Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143859.roa
File:                     AS143859.roa (raw, json)
Hash identifier:          l2GOqtLyFROuvliw3UowD23Ndx9SQQBzFmFC8pO1SPQ=
Subject key identifier:   9F:92:37:8F:6F:8B:A4:BB:40:5B:C3:2E:16:AB:C8:22:E7:BF:5F:42
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       17DD5F074458655391440FA367903B2DBEF4EAE7
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143859.roa
Signing time:             Wed 04 Mar 2026 06:13:04 +0000
ROA not before:           Wed 04 Mar 2026 06:08:04 +0000
ROA not after:            Wed 03 Mar 2027 06:13:04 +0000
asID:                     143859
IP address blocks:        240a:a4b9::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:dd:5f:07:44:58:65:53:91:44:0f:a3:67:90:3b:2d:be:f4:ea:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:08:04 2026 GMT
            Not After : Mar  3 06:13:04 2027 GMT
        Subject: CN=9F92378F6F8BA4BB405BC32E16ABC822E7BF5F42
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:6a:5a:8e:9a:89:e2:67:52:52:15:e9:3d:0d:
                    66:96:81:1f:82:34:b0:bd:6b:c1:63:96:7b:fe:04:
                    83:bf:11:a6:c4:50:e0:05:04:09:7e:a0:c6:59:e3:
                    f4:bd:03:a2:99:10:90:4e:fd:68:b8:1e:10:2e:75:
                    37:3e:09:31:9f:0f:8a:77:30:fc:e7:20:f9:d0:eb:
                    e1:4a:cb:8d:1b:aa:e0:97:71:d6:39:2f:7a:a0:9b:
                    57:33:34:e6:a2:40:a2:bc:d9:18:74:5f:79:4e:4e:
                    55:35:58:ab:53:93:9a:98:f7:47:6c:fb:a3:8a:1f:
                    11:72:fc:73:e6:a5:d0:17:79:39:ea:73:65:51:cd:
                    0b:3e:ef:95:60:42:22:1e:01:c5:3b:7f:a4:af:0d:
                    2b:1f:fe:21:e7:c6:bb:de:9f:2b:69:94:c4:ba:91:
                    68:ad:99:de:b4:7f:e9:d5:da:b4:82:b6:81:58:cb:
                    52:78:3a:4f:09:fb:9f:3b:08:47:f0:33:74:ef:c3:
                    a4:ba:c0:a2:a4:18:8f:eb:b6:b8:86:82:4d:65:de:
                    6d:01:a6:70:09:3d:75:71:e4:58:b4:b4:e9:b0:4a:
                    6d:d0:23:13:ce:72:08:3e:99:51:16:8c:aa:d4:38:
                    a9:55:45:c9:32:6f:57:c5:d0:47:28:84:1c:d6:69:
                    49:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:92:37:8F:6F:8B:A4:BB:40:5B:C3:2E:16:AB:C8:22:E7:BF:5F:42
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143859.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a4b9::/32

    Signature Algorithm: sha256WithRSAEncryption
         77:ae:c9:b0:09:d7:4a:a5:d5:89:1e:18:35:b4:02:7c:b1:ec:
         68:5f:5e:6e:32:15:ae:4b:db:b6:76:66:43:f2:e7:c4:78:c2:
         ec:2e:69:91:80:c4:5b:cc:c8:7a:18:59:c2:1a:6f:bd:43:33:
         46:5d:07:54:c0:08:e5:99:0c:39:52:89:92:01:73:5e:26:a8:
         44:30:f8:31:84:82:1c:a6:b3:d6:98:c4:19:65:98:6b:78:b8:
         47:22:77:22:b6:45:13:b2:be:cd:ce:ce:5f:c5:ab:93:00:5a:
         a1:dd:7b:d5:dc:55:51:70:46:fa:c9:32:30:fb:1f:98:e0:17:
         71:87:c0:59:0e:89:fb:c5:ec:fb:39:f8:28:96:8c:9d:85:7a:
         2c:0a:15:3b:42:03:25:31:35:70:26:4f:fa:a4:7e:d4:f0:43:
         c9:70:9f:c8:22:62:1f:9f:0b:2a:dc:ac:f9:33:87:42:2f:95:
         1a:48:8c:06:51:a6:c3:4d:86:19:83:4e:de:5e:d7:df:ca:9f:
         83:ba:94:ff:8c:cd:18:4e:20:84:8a:08:05:48:27:72:44:91:
         83:31:ca:9f:a3:96:f3:59:29:8f:06:5d:84:0b:25:49:6b:bb:
         ca:79:90:4b:a8:8c:f2:8e:f2:48:6b:d3:5e:43:67:82:49:ca:
         38:f3:44:de
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUF91fB0RYZVORRA+jZ5A7Lb706ucwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDgwNFoX
DTI3MDMwMzA2MTMwNFowMzExMC8GA1UEAxMoOUY5MjM3OEY2RjhCQTRCQjQwNUJD
MzJFMTZBQkM4MjJFN0JGNUY0MjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOZqWo6aieJnUlIV6T0NZpaBH4I0sL1rwWOWe/4Eg78RpsRQ4AUECX6gxlnj
9L0DopkQkE79aLgeEC51Nz4JMZ8Pincw/Ocg+dDr4UrLjRuq4Jdx1jkveqCbVzM0
5qJAorzZGHRfeU5OVTVYq1OTmpj3R2z7o4ofEXL8c+al0Bd5OepzZVHNCz7vlWBC
Ih4BxTt/pK8NKx/+IefGu96fK2mUxLqRaK2Z3rR/6dXatIK2gVjLUng6Twn7nzsI
R/AzdO/DpLrAoqQYj+u2uIaCTWXebQGmcAk9dXHkWLS06bBKbdAjE85yCD6ZURaM
qtQ4qVVFyTJvV8XQRyiEHNZpSd8CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBSfkjeP
b4uku0Bbwy4Wq8gi579fQjAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0Mzg1OS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
pLkwDQYJKoZIhvcNAQELBQADggEBAHeuybAJ10ql1YkeGDW0Anyx7GhfXm4yFa5L
27Z2ZkPy58R4wuwuaZGAxFvMyHoYWcIab71DM0ZdB1TACOWZDDlSiZIBc14mqEQw
+DGEghyms9aYxBllmGt4uEcidyK2RROyvs3Ozl/Fq5MAWqHde9XcVVFwRvrJMjD7
H5jgF3GHwFkOifvF7Ps5+CiWjJ2FeiwKFTtCAyUxNXAmT/qkftTwQ8lwn8giYh+f
CyrcrPkzh0IvlRpIjAZRpsNNhhmDTt5e19/Kn4O6lP+MzRhOIISKCAVIJ3JEkYMx
yp+jlvNZKY8GXYQLJUlru8p5kEuojPKO8khr015DZ4JJyjjzRN4=
-----END CERTIFICATE-----