Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143833.roa
File:                     AS143833.roa (raw, json)
Hash identifier:          VgBBKQlY7xvr10FIG2lebAGdGkVM/jkWqHth3yU6Id0=
Subject key identifier:   C5:6B:36:45:9E:6D:08:19:02:F9:AC:2F:67:C5:72:7F:A3:05:71:B3
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       71067BFC55789DF1C61649E669EA5E19FA8C349A
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143833.roa
Signing time:             Wed 04 Mar 2026 06:13:42 +0000
ROA not before:           Wed 04 Mar 2026 06:08:42 +0000
ROA not after:            Wed 03 Mar 2027 06:13:42 +0000
asID:                     143833
IP address blocks:        240a:a49f::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            71:06:7b:fc:55:78:9d:f1:c6:16:49:e6:69:ea:5e:19:fa:8c:34:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:08:42 2026 GMT
            Not After : Mar  3 06:13:42 2027 GMT
        Subject: CN=C56B36459E6D081902F9AC2F67C5727FA30571B3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:dc:c1:ce:4c:4d:44:c2:a1:7d:f9:ee:26:f0:
                    d7:12:41:0f:3e:44:ed:77:d0:27:44:5d:8c:8b:83:
                    ba:69:b4:3b:c7:dc:7b:1d:05:bb:aa:52:10:af:0b:
                    54:ea:58:cb:8f:45:9f:04:1b:1c:e3:f6:a7:35:ce:
                    70:00:0a:4d:b5:69:c0:29:61:4e:4e:cb:cf:4d:e4:
                    0d:3e:da:30:27:d6:96:b2:db:7b:7d:79:e9:a0:19:
                    6b:ac:1e:80:ad:20:44:cf:f6:f3:60:44:2e:63:27:
                    47:ef:4b:e1:2f:54:ff:8e:10:92:3c:08:b0:52:c9:
                    eb:f1:d7:a7:68:b3:12:53:db:3a:83:10:2c:a0:14:
                    01:14:0b:38:89:95:d2:88:a6:ee:2e:e1:7d:9c:a1:
                    f6:87:4f:6c:12:22:bf:19:95:28:87:75:ff:37:0c:
                    7c:e4:ed:c4:1b:58:f2:a1:66:15:ba:1f:10:8c:18:
                    34:f2:ab:f7:d9:1e:0e:5c:84:bd:ed:52:7d:90:b6:
                    ae:10:7f:57:14:84:8e:8e:bb:61:42:55:a4:cc:11:
                    43:a9:5b:1c:21:9a:68:9c:d9:f8:f1:06:fc:96:e1:
                    c4:be:83:bf:e2:cc:de:9a:27:c3:00:06:36:44:db:
                    1f:ee:76:8f:4c:75:63:ee:08:99:f3:bc:1c:f5:76:
                    8d:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:6B:36:45:9E:6D:08:19:02:F9:AC:2F:67:C5:72:7F:A3:05:71:B3
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a49f::/32

    Signature Algorithm: sha256WithRSAEncryption
         74:73:d9:80:9b:7b:7e:3f:38:e2:6d:63:90:7f:18:1c:c2:c6:
         57:5c:5c:a9:19:3b:7a:27:e5:06:20:ab:af:12:89:08:9f:b6:
         3c:2e:d5:fc:54:8a:4d:6a:09:18:de:44:4d:8f:0a:76:fc:b6:
         26:c6:0f:30:82:15:23:56:d3:01:7a:8d:0c:82:60:5c:0d:8c:
         71:a0:68:29:ca:73:06:a4:a8:8c:3c:23:f5:67:a9:96:8f:fb:
         16:a9:cd:66:9d:0d:bc:44:29:a6:1c:a5:19:1e:cb:ec:fb:1a:
         58:f1:66:de:25:e4:fa:59:40:51:04:b9:68:37:bc:21:78:47:
         d9:90:79:fd:d4:a6:c2:de:3e:24:c4:42:eb:a8:3e:08:d8:3a:
         d8:23:9a:e6:d7:98:32:0b:ff:45:9c:51:86:76:ab:e0:6b:f4:
         58:3b:21:e8:6a:c3:9a:2e:1b:54:18:f5:79:70:0f:a6:fc:8f:
         90:f9:92:13:9b:3b:83:c3:14:66:59:1a:67:d3:40:1c:d8:dd:
         d4:de:1f:26:fb:b1:6d:ef:c8:bd:85:90:5e:a5:3b:44:9a:e7:
         6e:3d:80:a6:40:2b:dc:80:a7:9a:18:4c:1f:11:c6:48:a6:10:
         63:d9:75:54:bc:f6:71:22:64:d7:60:a7:86:7d:06:7f:e7:01:
         5e:93:43:e8
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUcQZ7/FV4nfHGFknmaepeGfqMNJowDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDg0MloX
DTI3MDMwMzA2MTM0MlowMzExMC8GA1UEAxMoQzU2QjM2NDU5RTZEMDgxOTAyRjlB
QzJGNjdDNTcyN0ZBMzA1NzFCMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMLcwc5MTUTCoX357ibw1xJBDz5E7XfQJ0RdjIuDumm0O8fcex0Fu6pSEK8L
VOpYy49FnwQbHOP2pzXOcAAKTbVpwClhTk7Lz03kDT7aMCfWlrLbe3156aAZa6we
gK0gRM/282BELmMnR+9L4S9U/44QkjwIsFLJ6/HXp2izElPbOoMQLKAUARQLOImV
0oim7i7hfZyh9odPbBIivxmVKId1/zcMfOTtxBtY8qFmFbofEIwYNPKr99keDlyE
ve1SfZC2rhB/VxSEjo67YUJVpMwRQ6lbHCGaaJzZ+PEG/JbhxL6Dv+LM3ponwwAG
NkTbH+52j0x1Y+4ImfO8HPV2jS0CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBTFazZF
nm0IGQL5rC9nxXJ/owVxszAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MzgzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
pJ8wDQYJKoZIhvcNAQELBQADggEBAHRz2YCbe34/OOJtY5B/GBzCxldcXKkZO3on
5QYgq68SiQiftjwu1fxUik1qCRjeRE2PCnb8tibGDzCCFSNW0wF6jQyCYFwNjHGg
aCnKcwakqIw8I/VnqZaP+xapzWadDbxEKaYcpRkey+z7GljxZt4l5PpZQFEEuWg3
vCF4R9mQef3UpsLePiTEQuuoPgjYOtgjmubXmDIL/0WcUYZ2q+Br9Fg7Iehqw5ou
G1QY9XlwD6b8j5D5khObO4PDFGZZGmfTQBzY3dTeHyb7sW3vyL2FkF6lO0Sa5249
gKZAK9yAp5oYTB8RxkimEGPZdVS89nEiZNdgp4Z9Bn/nAV6TQ+g=
-----END CERTIFICATE-----