Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143861.roa
File:                     AS143861.roa (raw, json)
Hash identifier:          293Tk7k9gVb8cEJoQPX6zymbulBdAVh8vf7skWtgYmo=
Subject key identifier:   31:EC:71:F9:7A:74:C9:1C:56:0B:79:AC:A8:5F:07:93:83:44:07:A5
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       2C6AB3FE5E9499AAA1FB4C78F9D9E08C2BD67FCF
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143861.roa
Signing time:             Wed 04 Mar 2026 06:13:39 +0000
ROA not before:           Wed 04 Mar 2026 06:08:39 +0000
ROA not after:            Wed 03 Mar 2027 06:13:39 +0000
asID:                     143861
IP address blocks:        240a:a4bb::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2c:6a:b3:fe:5e:94:99:aa:a1:fb:4c:78:f9:d9:e0:8c:2b:d6:7f:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:08:39 2026 GMT
            Not After : Mar  3 06:13:39 2027 GMT
        Subject: CN=31EC71F97A74C91C560B79ACA85F0793834407A5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:8f:bb:6e:1b:c0:a1:c4:75:88:51:29:e1:0d:
                    84:24:31:0e:77:ea:7a:3c:7f:cc:e1:70:f3:ba:d0:
                    75:31:c1:03:5d:39:e9:5d:13:59:88:32:70:dc:cc:
                    02:d4:5b:36:5e:d9:3c:74:8c:e6:4d:d2:44:35:b4:
                    5d:ee:dc:67:08:da:4a:8c:86:a9:d7:0a:d8:66:96:
                    9c:39:09:90:4d:ea:b1:e9:6d:3a:de:3e:5a:ff:39:
                    31:63:0b:b5:50:cd:cb:b0:c4:7c:76:31:1c:2a:ec:
                    0e:0b:3d:6c:43:2d:1d:de:61:64:1e:66:6d:ab:5c:
                    23:d3:4f:f5:70:37:fd:32:f7:ef:72:d6:e1:e7:f3:
                    71:b1:19:d3:93:95:71:d2:31:60:2e:34:5b:a2:69:
                    d5:ea:88:53:f9:8a:9f:ba:28:58:09:df:cc:fb:d4:
                    e4:1b:de:70:3d:c1:96:eb:72:bc:d3:35:54:16:b2:
                    48:d2:ba:ef:d2:e3:58:3a:c5:dd:e5:1d:82:73:a8:
                    08:d5:8b:fa:48:ad:d5:d7:de:3a:3e:71:ae:b4:a7:
                    15:b7:9c:c6:69:18:45:3c:b4:b0:09:8d:bf:4f:29:
                    5f:66:cb:9b:17:bb:68:99:92:14:b4:28:54:af:5e:
                    1d:33:06:78:f5:f4:b3:05:37:15:95:24:a2:85:39:
                    82:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:EC:71:F9:7A:74:C9:1C:56:0B:79:AC:A8:5F:07:93:83:44:07:A5
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143861.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a4bb::/32

    Signature Algorithm: sha256WithRSAEncryption
         9c:5b:46:24:2b:64:0e:82:7c:dc:70:94:fe:bc:4f:3d:48:3b:
         0d:15:6d:18:fd:f3:48:81:7c:28:1c:c2:b6:c0:ae:e2:11:88:
         02:4f:7e:46:16:3e:f9:48:46:80:10:73:8b:a2:0b:4c:56:5a:
         aa:d8:d3:c0:e0:38:e8:23:51:a6:39:9e:90:d6:1d:d4:8e:df:
         c0:5a:67:14:5d:b7:65:11:81:3e:36:70:e2:04:de:11:05:0c:
         c8:5d:bd:02:f8:2e:55:71:3e:e0:2d:de:47:29:49:a0:69:f4:
         31:a2:cc:b8:9e:04:9c:0c:39:34:5c:0f:dd:29:41:1c:5b:24:
         ba:3e:69:b7:c8:b5:fb:84:c2:3c:47:b4:35:77:4f:b9:16:a3:
         62:33:71:86:e1:77:74:91:92:a8:c9:8e:c0:c2:cb:4b:11:64:
         df:da:20:55:09:bd:9d:04:a8:c8:d7:9d:dc:5c:b3:06:a3:69:
         c3:8a:7a:d7:65:11:ee:39:cb:f6:a4:a5:fc:80:1d:fd:07:b1:
         69:b3:7d:10:50:12:8e:59:52:67:59:36:c9:ab:4e:69:30:2f:
         45:1e:85:7b:dd:bf:03:66:1e:d7:bc:b7:90:1e:f7:e8:f2:5b:
         4b:d0:58:ee:81:67:c6:07:ba:66:dd:33:a2:32:1d:17:c4:22:
         04:ae:c4:96
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIULGqz/l6Umaqh+0x4+dngjCvWf88wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDgzOVoX
DTI3MDMwMzA2MTMzOVowMzExMC8GA1UEAxMoMzFFQzcxRjk3QTc0QzkxQzU2MEI3
OUFDQTg1RjA3OTM4MzQ0MDdBNTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKWPu24bwKHEdYhRKeENhCQxDnfqejx/zOFw87rQdTHBA1056V0TWYgycNzM
AtRbNl7ZPHSM5k3SRDW0Xe7cZwjaSoyGqdcK2GaWnDkJkE3qseltOt4+Wv85MWML
tVDNy7DEfHYxHCrsDgs9bEMtHd5hZB5mbatcI9NP9XA3/TL373LW4efzcbEZ05OV
cdIxYC40W6Jp1eqIU/mKn7ooWAnfzPvU5BvecD3BlutyvNM1VBaySNK679LjWDrF
3eUdgnOoCNWL+kit1dfeOj5xrrSnFbecxmkYRTy0sAmNv08pX2bLmxe7aJmSFLQo
VK9eHTMGePX0swU3FZUkooU5gs0CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQx7HH5
enTJHFYLeayoXweTg0QHpTAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0Mzg2MS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
pLswDQYJKoZIhvcNAQELBQADggEBAJxbRiQrZA6CfNxwlP68Tz1IOw0VbRj980iB
fCgcwrbAruIRiAJPfkYWPvlIRoAQc4uiC0xWWqrY08DgOOgjUaY5npDWHdSO38Ba
ZxRdt2URgT42cOIE3hEFDMhdvQL4LlVxPuAt3kcpSaBp9DGizLieBJwMOTRcD90p
QRxbJLo+abfItfuEwjxHtDV3T7kWo2IzcYbhd3SRkqjJjsDCy0sRZN/aIFUJvZ0E
qMjXndxcswajacOKetdlEe45y/akpfyAHf0HsWmzfRBQEo5ZUmdZNsmrTmkwL0Ue
hXvdvwNmHte8t5Ae9+jyW0vQWO6BZ8YHumbdM6IyHRfEIgSuxJY=
-----END CERTIFICATE-----