:ac:d5:93:0c:72:1d:2c:ae:6c:ff:c7:
         8f:a8:52:b7:fd:63:5a:13:08:0a:3a:94:7b:3e:9d:85:03:c5:
         e2:39:f3:bc:bb:c2:c4:02:e4:6d:58:a6:cc:ea:99:64:0b:f6:
         17:ec:11:df:a3:25:06:e4:3b:87:3e:1e:8d:e4:87:dd:b5:c4:
         b1:49:8e:d5:e3:1c:f7:a1:dd:46:e4:75:e2:5c:c5:97:e9:e8:
         ce:fa:0f:b9:b9:ea:cf:b0:da:bc:67:56:d1:af:a1:e8:d3:52:
         69:1f:67:de
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUAbs1d0+o/s+knhqRNb938hcQRB4wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDk0MFoX
DTI3MDMwMzA2MTQ0MFowMzExMC8GA1UEAxMoOUEwRDRGNzhFNTY2NERFQjQ1M0Y3
OUEyQTY3NjY3RkRFNjEzREQyRjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMeLJa/QnbO03R763EfuSbmvB8vbY4ydpxHGvOX/IegD8UuwGkl1lPB0xZhx
jQRgqxC0URcTbF9q7CzUwSI33SgFL1sJsn2J5DuQBR63YBHFGwWVWwR4yvQt9UNQ
ABm6BUP/Apb4SrzR2aPIE7SHWAOr3f02qlJKe5g6b6zzB88+5ezGTVWUPbNWiQk3
tK9NEKyKOfU1BtZ6blPgfYYxYKN1xvWARmnXurduH1tQao8AW4ksvFyDm0TIscp9
UlYr45DUPwD1oIccjHsbrvgJtohYbWkIwtJf8g3pY5V9IXuL3uAa7ahI0wX9ur8u
QjdjwdGB56v36Ud6OoLSn3Y+lQMCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBSaDU94
5WZN60U/eaKmdmf95hPdLzAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MzgzMS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
pJ0wDQYJKoZIhvcNAQELBQADggEBAJsRvrdc3tPMKWzJddCAviHZBASM9th5yWd0
fhms+P5bb7i/0NX9+/DsJJ4vzgAiIHvaCENh7yc8vYa/Tg0dGUZ6HjH97g7OaoI4
x2Ir75gskPRa5bMiADsc7ayigydMGBTN0K4ii8kLmz8awaReUFJDkCJbmSQu/w6M
U+gVhpWl3nRhNPs5q5zQ+SgjiA76HsKbV2IrKwms1ZMMch0srmz/x4+oUrf9Y1oT
CAo6lHs+nYUDxeI587y7wsQC5G1YpszqmWQL9hfsEd+jJQbkO4c+Ho3kh921xLFJ
jtXjHPeh3UbkdeJcxZfp6M76D7m56s+w2rxnVtGvoejTUmkfZ94=
-----END CERTIFICATE-----