Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143850.roa
File:                     AS143850.roa (raw, json)
Hash identifier:          8txjdoC/12EZsE4EfdToTbuTW49i3/t60IaPzAEosQM=
Subject key identifier:   9F:3F:DD:17:50:DE:FF:DD:B9:D4:F7:C7:8B:1E:FB:B8:01:15:2D:11
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       5A211B49E15B138E2F0411D95F16FED4E04FA47C
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143850.roa
Signing time:             Wed 04 Mar 2026 06:13:29 +0000
ROA not before:           Wed 04 Mar 2026 06:08:29 +0000
ROA not after:            Wed 03 Mar 2027 06:13:29 +0000
asID:                     143850
IP address blocks:        240a:a4b0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5a:21:1b:49:e1:5b:13:8e:2f:04:11:d9:5f:16:fe:d4:e0:4f:a4:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:08:29 2026 GMT
            Not After : Mar  3 06:13:29 2027 GMT
        Subject: CN=9F3FDD1750DEFFDDB9D4F7C78B1EFBB801152D11
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:c7:b9:7b:6d:1c:2e:25:5f:b3:c8:3c:f1:68:
                    f2:af:8f:6c:63:eb:44:71:ca:2a:52:e3:32:f1:4f:
                    95:6c:4e:5f:64:a0:74:18:2a:d2:64:ef:07:2a:61:
                    be:df:7e:f4:cd:11:f1:63:cb:89:4d:91:7e:cd:f6:
                    7d:cf:ea:56:31:d0:b9:dc:8f:2c:61:46:e2:c4:fb:
                    25:57:4e:d2:24:05:ae:7a:d0:00:cc:1c:13:be:11:
                    98:fd:ca:46:1c:e0:f7:f9:87:9e:3c:31:78:6a:21:
                    45:1a:d2:ad:9a:a8:16:bf:1b:70:e1:4a:91:75:81:
                    14:80:fa:61:3e:b5:5c:b2:f3:25:46:25:ca:9e:a6:
                    a7:2c:88:21:7e:d3:01:98:5c:38:9f:9d:d8:b4:25:
                    d9:5d:3c:2d:db:5e:a5:62:d2:12:ff:30:61:dd:7e:
                    6e:b9:18:26:c1:db:85:04:90:db:ca:4d:f7:9e:95:
                    b0:86:0d:29:a2:80:03:32:c4:42:79:2f:af:27:1c:
                    14:6b:b5:64:92:6c:4b:86:f6:1d:f9:0d:bb:b8:cd:
                    fb:e3:b0:5e:42:d3:9e:0e:79:0b:53:91:53:9e:65:
                    f3:e1:cd:2d:f6:28:1b:ae:e6:b0:af:8a:b3:a7:11:
                    67:f7:dc:ec:05:7e:c6:23:cb:44:49:0c:df:56:57:
                    aa:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:3F:DD:17:50:DE:FF:DD:B9:D4:F7:C7:8B:1E:FB:B8:01:15:2D:11
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143850.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a4b0::/32

    Signature Algorithm: sha256WithRSAEncryption
         55:38:33:02:c7:aa:8c:30:19:fd:33:d2:2e:a7:5c:b8:d3:8f:
         ed:5b:ae:44:df:e8:19:7d:e8:d6:66:1f:10:d8:b4:91:ea:a1:
         35:6b:69:71:f6:4b:89:8a:02:27:5f:10:05:59:9e:59:a7:98:
         28:f0:2a:ad:40:d9:0b:55:af:94:ee:78:4a:ae:a8:b7:84:b3:
         6e:ca:6c:b2:4c:8c:88:13:21:8a:96:0b:61:47:86:0e:14:62:
         bb:86:c1:b3:5a:34:54:63:db:8c:7c:26:ed:88:c7:74:82:47:
         d4:b1:e4:65:40:5b:d7:e8:2c:1a:08:dc:3c:55:fc:24:a7:34:
         30:c5:0d:ef:5c:27:00:52:84:48:f6:46:59:77:97:80:08:d8:
         0d:72:09:f3:41:3d:39:b6:03:8a:61:36:86:13:d4:35:4e:6a:
         98:4d:2e:78:03:b1:e2:5e:5b:ad:9e:83:d7:51:86:14:d0:38:
         d7:99:69:e9:9a:d2:96:10:63:57:fc:95:28:41:b3:44:4a:9a:
         3b:12:ff:bf:6d:c2:ee:75:f1:81:41:01:c4:a3:25:81:e2:67:
         fe:05:3c:44:fa:89:b3:fc:6a:81:2f:a6:68:f2:8e:1e:c8:0d:
         ee:0b:a8:1b:21:e5:7f:fc:9b:b7:5d:d2:fe:4a:cd:71:88:40:
         4f:67:4d:29
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUWiEbSeFbE44vBBHZXxb+1OBPpHwwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDgyOVoX
DTI3MDMwMzA2MTMyOVowMzExMC8GA1UEAxMoOUYzRkREMTc1MERFRkZEREI5RDRG
N0M3OEIxRUZCQjgwMTE1MkQxMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKHHuXttHC4lX7PIPPFo8q+PbGPrRHHKKlLjMvFPlWxOX2SgdBgq0mTvByph
vt9+9M0R8WPLiU2Rfs32fc/qVjHQudyPLGFG4sT7JVdO0iQFrnrQAMwcE74RmP3K
Rhzg9/mHnjwxeGohRRrSrZqoFr8bcOFKkXWBFID6YT61XLLzJUYlyp6mpyyIIX7T
AZhcOJ+d2LQl2V08LdtepWLSEv8wYd1+brkYJsHbhQSQ28pN956VsIYNKaKAAzLE
QnkvryccFGu1ZJJsS4b2HfkNu7jN++OwXkLTng55C1ORU55l8+HNLfYoG67msK+K
s6cRZ/fc7AV+xiPLREkM31ZXqs8CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBSfP90X
UN7/3bnU98eLHvu4ARUtETAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0Mzg1MC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
pLAwDQYJKoZIhvcNAQELBQADggEBAFU4MwLHqowwGf0z0i6nXLjTj+1brkTf6Bl9
6NZmHxDYtJHqoTVraXH2S4mKAidfEAVZnlmnmCjwKq1A2QtVr5TueEquqLeEs27K
bLJMjIgTIYqWC2FHhg4UYruGwbNaNFRj24x8Ju2Ix3SCR9Sx5GVAW9foLBoI3DxV
/CSnNDDFDe9cJwBShEj2Rll3l4AI2A1yCfNBPTm2A4phNoYT1DVOaphNLngDseJe
W62eg9dRhhTQONeZaema0pYQY1f8lShBs0RKmjsS/79twu518YFBAcSjJYHiZ/4F
PET6ibP8aoEvpmjyjh7IDe4LqBsh5X/8m7dd0v5KzXGIQE9nTSk=
-----END CERTIFICATE-----