Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143921.roa
File:                     AS143921.roa (raw, json)
Hash identifier:          e8+U/Kzm/ASPj+tDqtIV3b0E7T7rHex5IEf5ybcA+gM=
Subject key identifier:   CD:23:12:04:59:20:82:AA:7A:DA:3F:7D:5E:9A:8E:FF:ED:DA:96:C6
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       195C577F85610AE9F5B14A9B8C94445F4B1E5C07
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143921.roa
Signing time:             Wed 04 Mar 2026 06:14:14 +0000
ROA not before:           Wed 04 Mar 2026 06:09:14 +0000
ROA not after:            Wed 03 Mar 2027 06:14:14 +0000
asID:                     143921
IP address blocks:        240a:a4f7::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            19:5c:57:7f:85:61:0a:e9:f5:b1:4a:9b:8c:94:44:5f:4b:1e:5c:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:09:14 2026 GMT
            Not After : Mar  3 06:14:14 2027 GMT
        Subject: CN=CD231204592082AA7ADA3F7D5E9A8EFFEDDA96C6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:b4:b7:d2:7d:3f:70:f6:f3:10:5c:c4:91:ef:
                    1b:f3:16:29:9a:c8:89:16:68:33:15:81:a5:f8:72:
                    4a:47:25:82:32:bc:9b:d5:5b:0c:89:dd:a9:7c:f5:
                    30:27:8a:ca:a2:17:78:7a:3f:64:63:2d:d6:c2:2e:
                    3a:b9:bb:5c:61:6d:1e:90:2c:60:f7:0c:d3:8f:6b:
                    f9:a5:2c:71:48:f6:88:72:92:28:e7:d5:c4:2f:6f:
                    42:c7:a7:94:87:14:47:84:21:65:9e:6a:8b:65:81:
                    f8:08:bb:6e:9a:90:bf:25:da:fa:40:17:1c:80:6f:
                    4c:75:10:b8:ce:03:0d:eb:9f:03:cd:02:3a:8a:e2:
                    f2:2f:24:03:d9:3f:4f:11:3c:4b:a9:a1:59:1e:ef:
                    fe:91:6a:dc:f3:b9:f9:21:79:a7:a8:4b:26:e7:f3:
                    0b:0a:b3:0c:86:5f:3a:29:ab:24:e1:fe:97:96:12:
                    f3:9e:98:89:04:33:ef:ae:d0:52:b5:fe:ae:06:4c:
                    a0:f6:a4:82:d1:7d:30:9e:96:f9:5e:14:cb:60:fd:
                    cd:d0:c6:58:f0:23:71:cf:e8:05:40:d9:6e:15:db:
                    20:77:a9:9f:35:03:7a:f5:1a:ca:09:fb:d5:fb:5d:
                    2e:5b:b6:c9:b1:89:e2:3e:24:68:ad:39:25:51:ab:
                    2f:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:23:12:04:59:20:82:AA:7A:DA:3F:7D:5E:9A:8E:FF:ED:DA:96:C6
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143921.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a4f7::/32

    Signature Algorithm: sha256WithRSAEncryption
         0e:80:47:32:18:bd:bb:8f:bd:c0:78:de:eb:ba:03:06:d4:4a:
         c9:67:bf:b1:a5:4b:00:e0:14:d4:f8:9a:a8:47:a1:67:ad:72:
         e3:55:4b:70:26:56:0a:20:7d:0a:7d:03:17:2a:b5:ab:f3:d3:
         a6:f3:eb:0d:bd:d7:8e:a7:93:dc:43:44:44:d1:ee:aa:74:84:
         73:64:39:ed:20:eb:ea:a1:a9:c3:f3:71:0e:4c:fb:34:60:20:
         7c:a2:7f:54:1c:df:f6:ae:62:ba:7a:b0:aa:ab:53:f5:0e:e5:
         9b:58:41:d1:d4:02:f0:9a:2e:5b:a9:ac:38:30:2a:15:c7:0d:
         c6:78:61:41:54:46:dc:72:c1:13:8f:ca:e2:20:7d:97:57:f1:
         58:c0:f7:43:ca:73:cd:9c:80:c3:2a:87:1e:17:a5:4d:1d:5f:
         4d:4b:e0:fe:5b:40:2e:46:7e:6e:3d:41:ed:17:21:8b:8e:3d:
         61:d5:43:bf:5b:08:e3:15:56:f6:29:4d:fe:71:b2:2d:40:b6:
         27:2d:77:86:00:ae:c6:d2:e8:f1:71:fe:3a:4c:0b:03:f1:6e:
         a8:4f:0d:e4:eb:c6:2b:80:10:ef:4a:3c:7d:31:9e:4b:90:c2:
         5a:53:7e:77:c7:db:64:1d:83:8e:eb:10:ca:75:3d:0f:ce:02:
         26:c4:31:4c
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUGVxXf4VhCun1sUqbjJREX0seXAcwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDkxNFoX
DTI3MDMwMzA2MTQxNFowMzExMC8GA1UEAxMoQ0QyMzEyMDQ1OTIwODJBQTdBREEz
RjdENUU5QThFRkZFRERBOTZDNjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKy0t9J9P3D28xBcxJHvG/MWKZrIiRZoMxWBpfhySkclgjK8m9VbDIndqXz1
MCeKyqIXeHo/ZGMt1sIuOrm7XGFtHpAsYPcM049r+aUscUj2iHKSKOfVxC9vQsen
lIcUR4QhZZ5qi2WB+Ai7bpqQvyXa+kAXHIBvTHUQuM4DDeufA80COori8i8kA9k/
TxE8S6mhWR7v/pFq3PO5+SF5p6hLJufzCwqzDIZfOimrJOH+l5YS856YiQQz767Q
UrX+rgZMoPakgtF9MJ6W+V4Uy2D9zdDGWPAjcc/oBUDZbhXbIHepnzUDevUaygn7
1ftdLlu2ybGJ4j4kaK05JVGrLxsCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBTNIxIE
WSCCqnraP31emo7/7dqWxjAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MzkyMS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
pPcwDQYJKoZIhvcNAQELBQADggEBAA6ARzIYvbuPvcB43uu6AwbUSslnv7GlSwDg
FNT4mqhHoWetcuNVS3AmVgogfQp9Axcqtavz06bz6w29146nk9xDRETR7qp0hHNk
Oe0g6+qhqcPzcQ5M+zRgIHyif1Qc3/auYrp6sKqrU/UO5ZtYQdHUAvCaLluprDgw
KhXHDcZ4YUFURtxywROPyuIgfZdX8VjA90PKc82cgMMqhx4XpU0dX01L4P5bQC5G
fm49Qe0XIYuOPWHVQ79bCOMVVvYpTf5xsi1Atictd4YArsbS6PFx/jpMCwPxbqhP
DeTrxiuAEO9KPH0xnkuQwlpTfnfH22Qdg47rEMp1PQ/OAibEMUw=
-----END CERTIFICATE-----