Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143957.roa
File:                     AS143957.roa (raw, json)
Hash identifier:          frfOu8e5wpzIWFsCRg+9SsKeID1a1zl8ptEflQCSwbY=
Subject key identifier:   C1:7B:E1:12:D3:25:0A:9B:98:B0:83:AC:C9:EC:3E:57:EE:3F:31:00
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       7A042ED5FC433810A0A4C065EAE4C7E2C2648D5B
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143957.roa
Signing time:             Wed 04 Mar 2026 06:14:15 +0000
ROA not before:           Wed 04 Mar 2026 06:09:15 +0000
ROA not after:            Wed 03 Mar 2027 06:14:15 +0000
asID:                     143957
IP address blocks:        240a:a51b::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7a:04:2e:d5:fc:43:38:10:a0:a4:c0:65:ea:e4:c7:e2:c2:64:8d:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:09:15 2026 GMT
            Not After : Mar  3 06:14:15 2027 GMT
        Subject: CN=C17BE112D3250A9B98B083ACC9EC3E57EE3F3100
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:55:fb:c8:23:ea:35:4d:4a:64:87:0c:e3:a9:
                    c4:17:3b:55:72:a6:e3:51:3b:1f:d2:1a:31:9c:81:
                    b8:84:6f:de:92:3c:42:0d:08:2f:9d:01:3a:fe:3a:
                    28:c8:ad:0c:9b:a4:d8:68:be:7d:6b:4d:f4:60:40:
                    04:8b:8e:f9:d9:c8:91:a8:65:b9:2f:04:f1:22:31:
                    81:39:f2:74:73:36:18:cb:52:c8:bb:c1:95:71:ae:
                    62:6a:c9:0b:eb:4f:d7:38:50:07:57:7a:ce:c1:9e:
                    e9:21:58:f2:89:03:69:75:ff:6f:9b:f7:33:6e:68:
                    72:e8:5e:ae:c6:7d:1d:31:95:e0:e0:e8:8b:90:cd:
                    32:07:fe:e1:33:39:62:79:1a:97:5b:e1:f2:d3:cb:
                    30:80:e8:ac:25:0c:55:70:a9:34:fa:19:b2:da:1a:
                    f5:d4:e4:2b:f5:b4:87:f0:ad:c8:2c:9c:65:f5:40:
                    f3:e9:cb:36:1e:f9:35:49:9b:25:de:2e:ec:b1:8d:
                    72:46:80:e8:5d:76:e1:5f:d0:9b:7c:44:f2:ba:64:
                    df:7d:7f:dd:01:6b:01:b6:6d:95:9b:d4:a8:10:7b:
                    8e:5a:fc:22:26:40:8f:5e:18:e0:8f:28:0b:f2:9b:
                    7d:a2:23:2f:8d:c1:5b:4f:ed:bc:22:3f:99:50:f8:
                    21:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:7B:E1:12:D3:25:0A:9B:98:B0:83:AC:C9:EC:3E:57:EE:3F:31:00
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143957.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a51b::/32

    Signature Algorithm: sha256WithRSAEncryption
         3d:f4:be:b7:2f:2d:59:82:f5:c9:07:ee:78:a4:e2:8a:4e:72:
         20:a4:5f:7f:f5:56:88:e3:c0:d5:1c:fd:0e:77:2b:f4:07:19:
         77:09:20:23:00:c2:cc:c9:51:5b:15:6f:0d:84:d1:97:4a:c8:
         ea:d6:78:5e:0a:13:bc:ed:f7:7b:fb:8f:6c:92:52:e6:72:21:
         84:93:59:e7:2d:1b:22:14:17:26:83:27:16:12:95:04:e3:de:
         f8:75:3f:81:55:32:c9:e5:11:78:88:15:6d:50:46:69:2e:71:
         bc:64:76:59:13:76:8f:c8:b6:fb:71:b2:3d:9f:e3:8f:1e:f1:
         49:7e:57:05:38:1b:81:f2:cb:db:69:5d:74:01:7f:37:a4:df:
         95:6a:89:43:ce:3f:f8:7a:41:1c:60:91:f1:d1:96:62:1d:7d:
         e5:c2:3c:4f:0c:79:05:8d:7d:3e:10:42:7a:c0:0d:50:95:12:
         12:5e:3a:d2:b1:4e:db:51:cf:4d:e0:25:1b:03:0d:7b:f6:72:
         f1:3e:4d:87:54:fa:50:5e:81:7d:4a:c6:43:f3:06:5b:61:27:
         32:eb:e2:91:a6:cf:bf:2d:cc:dc:0c:46:03:3b:ee:fd:7f:2e:
         ab:8b:9b:2e:f3:e9:df:f0:fc:10:75:fa:0b:7f:bb:39:17:3c:
         e0:6a:9b:7d
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUegQu1fxDOBCgpMBl6uTH4sJkjVswDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDkxNVoX
DTI3MDMwMzA2MTQxNVowMzExMC8GA1UEAxMoQzE3QkUxMTJEMzI1MEE5Qjk4QjA4
M0FDQzlFQzNFNTdFRTNGMzEwMDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL5V+8gj6jVNSmSHDOOpxBc7VXKm41E7H9IaMZyBuIRv3pI8Qg0IL50BOv46
KMitDJuk2Gi+fWtN9GBABIuO+dnIkahluS8E8SIxgTnydHM2GMtSyLvBlXGuYmrJ
C+tP1zhQB1d6zsGe6SFY8okDaXX/b5v3M25ocuhersZ9HTGV4ODoi5DNMgf+4TM5
Ynkal1vh8tPLMIDorCUMVXCpNPoZstoa9dTkK/W0h/CtyCycZfVA8+nLNh75NUmb
Jd4u7LGNckaA6F124V/Qm3xE8rpk331/3QFrAbZtlZvUqBB7jlr8IiZAj14Y4I8o
C/KbfaIjL43BW0/tvCI/mVD4IYsCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBTBe+ES
0yUKm5iwg6zJ7D5X7j8xADAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0Mzk1Ny5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
pRswDQYJKoZIhvcNAQELBQADggEBAD30vrcvLVmC9ckH7nik4opOciCkX3/1Vojj
wNUc/Q53K/QHGXcJICMAwszJUVsVbw2E0ZdKyOrWeF4KE7zt93v7j2ySUuZyIYST
WectGyIUFyaDJxYSlQTj3vh1P4FVMsnlEXiIFW1QRmkucbxkdlkTdo/Itvtxsj2f
448e8Ul+VwU4G4Hyy9tpXXQBfzek35VqiUPOP/h6QRxgkfHRlmIdfeXCPE8MeQWN
fT4QQnrADVCVEhJeOtKxTttRz03gJRsDDXv2cvE+TYdU+lBegX1KxkPzBlthJzLr
4pGmz78tzNwMRgM77v1/LquLmy7z6d/w/BB1+gt/uzkXPOBqm30=
-----END CERTIFICATE-----