Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS142730.roa
File:                     AS142730.roa (raw, json)
Hash identifier:          gmVs2l7kNB3iR8eQSeUQxemQLRDSOPZD97nEXaZPpVg=
Subject key identifier:   E8:85:85:37:C7:E9:50:01:B0:D5:B2:E7:99:94:53:A3:BD:C1:48:DE
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       01B6183BFDAFE30B5DD687E7F1321C614E7E61E0
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS142730.roa
Signing time:             Wed 04 Mar 2026 06:05:41 +0000
ROA not before:           Wed 04 Mar 2026 06:00:41 +0000
ROA not after:            Wed 03 Mar 2027 06:05:41 +0000
asID:                     142730
IP address blocks:        240a:a050::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:b6:18:3b:fd:af:e3:0b:5d:d6:87:e7:f1:32:1c:61:4e:7e:61:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:00:41 2026 GMT
            Not After : Mar  3 06:05:41 2027 GMT
        Subject: CN=E8858537C7E95001B0D5B2E7999453A3BDC148DE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:16:3d:48:12:49:0b:d2:1a:fd:33:85:24:42:
                    ce:dd:65:be:0d:49:42:8d:90:6f:8a:3c:e9:e9:78:
                    75:d3:aa:97:ec:c8:9a:01:1c:15:d3:86:34:46:f7:
                    ae:3e:c1:3a:35:2a:e4:4e:52:10:17:d6:54:cf:14:
                    00:ad:ae:0c:18:47:31:96:fe:8a:05:3f:ec:31:fc:
                    db:48:27:1d:85:3d:5f:2b:41:18:02:3c:05:d6:66:
                    15:6e:8c:5d:56:78:f1:34:a3:b4:f6:b0:95:aa:8c:
                    11:4f:61:3f:e2:91:92:f1:2e:be:7d:ea:ba:ff:ce:
                    cb:b3:98:fb:9b:df:dc:6f:be:58:ec:87:27:08:57:
                    6c:02:43:55:dc:48:7f:ff:3c:69:81:ab:6f:28:af:
                    ff:1e:fb:c4:98:65:d3:8f:ec:19:4a:9b:c9:96:8d:
                    cc:b8:90:cd:21:30:84:39:c3:23:f4:6c:36:c5:c5:
                    8d:3b:a4:9a:05:94:23:98:84:50:f7:86:49:99:60:
                    f2:66:b9:6b:3d:7d:12:ef:7d:ef:cc:12:81:86:b2:
                    e6:b6:21:9b:84:12:57:5e:ae:ae:bb:30:30:c5:69:
                    be:1f:2b:44:2c:95:17:7a:b1:7d:54:03:5c:e4:d0:
                    a3:46:11:87:29:cc:3a:a8:9f:92:a1:c5:2c:1e:0c:
                    87:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:85:85:37:C7:E9:50:01:B0:D5:B2:E7:99:94:53:A3:BD:C1:48:DE
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS142730.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a050::/32

    Signature Algorithm: sha256WithRSAEncryption
         b8:68:d0:7b:41:52:f3:bc:c4:aa:50:a1:44:29:62:26:00:f1:
         15:2b:c9:3c:81:e7:ad:a3:37:a6:90:45:a1:c8:35:41:cb:30:
         9d:76:f6:b5:9a:4f:e0:9d:3a:09:4c:b5:60:44:ff:11:dd:6b:
         06:fb:a4:10:4f:43:9a:cc:cb:0f:d5:6e:a1:1e:e8:45:12:11:
         20:18:87:90:87:4b:1c:1e:1b:04:90:36:7b:b0:35:76:73:63:
         2a:77:45:8f:18:87:b5:e1:46:01:15:c7:f0:82:92:68:9e:e8:
         3a:09:b7:87:49:07:55:91:fb:42:0d:ac:46:73:b3:8f:ec:18:
         22:a1:26:7c:f0:3f:3e:c4:88:bf:6b:c3:5b:09:09:71:47:fa:
         4d:af:fc:c7:a1:60:6d:f7:4d:05:71:5f:30:4a:49:7d:e4:2a:
         c6:5a:16:63:08:08:a6:d9:89:8f:a1:3c:2b:6c:d8:b5:09:c7:
         69:1c:9a:58:d3:a2:fd:78:55:0a:7e:f6:6a:42:17:b1:74:57:
         99:1e:c6:fd:41:c8:d1:f3:e1:77:ae:1a:36:cd:a9:aa:f9:58:
         34:e2:b7:20:a5:e9:59:16:6d:d5:57:62:83:91:43:76:95:82:
         31:6e:b8:87:3f:4c:32:14:85:7a:5e:65:31:14:db:c7:39:58:
         c8:b6:9f:52
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUAbYYO/2v4wtd1ofn8TIcYU5+YeAwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDA0MVoX
DTI3MDMwMzA2MDU0MVowMzExMC8GA1UEAxMoRTg4NTg1MzdDN0U5NTAwMUIwRDVC
MkU3OTk5NDUzQTNCREMxNDhERTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALAWPUgSSQvSGv0zhSRCzt1lvg1JQo2Qb4o86el4ddOql+zImgEcFdOGNEb3
rj7BOjUq5E5SEBfWVM8UAK2uDBhHMZb+igU/7DH820gnHYU9XytBGAI8BdZmFW6M
XVZ48TSjtPawlaqMEU9hP+KRkvEuvn3quv/Oy7OY+5vf3G++WOyHJwhXbAJDVdxI
f/88aYGrbyiv/x77xJhl04/sGUqbyZaNzLiQzSEwhDnDI/RsNsXFjTukmgWUI5iE
UPeGSZlg8ma5az19Eu9978wSgYay5rYhm4QSV16urrswMMVpvh8rRCyVF3qxfVQD
XOTQo0YRhynMOqifkqHFLB4MhxkCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBTohYU3
x+lQAbDVsueZlFOjvcFI3jAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MjczMC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
oFAwDQYJKoZIhvcNAQELBQADggEBALho0HtBUvO8xKpQoUQpYiYA8RUryTyB562j
N6aQRaHINUHLMJ129rWaT+CdOglMtWBE/xHdawb7pBBPQ5rMyw/VbqEe6EUSESAY
h5CHSxweGwSQNnuwNXZzYyp3RY8Yh7XhRgEVx/CCkmie6DoJt4dJB1WR+0INrEZz
s4/sGCKhJnzwPz7EiL9rw1sJCXFH+k2v/MehYG33TQVxXzBKSX3kKsZaFmMICKbZ
iY+hPCts2LUJx2kcmljTov14VQp+9mpCF7F0V5kexv1ByNHz4XeuGjbNqar5WDTi
tyCl6VkWbdVXYoORQ3aVgjFuuIc/TDIUhXpeZTEU28c5WMi2n1I=
-----END CERTIFICATE-----