Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143837.roa
File:                     AS143837.roa (raw, json)
Hash identifier:          WFDvk2KQp9pVC97KEkwSpCHWE1uQokvKpLCrQrKTKaA=
Subject key identifier:   21:53:26:8F:05:C5:FE:69:14:41:4F:21:D1:30:C3:D1:7C:AA:E2:C7
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       205EA9F3959200968CF9CEF2ED1290C303AA9BF2
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143837.roa
Signing time:             Wed 04 Mar 2026 06:15:36 +0000
ROA not before:           Wed 04 Mar 2026 06:10:36 +0000
ROA not after:            Wed 03 Mar 2027 06:15:36 +0000
asID:                     143837
IP address blocks:        240a:a4a3::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:5e:a9:f3:95:92:00:96:8c:f9:ce:f2:ed:12:90:c3:03:aa:9b:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:10:36 2026 GMT
            Not After : Mar  3 06:15:36 2027 GMT
        Subject: CN=2153268F05C5FE6914414F21D130C3D17CAAE2C7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:69:61:e4:0b:db:54:66:00:0e:44:28:14:cf:
                    bf:0c:d3:47:97:c3:04:a4:8d:eb:a4:12:b3:84:66:
                    95:a0:4f:84:24:65:2e:e9:c5:18:a3:87:98:c3:66:
                    36:1a:c8:9d:f9:4f:2a:52:93:7a:3a:e1:aa:b6:56:
                    43:aa:d6:f0:e0:2c:09:24:31:30:af:99:69:f6:41:
                    e9:83:fc:0c:71:d0:3c:e7:95:99:bd:9c:51:f1:5d:
                    e4:bd:72:75:13:f6:eb:68:47:ba:90:e7:98:cd:5a:
                    87:14:92:69:26:3a:57:54:1d:96:50:f4:4e:8d:3d:
                    93:ef:a7:01:a4:7b:cc:21:d9:6d:f1:c5:94:17:33:
                    a2:e0:1b:6c:78:41:13:d2:4d:12:22:a0:ad:80:82:
                    ac:bf:29:8e:35:46:40:96:63:1b:a6:1c:2e:e8:83:
                    22:83:76:01:b2:ec:fb:2e:6f:ba:f0:82:a2:84:1f:
                    8d:d3:bf:52:0b:a0:19:c1:60:57:0b:f1:74:7f:34:
                    ca:e0:83:71:13:09:88:e8:86:bb:78:b8:4f:a1:13:
                    b3:1d:fa:20:35:b5:a7:f4:d5:41:e9:af:57:27:f1:
                    77:25:e9:b5:d6:ec:50:f7:34:51:38:7a:d2:9b:c1:
                    7d:ba:4c:d5:75:4e:a3:8f:0e:35:ef:d0:9f:ab:71:
                    d5:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:53:26:8F:05:C5:FE:69:14:41:4F:21:D1:30:C3:D1:7C:AA:E2:C7
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a4a3::/32

    Signature Algorithm: sha256WithRSAEncryption
         5a:f8:02:ae:be:05:90:30:ca:32:b1:2b:f6:81:93:57:79:98:
         e3:a8:43:60:c0:45:6d:2e:d4:e2:19:63:c7:97:e4:5a:1b:c4:
         f4:c8:f1:1e:74:2f:ad:e5:6b:70:e8:ed:10:f8:75:b1:06:70:
         2d:e2:0b:d5:f9:8e:c4:41:71:12:cd:af:e8:8d:97:ef:2f:e9:
         ca:e4:38:b9:ed:c4:25:79:07:e6:f9:79:d2:e9:e3:b9:0b:f8:
         61:da:15:73:f0:14:08:1b:ee:a9:8c:86:2c:49:55:1e:53:9f:
         f1:d1:c8:58:f9:64:df:8f:31:68:c9:4e:dd:db:02:93:9d:c9:
         17:90:0b:54:be:8e:58:74:3d:2c:bf:f6:d3:c8:5b:c6:ed:80:
         99:86:0f:ce:8d:5c:9f:7f:e3:59:96:85:ce:b4:06:91:7d:92:
         71:3b:ae:b2:91:4c:da:0b:89:de:c3:0a:c9:55:5d:1b:6b:07:
         22:9e:ed:97:1c:13:b3:d5:9a:74:55:1e:92:3c:55:e8:e6:cb:
         ed:66:35:86:e8:5d:56:18:a7:d7:2d:9c:15:5b:77:30:db:ab:
         90:da:8f:79:f3:a4:26:25:6b:9c:07:e2:8d:5e:13:aa:27:52:
         cb:bd:c1:31:63:bf:db:e0:03:41:a3:d2:06:7e:c8:9b:2a:46:
         88:7b:65:37
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUIF6p85WSAJaM+c7y7RKQwwOqm/IwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTAzNloX
DTI3MDMwMzA2MTUzNlowMzExMC8GA1UEAxMoMjE1MzI2OEYwNUM1RkU2OTE0NDE0
RjIxRDEzMEMzRDE3Q0FBRTJDNzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKZpYeQL21RmAA5EKBTPvwzTR5fDBKSN66QSs4RmlaBPhCRlLunFGKOHmMNm
NhrInflPKlKTejrhqrZWQ6rW8OAsCSQxMK+ZafZB6YP8DHHQPOeVmb2cUfFd5L1y
dRP262hHupDnmM1ahxSSaSY6V1QdllD0To09k++nAaR7zCHZbfHFlBczouAbbHhB
E9JNEiKgrYCCrL8pjjVGQJZjG6YcLuiDIoN2AbLs+y5vuvCCooQfjdO/UgugGcFg
VwvxdH80yuCDcRMJiOiGu3i4T6ETsx36IDW1p/TVQemvVyfxdyXptdbsUPc0UTh6
0pvBfbpM1XVOo48ONe/Qn6tx1ZUCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQhUyaP
BcX+aRRBTyHRMMPRfKrixzAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MzgzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
pKMwDQYJKoZIhvcNAQELBQADggEBAFr4Aq6+BZAwyjKxK/aBk1d5mOOoQ2DARW0u
1OIZY8eX5FobxPTI8R50L63la3Do7RD4dbEGcC3iC9X5jsRBcRLNr+iNl+8v6crk
OLntxCV5B+b5edLp47kL+GHaFXPwFAgb7qmMhixJVR5Tn/HRyFj5ZN+PMWjJTt3b
ApOdyReQC1S+jlh0PSy/9tPIW8btgJmGD86NXJ9/41mWhc60BpF9knE7rrKRTNoL
id7DCslVXRtrByKe7ZccE7PVmnRVHpI8Vejmy+1mNYboXVYYp9ctnBVbdzDbq5Da
j3nzpCYla5wH4o1eE6onUsu9wTFjv9vgA0Gj0gZ+yJsqRoh7ZTc=
-----END CERTIFICATE-----