Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143937.roa
File:                     AS143937.roa (raw, json)
Hash identifier:          9RFbkfgDh681O94YPNeKtnyuDVeAA4pQ6KMa5lWVgXM=
Subject key identifier:   C5:7B:9F:82:95:A3:FA:DA:1A:09:A2:77:61:6A:21:D2:D1:C3:2B:42
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       4E3C295C762BFA60391794E8BACA8C51DCAEA2B2
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143937.roa
Signing time:             Wed 04 Mar 2026 06:12:31 +0000
ROA not before:           Wed 04 Mar 2026 06:07:31 +0000
ROA not after:            Wed 03 Mar 2027 06:12:31 +0000
asID:                     143937
IP address blocks:        240a:a507::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4e:3c:29:5c:76:2b:fa:60:39:17:94:e8:ba:ca:8c:51:dc:ae:a2:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:07:31 2026 GMT
            Not After : Mar  3 06:12:31 2027 GMT
        Subject: CN=C57B9F8295A3FADA1A09A277616A21D2D1C32B42
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:2d:56:05:70:de:d3:c5:33:c5:0f:85:f7:72:
                    a8:5c:3c:8d:31:08:c9:68:ca:69:9b:e2:5c:b7:45:
                    27:5a:16:da:01:0e:f3:89:9d:fb:90:61:9d:3d:a4:
                    ee:c2:3c:73:39:28:33:07:a6:24:8a:14:8a:60:0b:
                    c5:d9:ce:49:bb:0e:2b:51:53:26:e0:70:58:ab:d3:
                    de:23:2a:45:43:15:a2:a4:99:08:d1:27:11:5e:f8:
                    6a:d8:58:8b:4f:2b:f7:6b:05:d2:24:2e:bc:2e:24:
                    28:b4:2a:aa:af:6d:55:ef:7a:1c:32:a4:2d:05:12:
                    49:01:d1:ab:ba:6f:fc:33:bd:21:45:ac:5d:f8:d4:
                    83:c1:ce:23:2d:f5:8e:58:c3:23:f2:7e:a4:f5:c8:
                    92:b4:21:6f:83:50:ad:aa:da:34:1d:ac:d0:b9:d7:
                    fc:53:42:ef:c9:0a:92:fa:80:2b:5e:a4:80:48:bc:
                    54:99:38:8a:12:1a:54:6e:51:18:ef:f9:67:c7:d6:
                    25:7c:d5:c3:e9:4e:81:75:8c:90:d4:a3:d3:32:7e:
                    ee:14:5f:d9:14:f2:f8:d6:45:97:19:9f:e0:5f:8f:
                    3b:b9:22:79:45:44:d7:97:d4:29:88:22:8c:8f:5e:
                    32:68:f1:c3:11:83:50:45:48:76:48:6b:d3:9e:e1:
                    ab:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:7B:9F:82:95:A3:FA:DA:1A:09:A2:77:61:6A:21:D2:D1:C3:2B:42
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143937.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a507::/32

    Signature Algorithm: sha256WithRSAEncryption
         3f:06:d1:d2:b2:2c:d0:11:25:97:53:06:bd:19:33:cd:a0:4a:
         76:89:c6:f5:69:40:52:4a:43:4b:5d:c1:55:1c:5c:a5:19:08:
         ae:27:bf:4d:36:e2:7a:df:ec:93:7d:09:47:70:51:ca:af:83:
         72:0b:3d:de:33:37:93:81:a5:05:be:35:51:1e:3a:7f:7c:68:
         11:a1:0b:db:b7:fa:8f:8f:48:83:94:4c:ce:66:f4:39:08:63:
         54:39:34:10:bd:5c:36:e2:57:b2:6b:53:79:a4:b7:bf:af:c4:
         6b:ce:a2:c0:47:99:7e:d6:9e:43:19:51:1a:0a:f5:dc:62:ed:
         ae:93:20:11:1d:90:e2:38:32:c1:d4:d5:8a:ae:75:33:48:d5:
         9f:64:43:df:16:74:a9:33:5b:19:85:f0:76:3b:1a:96:ba:00:
         a0:62:7c:35:9a:f6:df:43:4e:ac:ae:81:fa:3a:f8:e0:e0:37:
         97:f6:93:66:1a:00:44:3e:c4:b4:43:b0:ae:a4:cf:6b:69:2a:
         23:16:7b:4e:0c:0f:c0:86:7e:ab:d8:97:90:3e:09:c3:33:0a:
         b6:6d:0e:a0:5a:0d:f9:d7:41:fc:79:e4:f0:35:c3:75:99:c9:
         91:57:73:a2:15:28:02:86:8c:fe:a3:87:57:7a:ec:72:39:76:
         e3:28:50:99
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUTjwpXHYr+mA5F5TousqMUdyuorIwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDczMVoX
DTI3MDMwMzA2MTIzMVowMzExMC8GA1UEAxMoQzU3QjlGODI5NUEzRkFEQTFBMDlB
Mjc3NjE2QTIxRDJEMUMzMkI0MjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALItVgVw3tPFM8UPhfdyqFw8jTEIyWjKaZviXLdFJ1oW2gEO84md+5BhnT2k
7sI8czkoMwemJIoUimALxdnOSbsOK1FTJuBwWKvT3iMqRUMVoqSZCNEnEV74athY
i08r92sF0iQuvC4kKLQqqq9tVe96HDKkLQUSSQHRq7pv/DO9IUWsXfjUg8HOIy31
jljDI/J+pPXIkrQhb4NQraraNB2s0LnX/FNC78kKkvqAK16kgEi8VJk4ihIaVG5R
GO/5Z8fWJXzVw+lOgXWMkNSj0zJ+7hRf2RTy+NZFlxmf4F+PO7kieUVE15fUKYgi
jI9eMmjxwxGDUEVIdkhr057hq1cCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBTFe5+C
laP62hoJondhaiHS0cMrQjAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MzkzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
pQcwDQYJKoZIhvcNAQELBQADggEBAD8G0dKyLNARJZdTBr0ZM82gSnaJxvVpQFJK
Q0tdwVUcXKUZCK4nv0024nrf7JN9CUdwUcqvg3ILPd4zN5OBpQW+NVEeOn98aBGh
C9u3+o+PSIOUTM5m9DkIY1Q5NBC9XDbiV7JrU3mkt7+vxGvOosBHmX7WnkMZURoK
9dxi7a6TIBEdkOI4MsHU1YqudTNI1Z9kQ98WdKkzWxmF8HY7Gpa6AKBifDWa9t9D
Tqyugfo6+ODgN5f2k2YaAEQ+xLRDsK6kz2tpKiMWe04MD8CGfqvYl5A+CcMzCrZt
DqBaDfnXQfx55PA1w3WZyZFXc6IVKAKGjP6jh1d67HI5duMoUJk=
-----END CERTIFICATE-----