Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143908.roa
File:                     AS143908.roa (raw, json)
Hash identifier:          deDEgjrPbeE/p1+3DYRHDGs8pf3esQlFjUj0Z5z/VIg=
Subject key identifier:   A8:52:95:E7:50:41:0A:46:61:51:90:B0:A1:B4:05:B3:F0:F8:12:B0
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       4632D385599E64DA93E6AE8F0CB87280EF4B473A
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143908.roa
Signing time:             Wed 04 Mar 2026 06:13:44 +0000
ROA not before:           Wed 04 Mar 2026 06:08:44 +0000
ROA not after:            Wed 03 Mar 2027 06:13:44 +0000
asID:                     143908
IP address blocks:        240a:a4ea::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:32:d3:85:59:9e:64:da:93:e6:ae:8f:0c:b8:72:80:ef:4b:47:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:08:44 2026 GMT
            Not After : Mar  3 06:13:44 2027 GMT
        Subject: CN=A85295E750410A46615190B0A1B405B3F0F812B0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:4e:24:c3:4c:c7:99:5c:45:21:02:a8:79:8e:
                    54:63:c3:1d:ba:f1:8e:7a:a3:83:8b:83:61:45:b4:
                    b3:92:7f:8c:85:12:50:89:b9:ec:34:46:bb:e6:45:
                    77:c8:3c:11:49:a3:c2:cc:ec:0c:66:c5:a6:4d:6a:
                    7b:75:f1:57:1b:5d:9d:5a:1b:7c:e4:b5:5b:4b:f2:
                    e3:df:ab:50:ca:5b:1d:f5:5b:e3:73:bd:e7:fb:fa:
                    22:c1:38:78:09:d3:42:9a:4a:9e:b3:7f:d0:35:3f:
                    46:03:58:1f:11:d9:77:94:d2:b0:f2:81:c9:18:76:
                    b1:98:40:55:13:77:22:0c:43:48:77:c4:2f:df:8f:
                    6c:31:ad:a5:91:7f:d9:bc:81:4a:3a:ed:85:0e:07:
                    6f:0e:43:10:39:47:7c:0d:74:07:ae:a0:5a:f5:5a:
                    07:d3:1e:0a:23:65:26:ad:1d:29:6c:9b:a2:32:db:
                    ea:88:14:72:7c:da:01:df:87:6c:32:11:e9:ad:68:
                    17:e6:5f:f1:8d:74:e7:d7:aa:34:d9:50:bd:85:91:
                    a8:1f:99:ca:c7:62:3a:e3:dd:7b:44:33:ae:bf:2b:
                    e2:17:ff:67:c5:c9:00:b1:d6:66:aa:62:04:70:62:
                    5f:db:f4:9b:6c:01:f7:bd:23:18:0c:7e:bf:2f:91:
                    ce:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:52:95:E7:50:41:0A:46:61:51:90:B0:A1:B4:05:B3:F0:F8:12:B0
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143908.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a4ea::/32

    Signature Algorithm: sha256WithRSAEncryption
         d7:31:96:61:5d:37:70:7c:07:85:41:49:f1:c7:3a:92:66:a7:
         d1:3d:6f:e3:8e:0b:c5:d3:c6:f3:76:a1:02:c9:d2:5c:d9:22:
         ad:9b:85:b3:33:78:63:6e:c2:fd:a4:31:60:38:39:80:f2:d1:
         99:55:92:2b:23:7d:04:c3:ad:dc:fd:11:34:0b:f2:43:2c:8f:
         70:6f:b5:27:7d:81:38:f4:eb:48:1a:37:9c:49:56:89:6e:90:
         b6:da:01:1f:4d:8f:ad:63:c6:e5:71:20:cd:25:c5:e6:8d:d6:
         a1:d1:04:2e:a4:3a:de:94:07:35:b4:20:3e:38:c1:1e:e8:ab:
         49:6d:b6:f9:ac:9f:6e:f7:6e:1e:b1:ca:4b:2e:6b:c7:b2:8d:
         6f:fb:da:e0:c8:88:da:19:8c:d4:10:60:60:e3:a7:8e:02:92:
         e0:8f:b0:4e:99:84:ad:e6:97:de:16:8d:9e:21:9d:f2:b3:2d:
         fa:19:67:49:f3:be:3a:44:b3:3d:ae:e8:c1:a4:b9:1c:77:f8:
         4c:37:5f:d7:9f:ba:dd:07:24:9a:cb:fa:f2:6e:03:24:6b:a9:
         5a:9c:47:44:da:78:ca:8d:6c:ea:bd:04:6f:db:3e:70:1e:66:
         77:5c:39:5f:f7:8e:d8:0a:b5:86:96:9b:36:79:a2:0d:6a:c3:
         19:f6:a1:e2
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIURjLThVmeZNqT5q6PDLhygO9LRzowDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDg0NFoX
DTI3MDMwMzA2MTM0NFowMzExMC8GA1UEAxMoQTg1Mjk1RTc1MDQxMEE0NjYxNTE5
MEIwQTFCNDA1QjNGMEY4MTJCMDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANdOJMNMx5lcRSECqHmOVGPDHbrxjnqjg4uDYUW0s5J/jIUSUIm57DRGu+ZF
d8g8EUmjwszsDGbFpk1qe3XxVxtdnVobfOS1W0vy49+rUMpbHfVb43O95/v6IsE4
eAnTQppKnrN/0DU/RgNYHxHZd5TSsPKByRh2sZhAVRN3IgxDSHfEL9+PbDGtpZF/
2byBSjrthQ4Hbw5DEDlHfA10B66gWvVaB9MeCiNlJq0dKWybojLb6ogUcnzaAd+H
bDIR6a1oF+Zf8Y1059eqNNlQvYWRqB+ZysdiOuPde0Qzrr8r4hf/Z8XJALHWZqpi
BHBiX9v0m2wB970jGAx+vy+Rzg0CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBSoUpXn
UEEKRmFRkLChtAWz8PgSsDAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MzkwOC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
pOowDQYJKoZIhvcNAQELBQADggEBANcxlmFdN3B8B4VBSfHHOpJmp9E9b+OOC8XT
xvN2oQLJ0lzZIq2bhbMzeGNuwv2kMWA4OYDy0ZlVkisjfQTDrdz9ETQL8kMsj3Bv
tSd9gTj060gaN5xJVolukLbaAR9Nj61jxuVxIM0lxeaN1qHRBC6kOt6UBzW0ID44
wR7oq0lttvmsn273bh6xyksua8eyjW/72uDIiNoZjNQQYGDjp44CkuCPsE6ZhK3m
l94WjZ4hnfKzLfoZZ0nzvjpEsz2u6MGkuRx3+Ew3X9efut0HJJrL+vJuAyRrqVqc
R0TaeMqNbOq9BG/bPnAeZndcOV/3jtgKtYaWmzZ5og1qwxn2oeI=
-----END CERTIFICATE-----