Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143856.roa
File:                     AS143856.roa (raw, json)
Hash identifier:          v16f4K9V9DzRX1/1okpUYzGpoC2UMGas7etJWdfYkD4=
Subject key identifier:   43:BD:09:41:F9:77:E8:70:51:8F:E8:E6:AE:B2:68:0D:0E:AA:A2:25
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       330DCF41D4DFE9BB32259267E93C24F91F7BC200
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143856.roa
Signing time:             Wed 04 Mar 2026 06:13:16 +0000
ROA not before:           Wed 04 Mar 2026 06:08:16 +0000
ROA not after:            Wed 03 Mar 2027 06:13:16 +0000
asID:                     143856
IP address blocks:        240a:a4b6::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:0d:cf:41:d4:df:e9:bb:32:25:92:67:e9:3c:24:f9:1f:7b:c2:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:08:16 2026 GMT
            Not After : Mar  3 06:13:16 2027 GMT
        Subject: CN=43BD0941F977E870518FE8E6AEB2680D0EAAA225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:3d:bd:03:cd:4f:85:ca:6c:88:bf:68:5d:da:
                    78:b5:52:4d:23:52:cf:8e:a5:7b:73:aa:96:0b:19:
                    84:04:c4:fb:d6:30:1c:f2:c8:39:77:d5:dd:19:3f:
                    5d:7e:90:98:c5:4f:12:3b:0a:57:68:58:03:47:60:
                    88:fd:73:e9:36:34:61:59:24:39:c2:47:2e:46:4d:
                    95:e1:cc:0c:4a:bb:78:36:0c:17:38:d6:70:ba:22:
                    0e:81:8f:d9:d4:5d:ac:5f:7c:b4:e2:78:6d:c6:d1:
                    2a:9e:d6:7c:a2:31:70:09:8f:bb:29:0e:20:d6:86:
                    62:b8:07:af:9d:97:aa:27:c4:e3:a5:c4:86:78:b4:
                    f3:af:75:ab:60:f2:46:dd:eb:2e:ef:39:3e:89:79:
                    48:2b:fb:3c:ce:7c:11:49:06:5e:b7:bc:6e:30:84:
                    fc:d2:0c:90:7d:1b:c5:07:b1:cf:18:c8:29:16:d4:
                    c9:a8:29:b3:42:f9:1d:f8:a4:fc:15:58:50:bd:d1:
                    2e:db:73:6f:47:dd:88:f6:30:83:88:59:8f:a0:97:
                    77:d6:aa:58:74:df:3f:60:d5:de:6d:8f:16:a0:ed:
                    3b:98:72:96:4d:15:3d:70:d9:6c:46:ba:b2:64:49:
                    a1:15:2c:9d:b3:22:c7:f5:59:76:0d:45:2b:c0:a0:
                    c0:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:BD:09:41:F9:77:E8:70:51:8F:E8:E6:AE:B2:68:0D:0E:AA:A2:25
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143856.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a4b6::/32

    Signature Algorithm: sha256WithRSAEncryption
         97:49:bc:2e:8d:f8:57:75:64:2e:25:a4:39:d6:94:65:8c:7f:
         81:e3:03:b2:9b:60:dc:04:7d:5a:1b:e6:89:ec:be:a2:a8:81:
         ca:2b:3b:b4:15:ec:a5:27:06:f0:cd:dc:3b:25:b9:64:d8:48:
         47:26:81:82:a6:db:81:16:0b:4b:9f:f2:5a:a8:f8:0e:ca:72:
         59:9a:0d:7c:91:1e:c7:40:0b:77:9b:26:e4:99:61:55:16:ae:
         89:02:cd:2b:7f:1f:7c:ee:3a:55:46:7d:be:f2:21:d7:9a:df:
         f8:4f:19:f6:13:7c:d9:93:16:4e:b2:d2:ff:b1:ee:ef:36:e4:
         dd:b0:f7:35:a4:2a:1a:a1:3e:63:37:9c:16:20:00:26:db:b6:
         67:e0:f3:9f:d1:ec:79:7c:9e:b2:37:85:21:9b:b5:e3:31:97:
         fa:54:b3:05:53:64:e5:98:2e:e2:1b:63:97:6f:12:bd:09:56:
         85:48:a2:bc:a7:00:4e:8f:f0:8b:64:05:8b:ae:7f:49:8e:a8:
         eb:2c:da:db:89:47:b7:e3:8f:57:a8:5c:52:50:86:c2:3a:80:
         3f:d2:e7:eb:64:e5:a2:b1:2e:09:01:08:13:c1:40:2e:66:77:
         7b:21:1f:23:90:07:fe:f0:cd:44:df:20:96:cb:60:6b:cc:a3:
         21:41:cb:bd
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUMw3PQdTf6bsyJZJn6Twk+R97wgAwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDgxNloX
DTI3MDMwMzA2MTMxNlowMzExMC8GA1UEAxMoNDNCRDA5NDFGOTc3RTg3MDUxOEZF
OEU2QUVCMjY4MEQwRUFBQTIyNTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJY9vQPNT4XKbIi/aF3aeLVSTSNSz46le3OqlgsZhATE+9YwHPLIOXfV3Rk/
XX6QmMVPEjsKV2hYA0dgiP1z6TY0YVkkOcJHLkZNleHMDEq7eDYMFzjWcLoiDoGP
2dRdrF98tOJ4bcbRKp7WfKIxcAmPuykOINaGYrgHr52XqifE46XEhni08691q2Dy
Rt3rLu85Pol5SCv7PM58EUkGXre8bjCE/NIMkH0bxQexzxjIKRbUyagps0L5Hfik
/BVYUL3RLttzb0fdiPYwg4hZj6CXd9aqWHTfP2DV3m2PFqDtO5hylk0VPXDZbEa6
smRJoRUsnbMix/VZdg1FK8CgwEMCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBRDvQlB
+XfocFGP6OausmgNDqqiJTAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0Mzg1Ni5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
pLYwDQYJKoZIhvcNAQELBQADggEBAJdJvC6N+Fd1ZC4lpDnWlGWMf4HjA7KbYNwE
fVob5onsvqKogcorO7QV7KUnBvDN3DsluWTYSEcmgYKm24EWC0uf8lqo+A7Kclma
DXyRHsdAC3ebJuSZYVUWrokCzSt/H3zuOlVGfb7yIdea3/hPGfYTfNmTFk6y0v+x
7u825N2w9zWkKhqhPmM3nBYgACbbtmfg85/R7Hl8nrI3hSGbteMxl/pUswVTZOWY
LuIbY5dvEr0JVoVIorynAE6P8ItkBYuuf0mOqOss2tuJR7fjj1eoXFJQhsI6gD/S
5+tk5aKxLgkBCBPBQC5md3shHyOQB/7wzUTfIJbLYGvMoyFBy70=
-----END CERTIFICATE-----