Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143832.roa
File:                     AS143832.roa (raw, json)
Hash identifier:          6vTKa7omsgpgh+vkQe42YrBHSyRVIjePC5aVYkgO/qE=
Subject key identifier:   8D:31:00:5F:28:21:2A:F2:E2:AE:99:D2:B2:47:A8:7C:F4:78:B0:9C
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       26553FE320F269B6FAC6C5B6D781DD949DE577BF
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143832.roa
Signing time:             Wed 04 Mar 2026 06:15:23 +0000
ROA not before:           Wed 04 Mar 2026 06:10:23 +0000
ROA not after:            Wed 03 Mar 2027 06:15:23 +0000
asID:                     143832
IP address blocks:        240a:a49e::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            26:55:3f:e3:20:f2:69:b6:fa:c6:c5:b6:d7:81:dd:94:9d:e5:77:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:10:23 2026 GMT
            Not After : Mar  3 06:15:23 2027 GMT
        Subject: CN=8D31005F28212AF2E2AE99D2B247A87CF478B09C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:a2:5c:04:08:c6:6d:83:1c:73:fd:e7:17:e8:
                    03:8d:8e:57:6c:3e:a9:7a:86:28:a2:51:eb:23:49:
                    09:11:3d:4c:05:57:42:f7:45:ad:31:5b:27:09:73:
                    8a:4f:63:00:97:e2:9e:58:6a:3a:3f:be:93:c5:79:
                    dc:55:1a:7d:dc:72:e4:a0:4d:e1:7c:0a:0a:a2:b8:
                    7f:c6:59:28:33:dd:ae:e2:4d:68:97:17:0e:22:ec:
                    b5:1d:de:7a:35:84:68:50:a8:3b:50:05:1f:2e:8e:
                    63:f0:1e:95:54:ab:df:e6:d9:c0:27:a9:d4:e3:c9:
                    8c:fe:c6:99:be:f3:20:2b:b1:e6:ca:90:44:0e:7d:
                    7c:88:41:2f:1f:a6:7f:88:b4:cb:34:99:5e:a1:3b:
                    7b:46:5b:36:70:22:09:c4:ae:2c:38:cc:4c:8d:f4:
                    1a:9f:45:07:09:a0:45:a9:ac:31:08:1f:63:7a:64:
                    dc:8d:a8:4f:07:32:96:6f:fb:08:9d:8b:14:39:9b:
                    2e:41:87:94:7c:87:21:2b:ce:25:e2:09:ff:f9:a4:
                    49:12:3b:6c:70:9b:87:e4:f5:c2:35:32:91:c7:00:
                    82:77:5a:43:15:7a:df:90:96:c9:48:aa:0f:fb:6f:
                    27:0b:da:73:9e:8d:11:ae:d5:70:bc:8e:d6:43:0c:
                    6a:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:31:00:5F:28:21:2A:F2:E2:AE:99:D2:B2:47:A8:7C:F4:78:B0:9C
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143832.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a49e::/32

    Signature Algorithm: sha256WithRSAEncryption
         7e:f6:2a:99:97:6d:51:c0:ca:34:57:94:06:1d:67:56:5d:29:
         34:80:73:89:98:94:cf:21:c3:41:b3:e2:35:85:cd:a8:c9:e1:
         8e:03:4f:60:fd:71:2c:49:0a:d7:50:30:03:e9:60:5c:a9:82:
         60:0d:92:eb:4f:a2:1a:d1:a6:d9:bb:bc:ed:3a:9d:d0:0c:ca:
         93:8a:fe:d9:94:a4:4d:53:9c:fc:4b:eb:e5:c4:6e:c2:80:9b:
         22:7b:7d:cd:91:5c:9d:33:fb:03:03:ba:9d:a0:cc:ee:30:99:
         d6:9f:42:e8:0f:9d:d0:73:fb:52:d3:16:3a:91:c1:a5:0b:38:
         db:e4:84:4e:09:63:81:8c:0b:b1:d6:e8:f3:ba:50:c6:9e:25:
         ec:53:6d:4d:ee:64:0a:14:09:07:62:07:38:52:85:23:11:62:
         87:4f:2d:ca:24:1a:ee:9b:0d:9a:fa:7b:39:ca:a2:05:2b:68:
         97:9d:79:b9:f8:bb:76:ea:f2:00:1a:a0:7d:29:a5:5f:64:71:
         3b:70:0d:31:36:13:42:ec:6b:a8:ba:21:1f:9a:a7:07:ef:a0:
         e0:71:cd:72:37:0d:69:88:8d:64:a3:4e:6e:d3:84:df:e3:d9:
         ee:22:e1:2b:af:5e:73:c7:96:19:e2:8c:c5:96:f8:65:97:7a:
         ba:bb:96:b8
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUJlU/4yDyabb6xsW214HdlJ3ld78wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTAyM1oX
DTI3MDMwMzA2MTUyM1owMzExMC8GA1UEAxMoOEQzMTAwNUYyODIxMkFGMkUyQUU5
OUQyQjI0N0E4N0NGNDc4QjA5QzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJSiXAQIxm2DHHP95xfoA42OV2w+qXqGKKJR6yNJCRE9TAVXQvdFrTFbJwlz
ik9jAJfinlhqOj++k8V53FUafdxy5KBN4XwKCqK4f8ZZKDPdruJNaJcXDiLstR3e
ejWEaFCoO1AFHy6OY/AelVSr3+bZwCep1OPJjP7Gmb7zICux5sqQRA59fIhBLx+m
f4i0yzSZXqE7e0ZbNnAiCcSuLDjMTI30Gp9FBwmgRamsMQgfY3pk3I2oTwcylm/7
CJ2LFDmbLkGHlHyHISvOJeIJ//mkSRI7bHCbh+T1wjUykccAgndaQxV635CWyUiq
D/tvJwvac56NEa7VcLyO1kMMan0CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBSNMQBf
KCEq8uKumdKyR6h89HiwnDAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MzgzMi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
pJ4wDQYJKoZIhvcNAQELBQADggEBAH72KpmXbVHAyjRXlAYdZ1ZdKTSAc4mYlM8h
w0Gz4jWFzajJ4Y4DT2D9cSxJCtdQMAPpYFypgmANkutPohrRptm7vO06ndAMypOK
/tmUpE1TnPxL6+XEbsKAmyJ7fc2RXJ0z+wMDup2gzO4wmdafQugPndBz+1LTFjqR
waULONvkhE4JY4GMC7HW6PO6UMaeJexTbU3uZAoUCQdiBzhShSMRYodPLcokGu6b
DZr6eznKogUraJedebn4u3bq8gAaoH0ppV9kcTtwDTE2E0Lsa6i6IR+apwfvoOBx
zXI3DWmIjWSjTm7ThN/j2e4i4SuvXnPHlhnijMWW+GWXerq7lrg=
-----END CERTIFICATE-----