Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS142681.roa
File:                     AS142681.roa (raw, json)
Hash identifier:          nk3AOu7lRcj58hHEwjnZysPpt6/MaKWyWXndmbwir6M=
Subject key identifier:   84:70:47:F7:A7:77:CB:6C:0E:27:37:AA:1E:93:AC:53:DA:F4:99:AC
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       6711386A8673CA611C4A1DC0B0B869A12C638878
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS142681.roa
Signing time:             Wed 04 Mar 2026 06:05:12 +0000
ROA not before:           Wed 04 Mar 2026 06:00:12 +0000
ROA not after:            Wed 03 Mar 2027 06:05:12 +0000
asID:                     142681
IP address blocks:        240a:a01f::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            67:11:38:6a:86:73:ca:61:1c:4a:1d:c0:b0:b8:69:a1:2c:63:88:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:00:12 2026 GMT
            Not After : Mar  3 06:05:12 2027 GMT
        Subject: CN=847047F7A777CB6C0E2737AA1E93AC53DAF499AC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:80:77:f1:21:a1:b6:94:66:78:07:7c:bc:22:
                    cd:90:02:e4:38:ce:51:f6:37:df:f8:34:ee:69:59:
                    c2:0b:eb:54:8f:9e:49:ef:60:61:da:26:33:74:25:
                    25:3c:c7:fc:06:7f:c1:53:95:20:e9:95:98:0c:bf:
                    89:96:a1:02:7c:73:df:f7:30:6e:86:7a:8c:38:ce:
                    e7:52:b8:3d:e6:47:25:91:f4:eb:a1:24:6f:b3:22:
                    8b:21:03:7c:fc:6c:a5:c9:ac:42:2f:a6:a3:f6:db:
                    51:22:54:8a:23:46:0e:99:1e:83:4d:19:41:5f:8c:
                    4c:3e:29:b5:af:41:80:bc:f4:45:2e:b8:98:76:dc:
                    68:b3:36:9e:b1:70:8b:37:48:d9:9b:ca:11:da:3b:
                    ae:c6:07:f6:6f:9c:87:63:c8:33:0d:b9:8d:98:ba:
                    9f:c3:4a:d8:e3:36:24:d3:23:0c:86:da:f8:6c:a4:
                    69:3c:4f:72:b4:f4:ef:47:9f:15:64:aa:f3:ef:78:
                    8e:4e:0b:30:f8:17:22:d3:29:ec:df:8d:81:9e:c9:
                    d0:53:ce:b7:8d:de:2b:d5:e6:b7:41:ce:20:0f:18:
                    c9:c8:64:bf:71:3f:34:57:36:03:b3:49:cc:6b:e4:
                    39:76:62:ff:12:7b:c4:b2:45:ed:91:24:04:97:3e:
                    9a:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:70:47:F7:A7:77:CB:6C:0E:27:37:AA:1E:93:AC:53:DA:F4:99:AC
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS142681.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a01f::/32

    Signature Algorithm: sha256WithRSAEncryption
         18:7a:ff:d8:d5:20:6c:5d:d2:4d:65:09:b3:73:e9:f8:a1:ec:
         b9:30:43:b4:4a:9c:ec:31:0b:56:c6:72:e9:60:f2:13:88:cc:
         27:91:e2:c5:72:8f:bd:c2:f9:50:74:61:df:0b:f3:f8:4c:12:
         2e:05:6f:06:ab:d3:d0:5e:e5:5e:8b:59:1b:27:e4:2e:42:6a:
         6e:85:cd:68:9c:df:00:c3:9e:b6:48:93:f3:fa:9d:51:1b:c8:
         58:5f:76:ce:fe:75:ed:b3:25:49:9f:3b:fa:c6:21:37:9c:92:
         c0:ad:46:91:3a:bb:db:01:f1:01:5e:3c:d6:a9:11:cd:b6:11:
         3c:13:00:07:fc:4c:ea:e4:57:f3:68:21:a3:82:70:71:06:ed:
         73:70:aa:cd:8d:1f:c7:2f:41:21:1b:0b:60:a5:6c:e3:01:5b:
         95:f2:27:53:97:08:ba:40:65:40:83:ab:31:a0:a3:36:35:68:
         27:ec:0b:ed:58:d6:50:3e:bd:14:9b:5a:7b:f0:1c:e9:6c:b2:
         57:76:a2:33:5b:fe:5b:9c:3c:b9:40:1e:54:b0:d5:99:02:be:
         d7:e3:d7:3a:37:4d:f4:70:d0:4c:f1:5b:2f:89:fc:62:70:88:
         2d:54:2e:43:d0:3c:b7:17:01:03:2d:39:b5:d6:4e:64:e4:06:
         95:0b:63:5f
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUZxE4aoZzymEcSh3AsLhpoSxjiHgwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDAxMloX
DTI3MDMwMzA2MDUxMlowMzExMC8GA1UEAxMoODQ3MDQ3RjdBNzc3Q0I2QzBFMjcz
N0FBMUU5M0FDNTNEQUY0OTlBQzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALWAd/EhobaUZngHfLwizZAC5DjOUfY33/g07mlZwgvrVI+eSe9gYdomM3Ql
JTzH/AZ/wVOVIOmVmAy/iZahAnxz3/cwboZ6jDjO51K4PeZHJZH066Ekb7MiiyED
fPxspcmsQi+mo/bbUSJUiiNGDpkeg00ZQV+MTD4pta9BgLz0RS64mHbcaLM2nrFw
izdI2ZvKEdo7rsYH9m+ch2PIMw25jZi6n8NK2OM2JNMjDIba+GykaTxPcrT070ef
FWSq8+94jk4LMPgXItMp7N+NgZ7J0FPOt43eK9Xmt0HOIA8Yychkv3E/NFc2A7NJ
zGvkOXZi/xJ7xLJF7ZEkBJc+miMCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBSEcEf3
p3fLbA4nN6oek6xT2vSZrDAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MjY4MS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
oB8wDQYJKoZIhvcNAQELBQADggEBABh6/9jVIGxd0k1lCbNz6fih7LkwQ7RKnOwx
C1bGculg8hOIzCeR4sVyj73C+VB0Yd8L8/hMEi4Fbwar09Be5V6LWRsn5C5Cam6F
zWic3wDDnrZIk/P6nVEbyFhfds7+de2zJUmfO/rGITecksCtRpE6u9sB8QFePNap
Ec22ETwTAAf8TOrkV/NoIaOCcHEG7XNwqs2NH8cvQSEbC2ClbOMBW5XyJ1OXCLpA
ZUCDqzGgozY1aCfsC+1Y1lA+vRSbWnvwHOlssld2ojNb/lucPLlAHlSw1ZkCvtfj
1zo3TfRw0EzxWy+J/GJwiC1ULkPQPLcXAQMtObXWTmTkBpULY18=
-----END CERTIFICATE-----