Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143881.roa
File:                     AS143881.roa (raw, json)
Hash identifier:          tcsZJOcPm4WTgNVGYt7HmoWTQ+z0Vv8IzCFavK4rDXw=
Subject key identifier:   95:75:03:FF:56:5C:0A:C9:B8:DD:60:22:E1:E1:13:2D:AC:36:30:6E
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       41E7E7742329E4963A3E4C456666ED8B8EB31191
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143881.roa
Signing time:             Wed 04 Mar 2026 06:15:03 +0000
ROA not before:           Wed 04 Mar 2026 06:10:03 +0000
ROA not after:            Wed 03 Mar 2027 06:15:03 +0000
asID:                     143881
IP address blocks:        240a:a4cf::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:e7:e7:74:23:29:e4:96:3a:3e:4c:45:66:66:ed:8b:8e:b3:11:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:10:03 2026 GMT
            Not After : Mar  3 06:15:03 2027 GMT
        Subject: CN=957503FF565C0AC9B8DD6022E1E1132DAC36306E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:32:36:2b:e1:b5:76:d4:c5:98:36:05:15:a5:
                    b2:d6:14:61:a4:9e:54:fe:59:af:9c:fa:57:65:91:
                    c6:2b:a5:36:ef:a8:27:44:d7:a0:74:a0:e8:7b:b9:
                    7b:65:1a:4e:65:98:cf:b3:d0:b7:42:dc:73:8f:d4:
                    1a:e4:d6:e6:42:2a:d9:ca:f6:c2:86:98:fe:eb:30:
                    ce:16:63:6d:92:bf:d7:94:db:de:8e:44:06:c4:f8:
                    8a:55:b0:1d:1b:34:1b:74:e4:f9:53:5a:fc:a1:23:
                    cb:de:f9:51:e5:a7:24:73:99:0f:f2:68:d3:70:24:
                    f2:7e:28:7f:e2:2e:c1:a0:f7:00:e6:67:64:5e:71:
                    99:e2:1f:25:6e:5f:56:72:14:85:d4:7f:b3:5e:80:
                    70:e3:01:48:2b:4e:b7:79:d4:b0:56:fb:9b:d0:8a:
                    e8:43:12:8c:ef:a8:49:7d:f7:8b:bf:34:4e:b6:9a:
                    5a:59:9c:5d:57:da:11:24:7e:6b:a2:8d:dc:90:2a:
                    0c:b8:51:9e:eb:51:6c:d7:b4:a5:61:15:83:64:6a:
                    13:f3:3b:c4:2d:71:fd:2a:a4:37:21:9b:ad:ee:d3:
                    01:0b:78:b0:1d:7c:64:94:cc:55:b2:21:44:f8:d5:
                    fa:d5:7c:5a:eb:fe:aa:76:31:6f:c7:44:d2:cb:92:
                    c4:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:75:03:FF:56:5C:0A:C9:B8:DD:60:22:E1:E1:13:2D:AC:36:30:6E
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143881.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a4cf::/32

    Signature Algorithm: sha256WithRSAEncryption
         b4:5e:b2:14:78:86:c3:5f:a5:f8:aa:1c:45:c2:bb:67:f2:34:
         e3:f3:2a:b3:a8:bc:5c:e8:82:0e:d9:a7:27:e4:1c:33:43:25:
         97:51:06:99:1a:83:49:44:98:c6:c2:d5:4a:be:52:f0:6b:ba:
         05:aa:84:98:f7:33:f9:4f:cb:0c:5c:e7:45:0d:94:45:81:89:
         d9:83:4c:1d:a8:6e:96:32:60:b1:3f:02:82:80:47:62:e9:89:
         92:a9:fa:0d:16:36:00:08:0e:af:e7:8a:4c:71:e1:80:c9:0d:
         e3:eb:c3:b3:11:f1:d1:1d:03:58:ee:85:69:05:b0:b3:33:98:
         38:12:0d:dc:e7:01:86:22:0e:be:58:6e:0d:7e:9c:86:88:8c:
         18:85:64:f2:d9:5d:ed:7a:81:57:ca:5f:93:12:e2:12:69:71:
         0a:c1:77:9e:70:7f:0c:b5:00:87:49:8a:ba:e8:38:c3:df:63:
         f8:f9:cc:bb:ed:81:cc:1f:41:e4:c8:5a:3f:d6:1d:7f:c7:35:
         01:87:b3:e1:5d:ac:f0:a3:8b:33:ae:8f:98:83:8e:fc:b6:77:
         a2:84:54:4a:32:65:c2:69:34:1c:d8:26:02:d7:08:b3:60:70:
         c3:75:b4:27:ae:67:43:55:b8:72:df:12:5d:30:d5:7a:9a:55:
         f4:01:29:dc
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUQefndCMp5JY6PkxFZmbti46zEZEwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTAwM1oX
DTI3MDMwMzA2MTUwM1owMzExMC8GA1UEAxMoOTU3NTAzRkY1NjVDMEFDOUI4REQ2
MDIyRTFFMTEzMkRBQzM2MzA2RTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMcyNivhtXbUxZg2BRWlstYUYaSeVP5Zr5z6V2WRxiulNu+oJ0TXoHSg6Hu5
e2UaTmWYz7PQt0Lcc4/UGuTW5kIq2cr2woaY/uswzhZjbZK/15Tb3o5EBsT4ilWw
HRs0G3Tk+VNa/KEjy975UeWnJHOZD/Jo03Ak8n4of+IuwaD3AOZnZF5xmeIfJW5f
VnIUhdR/s16AcOMBSCtOt3nUsFb7m9CK6EMSjO+oSX33i780TraaWlmcXVfaESR+
a6KN3JAqDLhRnutRbNe0pWEVg2RqE/M7xC1x/SqkNyGbre7TAQt4sB18ZJTMVbIh
RPjV+tV8Wuv+qnYxb8dE0suSxOkCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBSVdQP/
VlwKybjdYCLh4RMtrDYwbjAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0Mzg4MS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
pM8wDQYJKoZIhvcNAQELBQADggEBALReshR4hsNfpfiqHEXCu2fyNOPzKrOovFzo
gg7ZpyfkHDNDJZdRBpkag0lEmMbC1Uq+UvBrugWqhJj3M/lPywxc50UNlEWBidmD
TB2obpYyYLE/AoKAR2LpiZKp+g0WNgAIDq/nikxx4YDJDePrw7MR8dEdA1juhWkF
sLMzmDgSDdznAYYiDr5Ybg1+nIaIjBiFZPLZXe16gVfKX5MS4hJpcQrBd55wfwy1
AIdJirroOMPfY/j5zLvtgcwfQeTIWj/WHX/HNQGHs+FdrPCjizOuj5iDjvy2d6KE
VEoyZcJpNBzYJgLXCLNgcMN1tCeuZ0NVuHLfEl0w1XqaVfQBKdw=
-----END CERTIFICATE-----