Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143933.roa
File:                     AS143933.roa (raw, json)
Hash identifier:          YXsFt1Pv6Q1VXXLWhL2LMLO/bhttXCAXt1i7xosBoDk=
Subject key identifier:   DE:3C:02:49:49:4F:3F:A3:D0:F4:A2:8C:93:D8:43:6E:1E:A5:CD:6A
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       6B96EE1DD01C62EB8EEBC2EC93BE381758102524
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143933.roa
Signing time:             Wed 04 Mar 2026 06:15:27 +0000
ROA not before:           Wed 04 Mar 2026 06:10:27 +0000
ROA not after:            Wed 03 Mar 2027 06:15:27 +0000
asID:                     143933
IP address blocks:        240a:a503::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6b:96:ee:1d:d0:1c:62:eb:8e:eb:c2:ec:93:be:38:17:58:10:25:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:10:27 2026 GMT
            Not After : Mar  3 06:15:27 2027 GMT
        Subject: CN=DE3C0249494F3FA3D0F4A28C93D8436E1EA5CD6A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:7a:4b:a1:60:a6:1e:ab:80:e6:52:32:a5:e1:
                    7f:cf:1a:58:27:64:e0:a7:0a:01:ba:0e:54:bc:76:
                    95:59:26:39:1d:bc:79:c5:9e:3a:70:70:9f:7c:99:
                    59:f8:a8:d6:0c:ae:49:7a:6e:fc:ab:cf:05:9b:d3:
                    36:37:8d:96:43:dc:67:a9:db:ad:da:01:c8:e9:36:
                    73:9a:4f:58:34:6c:0e:a9:f8:0c:97:7a:a1:48:98:
                    79:ec:72:17:8c:cf:f0:13:e1:32:f5:dd:b5:eb:7e:
                    26:9a:d3:5d:cc:2b:e7:61:48:f5:70:1a:bd:74:15:
                    49:6a:64:8a:0b:b2:29:05:54:e7:98:49:da:65:e5:
                    cd:48:c7:9d:7e:82:54:d8:59:c8:02:2c:d6:07:24:
                    fc:fc:c8:14:9f:6e:8c:25:b1:b3:90:3a:74:25:ba:
                    7f:6b:7d:2b:65:7c:77:26:d5:d5:38:4e:6a:3f:99:
                    b0:a8:10:d8:c9:87:88:40:34:81:91:b6:86:8e:d1:
                    45:a7:81:3c:9d:c2:da:ae:2e:b4:3a:01:73:25:dc:
                    9f:54:74:ce:31:f9:a2:86:47:f8:96:e4:51:b9:2e:
                    d5:1f:60:56:4d:44:35:40:90:a7:fe:8b:6e:72:a6:
                    e3:97:d8:d3:21:06:d4:38:98:cd:79:de:68:00:90:
                    37:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:3C:02:49:49:4F:3F:A3:D0:F4:A2:8C:93:D8:43:6E:1E:A5:CD:6A
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143933.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a503::/32

    Signature Algorithm: sha256WithRSAEncryption
         89:b5:b5:93:eb:ca:6b:98:ef:28:80:5e:04:7b:56:08:fa:79:
         80:55:c9:1b:fc:56:e5:a7:7d:08:c7:51:bc:eb:bc:08:f1:57:
         e0:9c:44:ea:f6:c3:84:cd:b6:18:91:ff:5e:83:bf:04:8a:43:
         41:3a:22:51:b5:05:e8:43:75:67:39:49:f5:60:f7:3c:94:fd:
         de:71:18:b8:10:82:70:f0:ea:b1:08:de:f7:f9:73:22:79:7a:
         d2:dc:da:82:b4:e1:cd:06:9b:49:0e:ba:f3:69:47:bd:0a:09:
         f2:ba:af:61:8c:da:10:00:36:59:4b:7b:3d:14:27:27:58:8d:
         d7:fa:f8:a1:b8:40:f4:ff:b3:2f:61:6c:77:b1:76:32:c4:69:
         c0:a7:b3:34:93:e9:5a:25:07:4a:cd:3d:fa:e1:21:3f:0a:6d:
         1f:09:22:a9:1f:7a:d2:52:14:b3:05:9e:23:a0:4e:f1:15:c3:
         50:dc:2b:d5:be:b2:4d:38:54:f8:a3:b5:52:5f:d1:1b:43:4c:
         98:16:2c:34:bd:c7:e6:a2:5e:17:18:9a:b4:0a:6f:e3:91:95:
         a9:6b:09:ef:49:6d:83:f9:28:c2:e6:59:c5:89:77:a3:75:85:
         35:1e:f7:87:35:9f:d4:62:80:1a:40:32:c9:78:59:40:3c:b7:
         9a:96:b7:89
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUa5buHdAcYuuO68Lsk744F1gQJSQwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTAyN1oX
DTI3MDMwMzA2MTUyN1owMzExMC8GA1UEAxMoREUzQzAyNDk0OTRGM0ZBM0QwRjRB
MjhDOTNEODQzNkUxRUE1Q0Q2QTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKZ6S6Fgph6rgOZSMqXhf88aWCdk4KcKAboOVLx2lVkmOR28ecWeOnBwn3yZ
Wfio1gyuSXpu/KvPBZvTNjeNlkPcZ6nbrdoByOk2c5pPWDRsDqn4DJd6oUiYeexy
F4zP8BPhMvXdtet+JprTXcwr52FI9XAavXQVSWpkiguyKQVU55hJ2mXlzUjHnX6C
VNhZyAIs1gck/PzIFJ9ujCWxs5A6dCW6f2t9K2V8dybV1ThOaj+ZsKgQ2MmHiEA0
gZG2ho7RRaeBPJ3C2q4utDoBcyXcn1R0zjH5ooZH+JbkUbku1R9gVk1ENUCQp/6L
bnKm45fY0yEG1DiYzXneaACQN2kCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBTePAJJ
SU8/o9D0ooyT2ENuHqXNajAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MzkzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
pQMwDQYJKoZIhvcNAQELBQADggEBAIm1tZPrymuY7yiAXgR7Vgj6eYBVyRv8VuWn
fQjHUbzrvAjxV+CcROr2w4TNthiR/16DvwSKQ0E6IlG1BehDdWc5SfVg9zyU/d5x
GLgQgnDw6rEI3vf5cyJ5etLc2oK04c0Gm0kOuvNpR70KCfK6r2GM2hAANllLez0U
JydYjdf6+KG4QPT/sy9hbHexdjLEacCnszST6VolB0rNPfrhIT8KbR8JIqkfetJS
FLMFniOgTvEVw1DcK9W+sk04VPijtVJf0RtDTJgWLDS9x+aiXhcYmrQKb+ORlalr
Ce9JbYP5KMLmWcWJd6N1hTUe94c1n9RigBpAMsl4WUA8t5qWt4k=
-----END CERTIFICATE-----