Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143851.roa
File:                     AS143851.roa (raw, json)
Hash identifier:          +j+jpMQ/NyAANuupcoYMFddoaNFjckgQiIBT+jGfF8w=
Subject key identifier:   9A:B0:FB:4B:53:0F:F4:C9:00:19:14:81:19:E6:F7:23:6D:39:EB:E5
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       2F854B1469C793DE1A12D79B7F69FBA95CF246A3
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143851.roa
Signing time:             Wed 04 Mar 2026 06:14:59 +0000
ROA not before:           Wed 04 Mar 2026 06:09:59 +0000
ROA not after:            Wed 03 Mar 2027 06:14:59 +0000
asID:                     143851
IP address blocks:        240a:a4b1::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2f:85:4b:14:69:c7:93:de:1a:12:d7:9b:7f:69:fb:a9:5c:f2:46:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:09:59 2026 GMT
            Not After : Mar  3 06:14:59 2027 GMT
        Subject: CN=9AB0FB4B530FF4C90019148119E6F7236D39EBE5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:dc:fb:79:9f:b7:4f:c9:74:9b:b8:a2:b0:8b:
                    51:15:e6:22:92:93:d7:1d:26:ff:71:a6:b0:1c:33:
                    c5:4f:08:a8:5f:f2:4a:a5:01:f8:2c:df:65:d6:d3:
                    81:24:6d:ea:e0:60:3a:1d:59:fd:2c:62:5d:37:64:
                    89:cd:91:69:e6:7b:ac:58:81:cb:ed:40:35:7a:c5:
                    c2:44:73:5a:d7:d5:c8:f1:1c:97:78:4b:89:40:c0:
                    16:d5:f6:25:a9:9b:61:f8:9f:f2:c4:cd:86:e9:68:
                    52:ad:c0:90:08:7e:93:b9:ca:90:bf:17:7e:61:3d:
                    a4:7d:77:95:48:9a:2f:c0:e3:61:8b:07:b8:6a:ae:
                    06:38:63:c4:38:85:8d:d7:30:01:d1:0b:84:9e:9d:
                    55:65:d7:32:1a:36:c6:86:02:cd:12:a2:cb:77:35:
                    9c:d5:6f:de:5c:a6:69:43:78:6a:be:99:ce:e6:cf:
                    05:82:19:64:72:a4:70:26:cb:f2:5d:a3:c2:2a:77:
                    af:16:54:ae:e7:3b:46:1f:0a:f0:32:04:c3:cb:3e:
                    6e:e0:2a:bf:8e:fb:16:74:62:fc:82:73:65:b9:99:
                    4a:23:ed:2b:89:d3:db:db:e0:4b:35:39:0c:74:0d:
                    fb:8c:3b:6a:c8:46:a6:d3:c6:3c:4a:d4:ef:87:a9:
                    c3:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:B0:FB:4B:53:0F:F4:C9:00:19:14:81:19:E6:F7:23:6D:39:EB:E5
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143851.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a4b1::/32

    Signature Algorithm: sha256WithRSAEncryption
         64:55:b7:0e:01:5a:93:80:f6:d1:76:1c:d0:cb:6f:09:26:8d:
         d0:1c:24:e3:2e:b7:5a:e0:d4:f0:6f:18:ca:3b:aa:f3:f6:bd:
         d9:c8:e7:de:8a:25:08:ca:ab:fd:a8:fb:92:fc:1f:7d:9d:f4:
         36:cd:2e:4f:0b:f5:1e:62:1a:f8:a3:3b:3d:d7:10:b2:65:a1:
         41:ee:ff:40:06:5a:79:9c:43:72:25:62:3c:bf:01:89:18:f0:
         9e:c8:ed:d4:e5:03:40:3b:17:ac:2b:88:75:7d:4a:e5:d0:1d:
         78:d0:84:fe:46:f1:fa:ab:ef:ed:68:b4:44:f7:65:e5:dc:0b:
         4d:5c:95:0f:c9:ac:a1:68:e4:89:52:c8:c3:b7:9c:e4:ed:6b:
         90:07:76:ab:68:c5:e1:0f:2d:b3:78:93:e7:20:d1:52:58:eb:
         f6:7c:8d:13:26:5d:7c:95:4d:83:02:2c:b4:f9:47:3a:74:78:
         a5:f2:93:5c:db:9c:a4:63:66:2b:72:a5:b7:84:bb:1e:cb:d3:
         0d:43:07:21:15:ed:9b:c4:36:aa:b8:38:f6:71:e2:b1:66:94:
         3c:1f:7b:e7:f4:c9:29:d3:61:a0:59:8b:34:2a:0e:d7:f7:68:
         58:22:19:3c:38:94:93:03:ee:e4:1c:ee:c1:38:47:89:de:b4:
         ae:7d:65:88
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUL4VLFGnHk94aEtebf2n7qVzyRqMwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDk1OVoX
DTI3MDMwMzA2MTQ1OVowMzExMC8GA1UEAxMoOUFCMEZCNEI1MzBGRjRDOTAwMTkx
NDgxMTlFNkY3MjM2RDM5RUJFNTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOTc+3mft0/JdJu4orCLURXmIpKT1x0m/3GmsBwzxU8IqF/ySqUB+CzfZdbT
gSRt6uBgOh1Z/SxiXTdkic2RaeZ7rFiBy+1ANXrFwkRzWtfVyPEcl3hLiUDAFtX2
JambYfif8sTNhuloUq3AkAh+k7nKkL8XfmE9pH13lUiaL8DjYYsHuGquBjhjxDiF
jdcwAdELhJ6dVWXXMho2xoYCzRKiy3c1nNVv3lymaUN4ar6ZzubPBYIZZHKkcCbL
8l2jwip3rxZUruc7Rh8K8DIEw8s+buAqv477FnRi/IJzZbmZSiPtK4nT29vgSzU5
DHQN+4w7ashGptPGPErU74epw9ECAwEAAaOCAcUwggHBMB0GA1UdDgQWBBSasPtL
Uw/0yQAZFIEZ5vcjbTnr5TAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0Mzg1MS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
pLEwDQYJKoZIhvcNAQELBQADggEBAGRVtw4BWpOA9tF2HNDLbwkmjdAcJOMut1rg
1PBvGMo7qvP2vdnI596KJQjKq/2o+5L8H32d9DbNLk8L9R5iGvijOz3XELJloUHu
/0AGWnmcQ3IlYjy/AYkY8J7I7dTlA0A7F6wriHV9SuXQHXjQhP5G8fqr7+1otET3
ZeXcC01clQ/JrKFo5IlSyMO3nOTta5AHdqtoxeEPLbN4k+cg0VJY6/Z8jRMmXXyV
TYMCLLT5Rzp0eKXyk1zbnKRjZitypbeEux7L0w1DByEV7ZvENqq4OPZx4rFmlDwf
e+f0ySnTYaBZizQqDtf3aFgiGTw4lJMD7uQc7sE4R4netK59ZYg=
-----END CERTIFICATE-----