Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS142664.roa
File:                     AS142664.roa (raw, json)
Hash identifier:          aTj0b8IDa4gb9kbjSBbbihNkazKP7YtilanNddQl3rE=
Subject key identifier:   70:64:F0:F4:4C:20:6B:03:4C:8C:C6:23:E0:33:D6:5D:94:73:80:BC
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       1A7D7F22008B91C7DC2830EC8B33DC7A8A778803
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS142664.roa
Signing time:             Wed 04 Mar 2026 06:06:58 +0000
ROA not before:           Wed 04 Mar 2026 06:01:58 +0000
ROA not after:            Wed 03 Mar 2027 06:06:58 +0000
asID:                     142664
IP address blocks:        240a:a00e::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:7d:7f:22:00:8b:91:c7:dc:28:30:ec:8b:33:dc:7a:8a:77:88:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:01:58 2026 GMT
            Not After : Mar  3 06:06:58 2027 GMT
        Subject: CN=7064F0F44C206B034C8CC623E033D65D947380BC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:78:e2:54:9a:b1:08:5a:e5:61:0e:ef:79:c8:
                    2a:4e:cd:f2:9e:1d:de:31:96:c0:85:bd:c9:fc:0e:
                    db:7f:ac:69:c1:b6:e2:48:d7:a3:5f:dd:e1:bb:be:
                    65:40:50:a4:37:a2:93:9b:dd:00:74:21:68:c4:8c:
                    73:7e:e7:48:3f:3a:f1:c6:ea:0c:86:68:90:1e:49:
                    00:e7:b3:58:91:dc:bc:f4:42:64:a8:41:72:c4:37:
                    ea:34:2f:15:3f:0e:a4:fd:2b:12:7f:7f:5a:56:1b:
                    86:20:49:40:0f:6d:0b:1a:11:01:42:8d:f0:f3:a9:
                    c5:58:01:d5:18:76:a3:11:b4:4a:1b:bb:f2:ae:19:
                    16:51:d7:ab:f5:6d:ce:78:5a:cd:90:96:13:ab:b0:
                    c7:03:c1:27:90:3a:e2:de:5d:dc:53:e7:8e:89:b3:
                    2c:4c:8f:d0:ed:01:39:73:81:25:a9:ab:5e:9e:f0:
                    e3:52:17:bf:31:6a:13:03:e6:68:ca:4b:1e:82:4d:
                    f6:6b:81:f8:2a:68:3b:88:5e:89:17:ba:56:10:49:
                    d4:ad:d9:18:d7:60:6f:0c:48:2a:2f:d2:8f:b7:22:
                    a2:10:8f:7c:75:10:f3:be:48:ce:2c:72:0f:ce:ea:
                    87:da:ae:48:fc:59:5b:b2:4a:6f:98:94:bd:ec:f1:
                    19:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:64:F0:F4:4C:20:6B:03:4C:8C:C6:23:E0:33:D6:5D:94:73:80:BC
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS142664.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a00e::/32

    Signature Algorithm: sha256WithRSAEncryption
         0e:1e:b2:9b:f4:5d:32:9d:54:36:27:85:1c:c3:0e:2e:35:87:
         61:b6:79:1e:a0:68:6c:12:4c:a5:be:c5:e4:ce:85:61:d4:f6:
         4b:90:07:4b:c4:13:e0:8d:72:64:d9:10:e1:75:e9:6e:30:c7:
         c7:92:9c:56:6b:da:36:e5:5e:dc:04:72:c3:42:78:8d:8a:8a:
         c7:31:21:bd:31:cc:8a:63:e4:3b:66:ad:ad:dd:ec:95:e0:67:
         6b:c5:6e:c3:bf:6c:7e:4c:65:22:ee:f8:39:79:b0:43:66:3c:
         d3:fc:59:0a:34:25:59:00:63:85:a7:11:cb:4e:a4:2f:9d:54:
         b0:86:65:82:71:fe:90:d1:b5:30:b4:a6:14:18:6a:f9:c8:4a:
         f2:fd:1a:b3:32:9f:c7:7e:ca:72:dd:b6:92:44:a9:e4:83:43:
         24:80:48:7a:e8:1e:50:30:9a:ca:21:92:6e:d1:70:d0:5d:ad:
         39:6c:7f:1b:53:61:04:2b:4f:9e:ff:c4:b4:25:52:5d:8d:c2:
         41:3c:02:fc:86:70:6c:cc:fd:c3:bf:42:78:64:5b:fe:42:32:
         b1:80:f5:bc:a5:26:54:1d:77:02:22:01:30:69:f3:6d:c3:9d:
         0b:25:8c:8a:f8:1a:4a:3e:96:ac:e2:f1:e4:c7:bf:68:55:ca:
         95:96:0b:d1
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUGn1/IgCLkcfcKDDsizPceop3iAMwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDE1OFoX
DTI3MDMwMzA2MDY1OFowMzExMC8GA1UEAxMoNzA2NEYwRjQ0QzIwNkIwMzRDOEND
NjIzRTAzM0Q2NUQ5NDczODBCQzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMl44lSasQha5WEO73nIKk7N8p4d3jGWwIW9yfwO23+sacG24kjXo1/d4bu+
ZUBQpDeik5vdAHQhaMSMc37nSD868cbqDIZokB5JAOezWJHcvPRCZKhBcsQ36jQv
FT8OpP0rEn9/WlYbhiBJQA9tCxoRAUKN8POpxVgB1Rh2oxG0Shu78q4ZFlHXq/Vt
znhazZCWE6uwxwPBJ5A64t5d3FPnjomzLEyP0O0BOXOBJamrXp7w41IXvzFqEwPm
aMpLHoJN9muB+CpoO4heiRe6VhBJ1K3ZGNdgbwxIKi/Sj7ciohCPfHUQ875Izixy
D87qh9quSPxZW7JKb5iUvezxGXsCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBRwZPD0
TCBrA0yMxiPgM9ZdlHOAvDAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MjY2NC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
oA4wDQYJKoZIhvcNAQELBQADggEBAA4espv0XTKdVDYnhRzDDi41h2G2eR6gaGwS
TKW+xeTOhWHU9kuQB0vEE+CNcmTZEOF16W4wx8eSnFZr2jblXtwEcsNCeI2Kiscx
Ib0xzIpj5Dtmra3d7JXgZ2vFbsO/bH5MZSLu+Dl5sENmPNP8WQo0JVkAY4WnEctO
pC+dVLCGZYJx/pDRtTC0phQYavnISvL9GrMyn8d+ynLdtpJEqeSDQySASHroHlAw
msohkm7RcNBdrTlsfxtTYQQrT57/xLQlUl2NwkE8AvyGcGzM/cO/QnhkW/5CMrGA
9bylJlQddwIiATBp823DnQsljIr4Gko+lqzi8eTHv2hVypWWC9E=
-----END CERTIFICATE-----