Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS142723.roa
File:                     AS142723.roa (raw, json)
Hash identifier:          mejv2CKaQum25xLxYldJMwxwGwx/L9l4Dux2G/Pn1bE=
Subject key identifier:   2C:C0:EB:04:F1:42:A7:BC:25:76:A7:0B:CC:2E:4E:16:D2:60:A3:48
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       64819EEE12476C9D414A56B049140A4D633C3B3D
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS142723.roa
Signing time:             Wed 04 Mar 2026 06:06:36 +0000
ROA not before:           Wed 04 Mar 2026 06:01:36 +0000
ROA not after:            Wed 03 Mar 2027 06:06:36 +0000
asID:                     142723
IP address blocks:        240a:a049::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            64:81:9e:ee:12:47:6c:9d:41:4a:56:b0:49:14:0a:4d:63:3c:3b:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:01:36 2026 GMT
            Not After : Mar  3 06:06:36 2027 GMT
        Subject: CN=2CC0EB04F142A7BC2576A70BCC2E4E16D260A348
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:a8:1f:78:6d:96:3b:48:1b:e4:f3:0e:79:05:
                    6b:4b:62:ce:3d:ff:55:d7:e2:ca:50:9c:3e:41:f8:
                    79:9d:b6:9f:28:f3:69:32:3d:5e:f9:d7:31:00:64:
                    53:b0:72:a8:a5:ac:4f:b8:b4:c5:5d:c1:0d:42:0b:
                    e6:9b:2c:f9:c8:df:ec:cd:9a:bd:85:c9:4b:63:2d:
                    e0:51:6e:15:60:32:43:8c:ee:d0:b4:72:c8:73:e1:
                    22:a5:0f:ed:3b:4e:b5:aa:23:8f:c7:e8:f8:4d:31:
                    2c:2e:22:d4:68:93:3b:56:c9:ff:82:98:4a:85:b3:
                    ce:0e:92:91:66:56:bc:1d:0d:8e:50:b1:27:99:c0:
                    ef:0a:f2:a6:78:1f:0b:55:0b:7f:b8:64:a7:df:26:
                    ee:8c:3c:90:a8:b8:cc:76:ba:87:e7:34:f6:54:a5:
                    e4:ff:a6:9d:38:b8:52:a0:37:0f:06:43:d9:c7:f5:
                    a5:b2:d4:35:c5:3a:29:ca:40:f4:3b:e2:07:c2:d4:
                    8c:54:2b:f5:62:46:c8:49:eb:a7:08:84:07:88:c6:
                    cf:32:55:10:f4:e2:a2:2d:7a:b6:9a:75:46:72:7c:
                    29:26:61:7d:55:09:b6:c2:cf:d6:99:e6:b5:bd:2a:
                    99:de:e3:3b:c7:f0:16:e5:7e:3b:77:f5:90:92:32:
                    11:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:C0:EB:04:F1:42:A7:BC:25:76:A7:0B:CC:2E:4E:16:D2:60:A3:48
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS142723.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a049::/32

    Signature Algorithm: sha256WithRSAEncryption
         0b:08:9e:c1:ed:e0:c8:6a:6f:b0:8c:27:96:c0:6a:54:f3:d2:
         e1:61:81:d8:9b:86:f3:2b:03:6f:e6:bd:76:ec:48:6f:b6:13:
         c9:2a:18:1b:a3:e3:db:e1:c9:ac:74:a3:7e:bc:ed:98:ef:a9:
         21:1f:01:ed:94:88:8d:c7:fb:b2:9c:09:1b:15:67:cb:2d:93:
         80:4b:d8:7f:f8:e6:d2:9c:1e:9a:21:8b:a0:c2:f6:24:b0:32:
         28:ba:66:2b:95:ab:02:98:88:98:be:a6:72:32:47:7b:4e:8b:
         c8:3c:ec:d8:49:11:a0:39:fa:72:36:aa:a8:d2:4a:4a:df:f3:
         94:cf:bb:c8:27:9c:e6:7e:be:bc:c3:9c:4e:48:38:88:98:50:
         77:ed:49:93:10:1a:2d:fc:19:d9:54:b3:56:d9:b3:56:20:e7:
         44:91:31:f7:d8:7f:66:49:9b:d5:89:c5:b2:92:d7:a2:b2:67:
         83:e0:63:eb:e2:57:c6:63:3f:06:3f:e6:f9:79:fa:9a:34:5f:
         5c:63:e5:63:79:d2:fb:8a:5c:f2:98:9c:77:cd:67:3d:0c:d1:
         95:ec:9c:8d:27:e3:03:e6:a0:cb:43:59:62:ad:65:a8:fc:03:
         b9:65:f0:87:a9:53:1b:44:5b:06:53:39:7f:ee:da:df:9e:21:
         2d:63:db:48
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUZIGe7hJHbJ1BSlawSRQKTWM8Oz0wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDEzNloX
DTI3MDMwMzA2MDYzNlowMzExMC8GA1UEAxMoMkNDMEVCMDRGMTQyQTdCQzI1NzZB
NzBCQ0MyRTRFMTZEMjYwQTM0ODCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMSoH3htljtIG+TzDnkFa0tizj3/VdfiylCcPkH4eZ22nyjzaTI9XvnXMQBk
U7ByqKWsT7i0xV3BDUIL5pss+cjf7M2avYXJS2Mt4FFuFWAyQ4zu0LRyyHPhIqUP
7TtOtaojj8fo+E0xLC4i1GiTO1bJ/4KYSoWzzg6SkWZWvB0NjlCxJ5nA7wrypngf
C1ULf7hkp98m7ow8kKi4zHa6h+c09lSl5P+mnTi4UqA3DwZD2cf1pbLUNcU6KcpA
9DviB8LUjFQr9WJGyEnrpwiEB4jGzzJVEPTioi16tpp1RnJ8KSZhfVUJtsLP1pnm
tb0qmd7jO8fwFuV+O3f1kJIyEbkCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQswOsE
8UKnvCV2pwvMLk4W0mCjSDAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MjcyMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
oEkwDQYJKoZIhvcNAQELBQADggEBAAsInsHt4Mhqb7CMJ5bAalTz0uFhgdibhvMr
A2/mvXbsSG+2E8kqGBuj49vhyax0o3687ZjvqSEfAe2UiI3H+7KcCRsVZ8stk4BL
2H/45tKcHpohi6DC9iSwMii6ZiuVqwKYiJi+pnIyR3tOi8g87NhJEaA5+nI2qqjS
Skrf85TPu8gnnOZ+vrzDnE5IOIiYUHftSZMQGi38GdlUs1bZs1Yg50SRMffYf2ZJ
m9WJxbKS16KyZ4PgY+viV8ZjPwY/5vl5+po0X1xj5WN50vuKXPKYnHfNZz0M0ZXs
nI0n4wPmoMtDWWKtZaj8A7ll8IepUxtEWwZTOX/u2t+eIS1j20g=
-----END CERTIFICATE-----