Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143880.roa
File:                     AS143880.roa (raw, json)
Hash identifier:          wmtpU426mLcAASFJQHw2YAXRkrk+HdImzxSAXaQ7mEI=
Subject key identifier:   14:D7:10:88:94:8D:DC:1F:29:F7:78:BE:A3:20:9D:0B:28:A0:58:5D
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       1CA8F33EF881A1998718081BFB7ED3BB17425C6F
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143880.roa
Signing time:             Wed 04 Mar 2026 06:13:03 +0000
ROA not before:           Wed 04 Mar 2026 06:08:03 +0000
ROA not after:            Wed 03 Mar 2027 06:13:03 +0000
asID:                     143880
IP address blocks:        240a:a4ce::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1c:a8:f3:3e:f8:81:a1:99:87:18:08:1b:fb:7e:d3:bb:17:42:5c:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:08:03 2026 GMT
            Not After : Mar  3 06:13:03 2027 GMT
        Subject: CN=14D71088948DDC1F29F778BEA3209D0B28A0585D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:6a:81:54:34:d3:b8:e5:6e:8d:fa:5c:c7:67:
                    b7:ad:cc:c5:d5:62:79:31:3d:20:d8:8b:dc:e4:fb:
                    c2:7a:0e:d1:b2:63:0e:68:cc:53:b1:c5:0d:45:84:
                    e8:42:86:33:ea:c4:b1:f8:4f:87:7b:b3:09:30:a1:
                    0b:55:2b:65:9d:76:d4:ce:ed:13:47:b5:44:96:73:
                    02:50:a9:63:66:92:80:25:47:6e:94:08:51:4b:a3:
                    26:a3:84:26:ac:1b:10:a6:23:c9:fc:9c:2b:d7:d7:
                    ba:a9:3d:b8:86:be:44:53:bf:cc:77:00:9b:93:d1:
                    54:3f:55:c6:f5:0f:5d:8e:08:de:77:e7:fd:21:65:
                    c7:18:c4:64:a8:b2:b4:83:62:f8:fb:c5:56:1f:07:
                    81:ed:a3:5f:00:03:24:c9:24:0d:62:7f:b0:32:ce:
                    78:b1:2a:dc:5a:25:c9:11:ae:80:97:6d:18:6d:7f:
                    5c:fb:94:43:37:bf:67:0c:94:21:bd:45:21:a4:27:
                    c4:20:dd:bd:72:44:04:92:e4:38:82:f7:e8:34:66:
                    d6:3b:d0:cc:a2:ac:8f:ad:6b:d5:f1:78:cd:39:f1:
                    90:5e:c8:2e:1b:9f:77:dd:e3:8b:8d:b8:5b:f2:40:
                    5d:03:86:a0:e6:72:47:bc:51:45:07:e1:4b:17:7e:
                    74:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:D7:10:88:94:8D:DC:1F:29:F7:78:BE:A3:20:9D:0B:28:A0:58:5D
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143880.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a4ce::/32

    Signature Algorithm: sha256WithRSAEncryption
         9e:a6:23:51:02:ad:69:7d:18:0e:65:67:01:4d:c3:b1:37:c5:
         0b:a2:9c:56:8f:7b:0e:ff:7d:fe:2a:31:fc:c6:ff:c0:03:ee:
         0f:36:98:c9:46:3a:58:d6:da:fa:34:0c:1f:ff:f7:fa:5f:b4:
         65:45:74:de:8d:b7:aa:8a:25:d3:fd:ac:34:ae:dd:95:4a:17:
         e0:91:cb:af:47:62:e0:1c:3c:be:e0:79:22:8a:79:44:32:1d:
         1a:c0:f4:b1:aa:88:eb:07:62:1b:02:e6:9d:23:92:e3:2c:dc:
         0e:0d:a1:98:7f:77:f0:c6:2b:5b:88:c1:b5:46:23:ef:96:17:
         c9:4b:58:2b:6e:78:f8:cc:c8:fa:7e:08:c4:02:4b:74:df:9e:
         aa:5c:5c:ce:98:15:a0:39:0c:bc:88:a3:af:b5:70:2d:aa:ca:
         1e:8d:39:c1:63:0e:11:7f:be:8b:7b:ff:f4:8a:a5:a8:1a:f1:
         a4:f7:d5:10:32:dc:1c:81:1d:22:50:5b:a7:a2:b3:9d:c7:34:
         7a:69:a9:90:46:ac:72:0a:73:56:4f:17:4b:f5:28:df:d5:c1:
         9c:60:e2:ac:db:8f:09:c5:c8:c9:36:ff:8e:d9:d3:33:aa:a1:
         5d:0c:95:2f:42:36:b5:7f:00:64:8d:b2:7b:f6:94:de:c0:2c:
         d5:0e:f0:64
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUHKjzPviBoZmHGAgb+37TuxdCXG8wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDgwM1oX
DTI3MDMwMzA2MTMwM1owMzExMC8GA1UEAxMoMTRENzEwODg5NDhEREMxRjI5Rjc3
OEJFQTMyMDlEMEIyOEEwNTg1RDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKRqgVQ007jlbo36XMdnt63MxdVieTE9INiL3OT7wnoO0bJjDmjMU7HFDUWE
6EKGM+rEsfhPh3uzCTChC1UrZZ121M7tE0e1RJZzAlCpY2aSgCVHbpQIUUujJqOE
JqwbEKYjyfycK9fXuqk9uIa+RFO/zHcAm5PRVD9VxvUPXY4I3nfn/SFlxxjEZKiy
tINi+PvFVh8Hge2jXwADJMkkDWJ/sDLOeLEq3FolyRGugJdtGG1/XPuUQze/ZwyU
Ib1FIaQnxCDdvXJEBJLkOIL36DRm1jvQzKKsj61r1fF4zTnxkF7ILhufd93ji424
W/JAXQOGoOZyR7xRRQfhSxd+dFUCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQU1xCI
lI3cHyn3eL6jIJ0LKKBYXTAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0Mzg4MC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
pM4wDQYJKoZIhvcNAQELBQADggEBAJ6mI1ECrWl9GA5lZwFNw7E3xQuinFaPew7/
ff4qMfzG/8AD7g82mMlGOljW2vo0DB//9/pftGVFdN6Nt6qKJdP9rDSu3ZVKF+CR
y69HYuAcPL7geSKKeUQyHRrA9LGqiOsHYhsC5p0jkuMs3A4NoZh/d/DGK1uIwbVG
I++WF8lLWCtuePjMyPp+CMQCS3TfnqpcXM6YFaA5DLyIo6+1cC2qyh6NOcFjDhF/
vot7//SKpaga8aT31RAy3ByBHSJQW6eis53HNHppqZBGrHIKc1ZPF0v1KN/VwZxg
4qzbjwnFyMk2/47Z0zOqoV0MlS9CNrV/AGSNsnv2lN7ALNUO8GQ=
-----END CERTIFICATE-----