Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS142672.roa
File:                     AS142672.roa (raw, json)
Hash identifier:          LrukBVXgXuR34JcG01NaFvORo7GY/Ri93zI0UGuWslE=
Subject key identifier:   59:4E:07:E0:9F:E8:8B:D9:2E:AC:CE:5D:9E:B8:D9:4D:4D:BA:41:B1
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       7496778158655E594E57E6C97E22E64DE73A3577
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS142672.roa
Signing time:             Wed 04 Mar 2026 06:06:19 +0000
ROA not before:           Wed 04 Mar 2026 06:01:19 +0000
ROA not after:            Wed 03 Mar 2027 06:06:19 +0000
asID:                     142672
IP address blocks:        240a:a016::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:96:77:81:58:65:5e:59:4e:57:e6:c9:7e:22:e6:4d:e7:3a:35:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:01:19 2026 GMT
            Not After : Mar  3 06:06:19 2027 GMT
        Subject: CN=594E07E09FE88BD92EACCE5D9EB8D94D4DBA41B1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:64:3e:02:f6:8c:f6:f3:c7:28:c9:d3:eb:58:
                    c4:4e:da:c3:6f:37:df:8f:a8:c5:ac:83:bf:d2:06:
                    f1:3c:58:e3:54:c3:0f:61:67:1a:c6:3a:7e:7c:f2:
                    ed:f7:15:07:83:4d:88:80:9c:cd:40:13:b4:ca:ce:
                    7b:5f:cc:33:de:44:ce:9b:94:8c:37:66:4a:37:b1:
                    fc:9d:62:80:1f:0c:b6:2c:b0:7c:cc:52:22:ad:d0:
                    2f:9d:8c:84:53:bc:92:4d:39:45:f2:05:f5:f4:36:
                    df:44:56:99:e0:dc:8b:68:da:58:e2:b9:69:d4:11:
                    b1:69:b3:c7:a4:52:e0:ce:15:96:c4:93:92:3a:a0:
                    be:f0:ef:51:b8:c1:05:94:c4:36:29:f2:72:93:bb:
                    5c:61:fa:5f:20:bd:7d:e0:b0:8d:61:11:36:47:ed:
                    29:c2:87:d0:cf:be:09:62:71:9f:aa:cd:f9:af:a2:
                    c3:43:c8:f2:0e:15:77:4d:bf:0e:4a:68:64:63:10:
                    13:5a:e1:98:a6:d4:d3:8e:01:cb:2e:3b:a0:4c:ff:
                    45:fa:b2:62:05:d7:ad:ac:18:f0:78:96:09:f3:bc:
                    8f:df:c2:aa:1b:18:be:54:eb:42:cf:02:a9:a1:e9:
                    68:a2:3e:a4:6e:85:d8:34:3f:8f:b2:97:0f:53:74:
                    d2:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:4E:07:E0:9F:E8:8B:D9:2E:AC:CE:5D:9E:B8:D9:4D:4D:BA:41:B1
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS142672.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a016::/32

    Signature Algorithm: sha256WithRSAEncryption
         dc:e0:fb:b2:26:d1:6a:b9:fd:56:05:53:d8:9f:eb:7b:99:fe:
         f9:92:80:3d:71:b3:1c:bb:16:67:dd:0c:6a:d8:51:77:31:76:
         e7:2f:55:74:97:71:f3:4d:28:ee:2e:39:97:fb:3e:f1:aa:cb:
         ed:16:76:67:73:40:bd:4d:da:fe:04:ce:76:df:70:52:73:a6:
         2e:ac:d6:18:28:a7:f4:92:32:62:13:25:da:2d:48:26:0c:81:
         de:72:22:7c:f2:3d:6e:e0:89:99:da:21:4c:65:02:df:22:3d:
         82:7e:bf:c5:d3:7e:46:b4:31:43:89:04:64:23:92:31:85:5e:
         e5:2a:d5:44:cd:a1:f4:75:dd:25:01:ac:61:67:52:fc:d0:8d:
         b2:7d:4a:a6:46:bf:b0:3c:2e:7a:2b:fc:ba:bb:c3:43:38:20:
         dd:0d:0c:17:f7:09:4a:ca:cf:23:66:df:d3:d4:91:27:2c:95:
         78:10:69:91:5b:87:5c:cf:28:43:8d:5b:7c:b7:ca:ed:da:0c:
         cb:6c:81:24:c2:ff:27:a4:20:5f:58:e0:1e:59:d6:9d:e4:f0:
         d2:00:f2:0e:83:c3:f8:16:00:d9:0a:d9:e3:49:da:7c:90:d6:
         de:94:0c:7b:bc:31:5f:26:7d:dc:9e:09:04:a7:d3:8b:bd:c7:
         4e:bb:23:c6
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUdJZ3gVhlXllOV+bJfiLmTec6NXcwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDExOVoX
DTI3MDMwMzA2MDYxOVowMzExMC8GA1UEAxMoNTk0RTA3RTA5RkU4OEJEOTJFQUND
RTVEOUVCOEQ5NEQ0REJBNDFCMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOZkPgL2jPbzxyjJ0+tYxE7aw28334+oxayDv9IG8TxY41TDD2FnGsY6fnzy
7fcVB4NNiICczUATtMrOe1/MM95EzpuUjDdmSjex/J1igB8MtiywfMxSIq3QL52M
hFO8kk05RfIF9fQ230RWmeDci2jaWOK5adQRsWmzx6RS4M4VlsSTkjqgvvDvUbjB
BZTENinycpO7XGH6XyC9feCwjWERNkftKcKH0M++CWJxn6rN+a+iw0PI8g4Vd02/
DkpoZGMQE1rhmKbU044Byy47oEz/RfqyYgXXrawY8HiWCfO8j9/CqhsYvlTrQs8C
qaHpaKI+pG6F2DQ/j7KXD1N00ocCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBRZTgfg
n+iL2S6szl2euNlNTbpBsTAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MjY3Mi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
oBYwDQYJKoZIhvcNAQELBQADggEBANzg+7Im0Wq5/VYFU9if63uZ/vmSgD1xsxy7
FmfdDGrYUXcxducvVXSXcfNNKO4uOZf7PvGqy+0WdmdzQL1N2v4EznbfcFJzpi6s
1hgop/SSMmITJdotSCYMgd5yInzyPW7giZnaIUxlAt8iPYJ+v8XTfka0MUOJBGQj
kjGFXuUq1UTNofR13SUBrGFnUvzQjbJ9SqZGv7A8Lnor/Lq7w0M4IN0NDBf3CUrK
zyNm39PUkScslXgQaZFbh1zPKEONW3y3yu3aDMtsgSTC/yekIF9Y4B5Z1p3k8NIA
8g6Dw/gWANkK2eNJ2nyQ1t6UDHu8MV8mfdyeCQSn04u9x067I8Y=
-----END CERTIFICATE-----