Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143964.roa
File:                     AS143964.roa (raw, json)
Hash identifier:          5xSavp3EU1aDYCROhEOa3lzcWY9uAecJPqbUawF207g=
Subject key identifier:   E4:95:4D:4E:7C:E4:7E:45:C6:DA:51:CB:E2:05:66:7E:63:9A:3F:3C
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       3C5612A5D4326755F0F61C5CCD275615DFACDD50
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143964.roa
Signing time:             Wed 04 Mar 2026 06:15:19 +0000
ROA not before:           Wed 04 Mar 2026 06:10:19 +0000
ROA not after:            Wed 03 Mar 2027 06:15:19 +0000
asID:                     143964
IP address blocks:        240a:a522::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:56:12:a5:d4:32:67:55:f0:f6:1c:5c:cd:27:56:15:df:ac:dd:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:10:19 2026 GMT
            Not After : Mar  3 06:15:19 2027 GMT
        Subject: CN=E4954D4E7CE47E45C6DA51CBE205667E639A3F3C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:4d:f0:a3:18:a1:40:de:91:a9:60:35:8d:bd:
                    7b:77:b0:16:32:4e:f0:c1:c0:c6:49:d7:14:b6:c2:
                    d9:0c:af:06:5f:6a:cf:b0:58:86:73:75:b6:22:99:
                    2c:39:b0:f9:96:51:ee:64:3d:56:29:cc:bc:ba:9a:
                    c5:0b:ea:28:87:6f:25:7f:17:93:be:ac:8c:86:7b:
                    7d:76:18:70:e0:af:bf:72:0e:37:78:87:51:ea:83:
                    67:92:c4:bb:5d:eb:d6:46:f8:a5:9a:72:57:50:df:
                    90:96:1d:a7:31:fc:fa:5d:1f:2d:25:12:99:17:b6:
                    e8:c5:6e:6c:a2:e7:dd:2a:23:64:75:c0:ed:61:b6:
                    45:ce:84:02:1f:7b:02:d7:81:86:bc:b1:39:7f:76:
                    ce:81:8a:b5:b5:f5:6e:f9:5a:fe:6f:7b:47:15:d2:
                    76:f8:71:f1:ef:f6:3e:9f:1d:45:ca:9b:81:7a:13:
                    e8:86:fe:6e:96:a5:5b:2d:64:09:9b:6a:b7:45:8d:
                    75:a8:f7:a0:f3:01:ee:80:24:77:81:b9:7f:8e:3b:
                    d1:d1:e2:2d:32:ea:c8:f9:d1:88:08:91:0b:1f:1a:
                    b5:76:23:a7:e2:0b:2b:f5:bd:71:c1:66:e0:88:12:
                    72:c4:25:c8:96:0c:7f:ab:c4:dd:d0:71:ef:45:02:
                    48:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:95:4D:4E:7C:E4:7E:45:C6:DA:51:CB:E2:05:66:7E:63:9A:3F:3C
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143964.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a522::/32

    Signature Algorithm: sha256WithRSAEncryption
         17:fa:f9:f4:ea:97:86:bd:1b:87:9b:1f:09:10:c7:6c:51:43:
         50:d0:13:0e:20:09:a2:ca:ec:51:71:d0:99:53:1c:02:0a:8d:
         d5:9e:3d:5b:6b:10:b7:37:56:0a:7a:4c:22:16:88:b6:d8:4d:
         08:4a:ad:c5:4f:17:1c:07:45:56:76:58:d2:b3:7d:0d:1c:8f:
         35:1c:d7:a7:c1:27:a2:47:89:10:36:9d:61:c0:f2:6c:d9:25:
         51:fa:24:c3:4b:8a:52:3a:2e:3b:3b:44:58:78:76:fa:2b:9c:
         fe:67:fd:9c:d2:af:2d:41:ef:fb:a8:5e:0d:54:6c:df:e9:dd:
         06:ab:d6:a5:88:d1:d5:19:9c:3e:a6:51:eb:44:18:63:86:9b:
         59:6f:c5:50:3c:32:b3:0e:dd:64:a5:60:50:ec:3d:09:d1:b4:
         d1:a0:18:5a:1f:c4:c5:ab:9b:07:39:5e:f2:ab:20:03:b2:1f:
         a9:77:70:9f:9f:d7:fa:0f:26:9a:aa:4c:fc:5a:1b:96:43:63:
         71:e6:2d:87:b5:ec:80:e9:8e:e1:3d:e2:3d:ec:82:d0:63:3b:
         75:e1:c5:10:7f:75:48:b4:51:e9:0b:47:94:ce:42:82:83:7e:
         58:bb:91:5c:63:0b:2d:a1:d2:44:00:b3:8e:09:70:b5:d3:90:
         f7:4d:07:a9
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUPFYSpdQyZ1Xw9hxczSdWFd+s3VAwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTAxOVoX
DTI3MDMwMzA2MTUxOVowMzExMC8GA1UEAxMoRTQ5NTRENEU3Q0U0N0U0NUM2REE1
MUNCRTIwNTY2N0U2MzlBM0YzQzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJ5N8KMYoUDekalgNY29e3ewFjJO8MHAxknXFLbC2QyvBl9qz7BYhnN1tiKZ
LDmw+ZZR7mQ9VinMvLqaxQvqKIdvJX8Xk76sjIZ7fXYYcOCvv3ION3iHUeqDZ5LE
u13r1kb4pZpyV1DfkJYdpzH8+l0fLSUSmRe26MVubKLn3SojZHXA7WG2Rc6EAh97
AteBhryxOX92zoGKtbX1bvla/m97RxXSdvhx8e/2Pp8dRcqbgXoT6Ib+bpalWy1k
CZtqt0WNdaj3oPMB7oAkd4G5f4470dHiLTLqyPnRiAiRCx8atXYjp+ILK/W9ccFm
4IgScsQlyJYMf6vE3dBx70UCSF8CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBTklU1O
fOR+RcbaUcviBWZ+Y5o/PDAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0Mzk2NC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
pSIwDQYJKoZIhvcNAQELBQADggEBABf6+fTql4a9G4ebHwkQx2xRQ1DQEw4gCaLK
7FFx0JlTHAIKjdWePVtrELc3Vgp6TCIWiLbYTQhKrcVPFxwHRVZ2WNKzfQ0cjzUc
16fBJ6JHiRA2nWHA8mzZJVH6JMNLilI6Ljs7RFh4dvornP5n/ZzSry1B7/uoXg1U
bN/p3Qar1qWI0dUZnD6mUetEGGOGm1lvxVA8MrMO3WSlYFDsPQnRtNGgGFofxMWr
mwc5XvKrIAOyH6l3cJ+f1/oPJpqqTPxaG5ZDY3HmLYe17IDpjuE94j3sgtBjO3Xh
xRB/dUi0UekLR5TOQoKDfli7kVxjCy2h0kQAs44JcLXTkPdNB6k=
-----END CERTIFICATE-----