Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS143998.roa
File:                     AS143998.roa (raw, json)
Hash identifier:          l48D8W0mCJJe7OBaNcHPIOQX2kzQxwGGWci5DqElCok=
Subject key identifier:   D9:F2:94:27:68:34:71:07:28:F1:55:AB:E8:9A:15:E2:F0:E9:F1:10
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       12A6BC79CC2E2FCD4CA5E20ABC65C4F31FF750BC
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS143998.roa
Signing time:             Wed 04 Mar 2026 06:13:44 +0000
ROA not before:           Wed 04 Mar 2026 06:08:44 +0000
ROA not after:            Wed 03 Mar 2027 06:13:44 +0000
asID:                     143998
IP address blocks:        240a:a544::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            12:a6:bc:79:cc:2e:2f:cd:4c:a5:e2:0a:bc:65:c4:f3:1f:f7:50:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:08:44 2026 GMT
            Not After : Mar  3 06:13:44 2027 GMT
        Subject: CN=D9F294276834710728F155ABE89A15E2F0E9F110
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:05:62:b2:61:98:ba:ed:c7:f3:05:a7:74:4b:
                    5e:8c:42:7f:89:a1:cd:78:c0:df:6c:75:18:35:3e:
                    3e:6e:1e:ba:d2:eb:e8:a4:00:13:78:36:fd:fc:26:
                    73:a8:dc:84:b7:03:1f:52:e5:f5:2e:d7:06:d1:84:
                    9c:39:68:85:2c:27:c3:1f:aa:2a:40:05:56:95:37:
                    68:f9:61:f9:f2:ad:af:3c:4c:d5:3f:6f:cf:f4:28:
                    6c:24:0a:12:e7:b9:02:77:9e:15:56:16:e2:b6:92:
                    66:fc:df:67:75:98:f4:c7:95:bc:71:86:0e:f5:96:
                    a0:f8:b2:36:21:73:dd:34:a5:88:f2:da:51:e6:19:
                    a8:aa:2e:e2:98:5e:76:47:af:5c:1f:e9:26:0b:5d:
                    38:d2:93:96:49:07:bd:78:e3:1a:da:de:e2:57:74:
                    28:0d:9c:42:af:2a:33:ba:d8:09:c1:a3:70:58:0a:
                    bc:90:ee:29:0c:cf:a1:51:f5:99:a7:18:95:d0:2f:
                    92:f1:65:51:2d:7d:7c:88:82:9e:be:60:44:eb:fe:
                    ae:72:8a:4d:3b:46:34:66:3c:fb:aa:ce:0f:96:1c:
                    e2:cf:e1:ae:fe:9b:3e:06:6d:0e:c7:bb:bc:fe:76:
                    1d:9e:cc:2e:ac:21:64:f6:a4:2d:d8:5e:3e:b0:ea:
                    ba:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:F2:94:27:68:34:71:07:28:F1:55:AB:E8:9A:15:E2:F0:E9:F1:10
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS143998.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a544::/32

    Signature Algorithm: sha256WithRSAEncryption
         22:f9:6a:9c:8f:a6:7f:e0:8c:7d:26:b5:48:60:da:30:99:54:
         f9:fe:24:1d:4b:6d:6e:0d:d0:64:8d:10:4d:28:60:33:11:ad:
         2e:d8:94:16:3a:81:90:c3:dd:9a:ae:bc:05:ea:19:72:9f:3e:
         8f:94:d9:98:16:7d:b3:77:e0:93:f8:b6:bc:ca:16:20:7c:a6:
         2b:f9:17:55:0e:6c:73:53:08:eb:c6:ae:2b:e3:bc:54:37:1f:
         57:ec:28:eb:23:da:2e:bd:6e:98:cd:fc:4b:60:4a:02:56:70:
         d6:f1:d4:64:b4:c8:c2:3a:df:5e:d9:cd:3f:e2:29:f5:6a:ac:
         c8:dc:67:80:24:e4:3d:49:35:1a:a1:f3:19:db:62:07:0c:3a:
         52:a4:ae:72:bb:e9:af:ef:a7:bc:f2:be:a9:9f:b0:b8:38:80:
         95:f1:f2:da:30:17:97:32:27:c7:34:d0:73:69:e7:57:66:31:
         5d:65:d5:c8:c1:92:25:fa:b6:c6:d4:ce:36:1d:b5:83:5d:fd:
         e3:69:ce:e5:0a:e4:19:77:34:1b:7f:99:7a:f0:ef:86:d2:d5:
         24:d8:65:f2:d1:7f:d7:5a:c9:25:97:42:dd:93:7c:eb:b3:ac:
         b4:cb:06:67:1b:4d:12:67:47:1e:3e:84:7b:eb:51:67:fb:3a:
         a6:00:a7:78
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUEqa8ecwuL81MpeIKvGXE8x/3ULwwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDg0NFoX
DTI3MDMwMzA2MTM0NFowMzExMC8GA1UEAxMoRDlGMjk0Mjc2ODM0NzEwNzI4RjE1
NUFCRTg5QTE1RTJGMEU5RjExMDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKkFYrJhmLrtx/MFp3RLXoxCf4mhzXjA32x1GDU+Pm4eutLr6KQAE3g2/fwm
c6jchLcDH1Ll9S7XBtGEnDlohSwnwx+qKkAFVpU3aPlh+fKtrzxM1T9vz/QobCQK
Eue5AneeFVYW4raSZvzfZ3WY9MeVvHGGDvWWoPiyNiFz3TSliPLaUeYZqKou4phe
dkevXB/pJgtdONKTlkkHvXjjGtre4ld0KA2cQq8qM7rYCcGjcFgKvJDuKQzPoVH1
macYldAvkvFlUS19fIiCnr5gROv+rnKKTTtGNGY8+6rOD5Yc4s/hrv6bPgZtDse7
vP52HZ7MLqwhZPakLdhePrDqugkCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBTZ8pQn
aDRxByjxVavomhXi8OnxEDAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0Mzk5OC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
pUQwDQYJKoZIhvcNAQELBQADggEBACL5apyPpn/gjH0mtUhg2jCZVPn+JB1LbW4N
0GSNEE0oYDMRrS7YlBY6gZDD3ZquvAXqGXKfPo+U2ZgWfbN34JP4trzKFiB8piv5
F1UObHNTCOvGrivjvFQ3H1fsKOsj2i69bpjN/EtgSgJWcNbx1GS0yMI6317ZzT/i
KfVqrMjcZ4Ak5D1JNRqh8xnbYgcMOlKkrnK76a/vp7zyvqmfsLg4gJXx8towF5cy
J8c00HNp51dmMV1l1cjBkiX6tsbUzjYdtYNd/eNpzuUK5Bl3NBt/mXrw74bS1STY
ZfLRf9daySWXQt2TfOuzrLTLBmcbTRJnRx4+hHvrUWf7OqYAp3g=
-----END CERTIFICATE-----