Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS142665.roa
File:                     AS142665.roa (raw, json)
Hash identifier:          plGVqCtRQUy4Dqw2AZ0RdKZo3HcAKidrx//OXafW0JU=
Subject key identifier:   A3:A4:08:FC:CC:4A:7B:BE:6F:39:BA:E5:3C:FD:B3:30:DD:7E:E4:B3
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       07C70A6CF3145F24200064B8C04BB7ADE0D01259
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS142665.roa
Signing time:             Wed 04 Mar 2026 06:06:38 +0000
ROA not before:           Wed 04 Mar 2026 06:01:38 +0000
ROA not after:            Wed 03 Mar 2027 06:06:38 +0000
asID:                     142665
IP address blocks:        240a:a00f::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            07:c7:0a:6c:f3:14:5f:24:20:00:64:b8:c0:4b:b7:ad:e0:d0:12:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:01:38 2026 GMT
            Not After : Mar  3 06:06:38 2027 GMT
        Subject: CN=A3A408FCCC4A7BBE6F39BAE53CFDB330DD7EE4B3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:f3:3e:e3:36:d2:72:d2:54:cf:be:f5:ec:bb:
                    99:f4:70:50:69:e0:cc:64:45:18:2b:ca:2e:ed:b5:
                    e9:64:98:76:f5:ba:bf:92:78:98:e4:f2:18:85:08:
                    0b:f2:7d:b3:b5:f9:0b:c6:dd:61:9d:05:22:d5:1d:
                    ff:92:c2:ce:73:e1:40:f0:db:4c:0d:40:21:e4:3f:
                    98:1c:43:72:6f:52:a5:10:25:5e:8b:34:e6:48:a4:
                    b9:7d:cd:1b:aa:65:95:13:a9:66:75:00:95:25:67:
                    63:35:85:90:c4:c8:6e:ed:c2:23:2e:eb:e5:3f:44:
                    83:12:50:01:c8:b5:d5:a4:c0:b6:f2:ea:87:e6:2e:
                    61:08:80:34:33:e2:37:03:53:39:24:b9:e2:f2:be:
                    7d:30:d1:a9:ec:85:f5:23:49:9a:be:2f:36:f3:af:
                    83:df:92:6d:11:53:aa:b1:34:69:43:be:87:c4:26:
                    32:5e:d8:77:42:65:c1:c2:6d:c3:67:6d:ed:a0:00:
                    8f:6a:c9:c6:1a:48:ae:87:69:31:a5:d2:a4:15:a0:
                    66:28:4c:e7:e2:8c:ef:08:bd:41:57:d9:a8:25:23:
                    08:00:bf:b3:d5:a7:0e:a3:8d:bb:14:5b:09:22:6e:
                    5d:03:ed:30:81:e7:d1:6b:11:0e:d2:8f:56:57:ee:
                    c8:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:A4:08:FC:CC:4A:7B:BE:6F:39:BA:E5:3C:FD:B3:30:DD:7E:E4:B3
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS142665.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a00f::/32

    Signature Algorithm: sha256WithRSAEncryption
         90:cc:c9:81:2a:70:56:5d:ed:52:4c:d0:8a:e6:fe:6a:7c:7f:
         34:d3:ae:87:ec:30:02:f4:0b:c0:56:e9:a3:43:87:1e:dc:b1:
         10:81:f6:3a:2d:51:66:3f:7c:88:1f:18:83:7e:ec:5d:10:01:
         5d:0b:b3:f3:1d:79:44:bd:07:47:ee:a1:b9:1d:a6:9c:d4:47:
         e4:e5:80:fa:96:6c:0b:1e:95:f2:4a:51:37:8f:c5:ce:85:55:
         7f:55:58:9e:2f:0a:d0:31:b1:2b:8a:a1:c3:7a:4a:06:27:70:
         2d:67:de:1a:ee:c9:88:f1:5d:33:b3:39:9f:d3:39:10:a4:f0:
         34:38:f2:fd:f1:a5:f9:76:f6:a0:42:17:e9:d3:af:93:93:c6:
         39:cd:94:cb:2c:bb:d7:9d:ad:ec:57:e2:d4:8f:17:4e:8a:8f:
         4f:d0:f5:7d:a7:b2:f1:58:9b:af:36:59:68:29:04:b0:9f:de:
         00:34:ed:66:8d:ff:53:a0:44:be:48:ef:ff:c1:b7:71:32:e7:
         27:e7:5c:75:99:eb:c9:3c:41:2d:58:0c:78:b4:1b:94:79:f2:
         b7:0c:c7:4c:fb:fc:4d:7f:14:6f:7e:b8:a5:a1:1f:e2:3e:a1:
         ce:0d:f1:66:57:fa:a9:f7:42:89:eb:8d:ac:7d:79:03:f8:45:
         41:9f:b7:87
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUB8cKbPMUXyQgAGS4wEu3reDQElkwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDEzOFoX
DTI3MDMwMzA2MDYzOFowMzExMC8GA1UEAxMoQTNBNDA4RkNDQzRBN0JCRTZGMzlC
QUU1M0NGREIzMzBERDdFRTRCMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMzzPuM20nLSVM++9ey7mfRwUGngzGRFGCvKLu216WSYdvW6v5J4mOTyGIUI
C/J9s7X5C8bdYZ0FItUd/5LCznPhQPDbTA1AIeQ/mBxDcm9SpRAlXos05kikuX3N
G6pllROpZnUAlSVnYzWFkMTIbu3CIy7r5T9EgxJQAci11aTAtvLqh+YuYQiANDPi
NwNTOSS54vK+fTDRqeyF9SNJmr4vNvOvg9+SbRFTqrE0aUO+h8QmMl7Yd0JlwcJt
w2dt7aAAj2rJxhpIrodpMaXSpBWgZihM5+KM7wi9QVfZqCUjCAC/s9WnDqONuxRb
CSJuXQPtMIHn0WsRDtKPVlfuyJECAwEAAaOCAcUwggHBMB0GA1UdDgQWBBSjpAj8
zEp7vm85uuU8/bMw3X7kszAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MjY2NS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
oA8wDQYJKoZIhvcNAQELBQADggEBAJDMyYEqcFZd7VJM0Irm/mp8fzTTrofsMAL0
C8BW6aNDhx7csRCB9jotUWY/fIgfGIN+7F0QAV0Ls/MdeUS9B0fuobkdppzUR+Tl
gPqWbAselfJKUTePxc6FVX9VWJ4vCtAxsSuKocN6SgYncC1n3hruyYjxXTOzOZ/T
ORCk8DQ48v3xpfl29qBCF+nTr5OTxjnNlMssu9edrexX4tSPF06Kj0/Q9X2nsvFY
m682WWgpBLCf3gA07WaN/1OgRL5I7//Bt3Ey5yfnXHWZ68k8QS1YDHi0G5R58rcM
x0z7/E1/FG9+uKWhH+I+oc4N8WZX+qn3Qonrjax9eQP4RUGft4c=
-----END CERTIFICATE-----