Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143871.roa
File:                     AS143871.roa (raw, json)
Hash identifier:          bjHDD8Of1OUQzEJF0je4jj+kpz1Z58KRrsecCmtIzZc=
Subject key identifier:   F1:96:FD:65:CB:70:82:5E:8C:B5:F1:71:23:96:E2:5C:35:A1:2F:11
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       0D9654EECA526C96531FBE298F8E16E9253C9060
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143871.roa
Signing time:             Wed 04 Mar 2026 06:14:37 +0000
ROA not before:           Wed 04 Mar 2026 06:09:37 +0000
ROA not after:            Wed 03 Mar 2027 06:14:37 +0000
asID:                     143871
IP address blocks:        240a:a4c5::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:96:54:ee:ca:52:6c:96:53:1f:be:29:8f:8e:16:e9:25:3c:90:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:09:37 2026 GMT
            Not After : Mar  3 06:14:37 2027 GMT
        Subject: CN=F196FD65CB70825E8CB5F1712396E25C35A12F11
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:e3:ff:75:9a:dd:f4:6e:24:cd:e9:2d:e8:9e:
                    d9:78:07:9b:43:eb:e8:d3:d0:97:97:df:0f:dd:e5:
                    75:4c:5a:db:fe:2a:86:09:fc:88:e1:6d:32:59:07:
                    c7:91:cf:55:3f:2a:ba:5e:97:51:6b:08:5c:ef:09:
                    ee:24:03:b3:44:d4:fd:7e:a2:64:b1:ae:ad:69:30:
                    50:d6:e0:22:cd:81:57:ca:e7:f6:2d:e1:ac:1f:aa:
                    91:48:93:17:d9:bf:e3:08:11:c8:5d:d8:ce:49:00:
                    d9:32:3b:03:b7:25:6e:20:d0:bc:7c:81:7b:52:06:
                    2b:8a:d8:f8:dd:59:c3:a4:72:bc:28:97:ae:78:11:
                    2f:46:38:7d:19:30:46:be:84:ec:40:9c:7d:78:94:
                    d1:4f:a5:10:07:d6:1a:26:f9:fe:59:a5:e2:da:55:
                    a0:f1:66:0e:b1:75:f5:12:84:70:25:c0:c4:39:0f:
                    eb:2c:1f:5e:32:23:74:94:03:6a:81:e0:f4:81:d2:
                    c7:e7:c0:62:7d:e7:ad:9f:35:56:21:11:34:23:bc:
                    54:22:0e:df:77:da:19:9a:6e:bb:88:7c:fa:d9:10:
                    58:b8:40:3f:29:6e:d4:0f:ba:23:71:43:56:8d:74:
                    4a:f7:3a:58:4d:5b:f7:55:98:7a:76:bc:9f:5e:3f:
                    97:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:96:FD:65:CB:70:82:5E:8C:B5:F1:71:23:96:E2:5C:35:A1:2F:11
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143871.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a4c5::/32

    Signature Algorithm: sha256WithRSAEncryption
         93:73:dd:7a:91:4e:8a:ab:92:25:73:bb:e4:52:68:1b:7f:39:
         98:06:51:35:74:16:64:f6:51:73:50:f7:08:e3:7d:73:94:f7:
         61:05:25:41:19:e4:7c:3d:da:69:f4:aa:b9:cf:1e:b2:8a:8f:
         be:d2:20:43:79:1e:a4:2a:cf:7a:15:69:26:ee:36:8e:b1:f3:
         c3:16:9d:88:19:7e:c4:ab:4f:a9:e2:1b:f2:31:f4:7c:a7:be:
         37:c4:16:c1:55:43:50:02:ad:33:cb:62:fb:fc:db:2d:08:18:
         1a:4a:3c:39:43:88:44:79:96:44:31:d2:5a:6d:31:05:9d:7d:
         45:22:2d:dd:51:ee:50:11:11:fe:dc:bc:3a:df:15:b8:6b:52:
         11:b8:ec:38:15:3c:22:30:0d:a8:84:91:4d:02:13:cc:8f:74:
         b6:c0:fd:41:b3:dd:6c:a3:a0:bd:e7:67:7c:85:5d:e4:ff:25:
         82:55:00:0a:2b:34:e4:cc:4e:0c:6f:dc:fc:95:d2:75:7d:ee:
         92:2e:98:55:8c:00:1c:ea:e5:bb:47:b7:12:47:d8:c4:ff:c9:
         1e:d9:7d:60:d4:c1:db:43:29:c8:56:ce:73:0a:40:0c:21:4f:
         f5:51:03:43:38:d5:02:7c:de:54:e0:f3:4c:71:4e:92:09:aa:
         e7:55:33:2f
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUDZZU7spSbJZTH74pj44W6SU8kGAwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDkzN1oX
DTI3MDMwMzA2MTQzN1owMzExMC8GA1UEAxMoRjE5NkZENjVDQjcwODI1RThDQjVG
MTcxMjM5NkUyNUMzNUExMkYxMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAIfj/3Wa3fRuJM3pLeie2XgHm0Pr6NPQl5ffD93ldUxa2/4qhgn8iOFtMlkH
x5HPVT8qul6XUWsIXO8J7iQDs0TU/X6iZLGurWkwUNbgIs2BV8rn9i3hrB+qkUiT
F9m/4wgRyF3YzkkA2TI7A7clbiDQvHyBe1IGK4rY+N1Zw6RyvCiXrngRL0Y4fRkw
Rr6E7ECcfXiU0U+lEAfWGib5/lml4tpVoPFmDrF19RKEcCXAxDkP6ywfXjIjdJQD
aoHg9IHSx+fAYn3nrZ81ViERNCO8VCIO33faGZpuu4h8+tkQWLhAPylu1A+6I3FD
Vo10Svc6WE1b91WYena8n14/l+UCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBTxlv1l
y3CCXoy18XEjluJcNaEvETAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0Mzg3MS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
pMUwDQYJKoZIhvcNAQELBQADggEBAJNz3XqRToqrkiVzu+RSaBt/OZgGUTV0FmT2
UXNQ9wjjfXOU92EFJUEZ5Hw92mn0qrnPHrKKj77SIEN5HqQqz3oVaSbuNo6x88MW
nYgZfsSrT6niG/Ix9HynvjfEFsFVQ1ACrTPLYvv82y0IGBpKPDlDiER5lkQx0lpt
MQWdfUUiLd1R7lAREf7cvDrfFbhrUhG47DgVPCIwDaiEkU0CE8yPdLbA/UGz3Wyj
oL3nZ3yFXeT/JYJVAAorNOTMTgxv3PyV0nV97pIumFWMABzq5btHtxJH2MT/yR7Z
fWDUwdtDKchWznMKQAwhT/VRA0M41QJ83lTg80xxTpIJqudVMy8=
-----END CERTIFICATE-----