Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143951.roa
File:                     AS143951.roa (raw, json)
Hash identifier:          vgZ+NK+v4ztWx8jMa1UU7aVXS3tlcqjoXFResynKWoA=
Subject key identifier:   D5:5B:3E:7C:69:4C:AD:D6:39:90:ED:1E:2C:7A:8D:75:66:A7:0F:57
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       161A6BFAEB0C02DCB1544E299D7B1B7808AC1638
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143951.roa
Signing time:             Wed 04 Mar 2026 06:14:47 +0000
ROA not before:           Wed 04 Mar 2026 06:09:47 +0000
ROA not after:            Wed 03 Mar 2027 06:14:47 +0000
asID:                     143951
IP address blocks:        240a:a515::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            16:1a:6b:fa:eb:0c:02:dc:b1:54:4e:29:9d:7b:1b:78:08:ac:16:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:09:47 2026 GMT
            Not After : Mar  3 06:14:47 2027 GMT
        Subject: CN=D55B3E7C694CADD63990ED1E2C7A8D7566A70F57
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:a9:28:ad:a6:86:df:71:97:7e:8d:79:fc:84:
                    1d:91:06:1b:d9:3c:8e:b1:5c:43:bc:de:c5:6c:18:
                    35:b0:02:92:c5:8a:9c:29:9c:f4:84:12:af:b4:cb:
                    59:4e:40:a0:f6:e3:47:8e:35:b5:86:07:04:f7:03:
                    e5:13:3e:35:b8:7d:ea:8e:0a:34:bf:63:b0:7f:26:
                    bd:31:e1:ac:f9:d2:22:7c:46:d7:62:9e:75:88:c8:
                    8d:e5:ba:84:b1:3c:5e:87:62:58:20:14:a4:88:3f:
                    3b:ee:04:5b:35:81:71:25:06:e3:a4:58:d4:88:53:
                    34:fb:c9:a9:f9:01:ab:8b:90:2a:0f:bc:22:01:aa:
                    b1:c0:17:9e:fc:d2:d1:0a:56:2e:32:b3:ec:35:76:
                    bc:60:6d:eb:61:33:ae:04:c4:d5:e9:41:3c:bc:44:
                    3b:06:81:6c:7a:31:f8:26:da:2c:71:bc:88:e4:6a:
                    d3:25:47:b4:74:ac:a0:20:e7:8e:9d:a3:84:46:d3:
                    2d:8e:0e:ea:11:f5:7b:eb:0a:78:28:7f:8e:83:98:
                    ba:4c:e8:8a:64:11:a3:5e:55:83:b4:fb:26:03:45:
                    f6:6b:f1:fd:c8:d3:15:20:19:b5:b9:c4:a6:5a:e5:
                    b6:0b:cb:69:4f:92:b0:f1:40:55:43:2b:1a:ea:00:
                    0e:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:5B:3E:7C:69:4C:AD:D6:39:90:ED:1E:2C:7A:8D:75:66:A7:0F:57
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143951.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a515::/32

    Signature Algorithm: sha256WithRSAEncryption
         a7:34:12:52:b1:0a:af:7e:fe:86:96:c3:cf:a2:1d:3a:1b:f3:
         d6:9f:dc:2f:08:79:b8:a7:16:a2:2f:7b:d7:97:9d:ee:d1:42:
         60:67:67:78:f2:17:40:ae:57:54:91:67:fd:0d:fa:ba:84:81:
         78:0d:54:91:47:3b:51:a3:60:59:2b:03:68:56:3d:08:17:09:
         51:4f:fd:d1:fe:29:3e:f6:cf:66:40:ca:2f:f8:58:d8:92:77:
         c4:c1:f2:0d:23:94:3f:c0:0c:f8:f0:91:45:09:d7:09:ae:59:
         a1:0e:99:db:28:b0:8e:36:bc:20:44:23:97:fa:31:25:25:a8:
         73:08:02:b9:9c:f0:cb:51:27:98:89:08:c6:a3:98:f0:95:58:
         5e:0b:3b:fd:96:ab:99:3b:da:26:72:fb:fd:1b:ae:c2:7f:00:
         74:b3:18:1f:f8:d0:2a:12:a9:25:22:ba:04:8a:4c:95:40:ba:
         61:45:11:38:51:38:45:c9:62:20:39:5a:d1:73:1c:2d:ad:9d:
         d6:97:f8:05:93:d9:22:c1:f0:49:a4:e6:e2:dd:4c:f0:23:69:
         99:c6:bb:c1:27:1c:2e:20:37:8c:9b:46:56:39:92:0a:8f:52:
         68:54:74:da:78:d2:ee:fa:66:de:ac:64:80:24:94:b7:04:ec:
         33:59:23:1d
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUFhpr+usMAtyxVE4pnXsbeAisFjgwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDk0N1oX
DTI3MDMwMzA2MTQ0N1owMzExMC8GA1UEAxMoRDU1QjNFN0M2OTRDQURENjM5OTBF
RDFFMkM3QThENzU2NkE3MEY1NzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALCpKK2mht9xl36NefyEHZEGG9k8jrFcQ7zexWwYNbACksWKnCmc9IQSr7TL
WU5AoPbjR441tYYHBPcD5RM+Nbh96o4KNL9jsH8mvTHhrPnSInxG12KedYjIjeW6
hLE8XodiWCAUpIg/O+4EWzWBcSUG46RY1IhTNPvJqfkBq4uQKg+8IgGqscAXnvzS
0QpWLjKz7DV2vGBt62EzrgTE1elBPLxEOwaBbHox+CbaLHG8iORq0yVHtHSsoCDn
jp2jhEbTLY4O6hH1e+sKeCh/joOYukzoimQRo15Vg7T7JgNF9mvx/cjTFSAZtbnE
plrltgvLaU+SsPFAVUMrGuoADikCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBTVWz58
aUyt1jmQ7R4seo11ZqcPVzAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0Mzk1MS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
pRUwDQYJKoZIhvcNAQELBQADggEBAKc0ElKxCq9+/oaWw8+iHTob89af3C8Iebin
FqIve9eXne7RQmBnZ3jyF0CuV1SRZ/0N+rqEgXgNVJFHO1GjYFkrA2hWPQgXCVFP
/dH+KT72z2ZAyi/4WNiSd8TB8g0jlD/ADPjwkUUJ1wmuWaEOmdsosI42vCBEI5f6
MSUlqHMIArmc8MtRJ5iJCMajmPCVWF4LO/2Wq5k72iZy+/0brsJ/AHSzGB/40CoS
qSUiugSKTJVAumFFEThROEXJYiA5WtFzHC2tndaX+AWT2SLB8Emk5uLdTPAjaZnG
u8EnHC4gN4ybRlY5kgqPUmhUdNp40u76Zt6sZIAklLcE7DNZIx0=
-----END CERTIFICATE-----