Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143947.roa
File:                     AS143947.roa (raw, json)
Hash identifier:          YH29Y+go0yVUuVKwMoGBfwcYZmiFBN1z49G0Ak7APng=
Subject key identifier:   2F:C4:44:B5:41:FE:CE:F6:8B:BC:4E:BB:A9:79:A5:01:1C:3A:08:86
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       412ED3B8A468278A4171DAC9EE75CD0455EB715B
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143947.roa
Signing time:             Wed 04 Mar 2026 06:14:17 +0000
ROA not before:           Wed 04 Mar 2026 06:09:17 +0000
ROA not after:            Wed 03 Mar 2027 06:14:17 +0000
asID:                     143947
IP address blocks:        240a:a511::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:2e:d3:b8:a4:68:27:8a:41:71:da:c9:ee:75:cd:04:55:eb:71:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:09:17 2026 GMT
            Not After : Mar  3 06:14:17 2027 GMT
        Subject: CN=2FC444B541FECEF68BBC4EBBA979A5011C3A0886
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:3f:a8:5b:5f:74:80:87:fc:1d:22:5c:19:81:
                    13:37:5f:36:5a:9b:c2:ec:79:77:ab:e1:22:3a:97:
                    69:3d:f9:af:c7:b1:96:d2:dd:f1:82:1d:fc:6d:a2:
                    cc:5a:6c:b9:98:2b:ee:fe:c0:20:83:9c:9a:75:43:
                    26:ad:de:e4:e5:4d:d7:d4:e7:82:39:14:5e:b7:d7:
                    86:ec:73:bd:8c:c8:11:57:65:a6:02:e6:0c:33:2c:
                    ec:7c:6d:b4:e0:54:87:a2:fa:c8:42:31:89:f0:95:
                    a8:49:5d:30:94:34:9a:8d:da:e9:3e:59:6a:76:a6:
                    eb:72:c1:f5:ee:dd:bf:b7:b5:39:25:6a:c0:dd:1c:
                    d4:b2:4e:6a:37:f9:1b:0d:12:e0:b6:83:a5:9f:87:
                    30:78:c1:f1:4b:ea:07:14:c3:e5:64:6c:4c:1f:73:
                    e0:0b:1e:1a:b1:f9:43:0c:e3:9c:dd:4b:9f:50:d1:
                    bf:b5:4a:80:5c:59:78:fa:8b:2c:4f:59:42:ce:b3:
                    f1:bd:58:7c:12:0a:33:3d:e7:dc:2e:54:9e:83:e0:
                    fc:6e:e0:f5:7d:3b:13:3b:83:34:93:98:4c:38:12:
                    cb:7c:7d:f0:e0:8f:e9:92:87:6f:99:39:3d:29:0d:
                    20:89:c6:51:95:d1:b1:d9:47:a0:fb:dd:3b:07:cf:
                    33:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:C4:44:B5:41:FE:CE:F6:8B:BC:4E:BB:A9:79:A5:01:1C:3A:08:86
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143947.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a511::/32

    Signature Algorithm: sha256WithRSAEncryption
         25:f2:ab:9a:56:30:f4:ba:c6:c7:a3:83:8e:60:e8:de:7f:af:
         6e:61:50:2e:9a:4f:1c:15:93:6c:9c:98:90:4c:1f:87:12:ad:
         1e:01:4a:94:a1:7f:73:7b:e9:73:d3:92:65:98:72:0b:c4:c4:
         17:e1:25:72:71:6f:4f:f1:3d:25:dd:5a:be:a3:ed:e3:0f:06:
         13:a9:01:b8:f7:97:e2:b5:15:77:41:56:99:f0:70:6b:95:c5:
         e7:da:0e:00:ec:43:88:e4:27:a2:56:bd:53:bd:c6:e8:72:85:
         ec:e9:a1:b2:9b:f2:b7:54:4c:d1:5a:16:eb:98:da:01:1f:dd:
         f3:4e:f2:84:3a:53:f7:d9:6f:6d:15:ed:df:a3:18:57:7d:94:
         d8:fb:04:5d:d7:dd:af:05:30:dd:8f:4f:de:31:85:41:e4:89:
         4c:17:26:de:ea:14:5f:ed:97:9e:33:65:76:ed:17:29:38:a9:
         7f:3e:62:86:9c:65:21:b9:3e:f4:4b:0f:45:95:de:8b:eb:4e:
         2f:19:33:78:c2:98:91:03:bd:3d:63:cd:01:47:bf:64:0c:ec:
         c8:a6:3f:3a:37:c1:33:eb:df:c0:cd:7a:cb:45:fc:d1:3d:51:
         83:eb:3b:b9:87:f0:2d:02:9c:11:9e:57:96:a7:e1:d6:66:54:
         e1:9c:4a:55
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUQS7TuKRoJ4pBcdrJ7nXNBFXrcVswDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDkxN1oX
DTI3MDMwMzA2MTQxN1owMzExMC8GA1UEAxMoMkZDNDQ0QjU0MUZFQ0VGNjhCQkM0
RUJCQTk3OUE1MDExQzNBMDg4NjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAM0/qFtfdICH/B0iXBmBEzdfNlqbwux5d6vhIjqXaT35r8exltLd8YId/G2i
zFpsuZgr7v7AIIOcmnVDJq3e5OVN19TngjkUXrfXhuxzvYzIEVdlpgLmDDMs7Hxt
tOBUh6L6yEIxifCVqEldMJQ0mo3a6T5Zanam63LB9e7dv7e1OSVqwN0c1LJOajf5
Gw0S4LaDpZ+HMHjB8UvqBxTD5WRsTB9z4AseGrH5QwzjnN1Ln1DRv7VKgFxZePqL
LE9ZQs6z8b1YfBIKMz3n3C5UnoPg/G7g9X07EzuDNJOYTDgSy3x98OCP6ZKHb5k5
PSkNIInGUZXRsdlHoPvdOwfPM1sCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQvxES1
Qf7O9ou8TrupeaUBHDoIhjAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0Mzk0Ny5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
pREwDQYJKoZIhvcNAQELBQADggEBACXyq5pWMPS6xsejg45g6N5/r25hUC6aTxwV
k2ycmJBMH4cSrR4BSpShf3N76XPTkmWYcgvExBfhJXJxb0/xPSXdWr6j7eMPBhOp
Abj3l+K1FXdBVpnwcGuVxefaDgDsQ4jkJ6JWvVO9xuhyhezpobKb8rdUTNFaFuuY
2gEf3fNO8oQ6U/fZb20V7d+jGFd9lNj7BF3X3a8FMN2PT94xhUHkiUwXJt7qFF/t
l54zZXbtFyk4qX8+YoacZSG5PvRLD0WV3ovrTi8ZM3jCmJEDvT1jzQFHv2QM7Mim
Pzo3wTPr38DNestF/NE9UYPrO7mH8C0CnBGeV5an4dZmVOGcSlU=
-----END CERTIFICATE-----