Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS142736.roa
File:                     AS142736.roa (raw, json)
Hash identifier:          xqZH8BLR0iZwvPvMrj3lHbLBtanDwyWnizUo6jdduUA=
Subject key identifier:   77:69:31:80:B8:D4:A0:09:E4:08:49:D4:9E:72:06:CD:93:8F:2C:96
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       2A9C2B388AF1CFE2123969A974D4E5B9BAA22A14
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS142736.roa
Signing time:             Wed 04 Mar 2026 06:07:23 +0000
ROA not before:           Wed 04 Mar 2026 06:02:23 +0000
ROA not after:            Wed 03 Mar 2027 06:07:23 +0000
asID:                     142736
IP address blocks:        240a:a056::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:9c:2b:38:8a:f1:cf:e2:12:39:69:a9:74:d4:e5:b9:ba:a2:2a:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:02:23 2026 GMT
            Not After : Mar  3 06:07:23 2027 GMT
        Subject: CN=77693180B8D4A009E40849D49E7206CD938F2C96
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f8:75:f2:a9:71:da:09:bc:63:fb:fa:47:2f:18:
                    66:18:11:8b:82:f2:b2:c1:4a:2f:0d:60:0b:ba:3e:
                    eb:e1:12:2e:4e:bf:ce:08:b4:dd:d5:08:ca:b7:eb:
                    9c:b3:4b:04:77:ea:03:f5:e0:aa:a5:5e:67:9d:ff:
                    c1:d4:5d:be:e5:89:60:4a:6a:cb:f5:f5:a4:71:34:
                    d2:0a:ab:28:8d:d9:05:e3:8c:f4:d3:70:f2:41:36:
                    7f:48:7d:7a:75:8b:bc:2a:f1:ca:d6:ec:14:81:16:
                    6a:74:ae:f1:af:e2:f7:e2:d9:a0:38:53:bd:51:0c:
                    16:7e:28:f2:0a:b5:c4:6e:af:72:70:9c:ae:7a:ae:
                    96:aa:f7:d9:0f:a1:18:96:2a:2a:13:57:04:a1:29:
                    49:42:82:80:9f:56:a0:96:a1:df:84:53:56:4e:c8:
                    12:10:3c:af:1c:37:42:f5:b2:b0:a3:78:80:9b:6e:
                    2b:5f:72:90:1d:ef:27:e9:21:87:bd:d6:f9:fb:4a:
                    23:70:e4:77:36:4f:6b:b2:b4:dd:73:b8:4c:ce:ad:
                    8f:6e:38:d1:70:b2:b2:ba:e2:2c:7f:74:14:69:f1:
                    39:29:43:66:31:1a:18:64:85:c2:b7:67:35:e5:1c:
                    45:c1:7e:15:2c:a4:69:88:0c:e3:11:ae:7c:69:ce:
                    d6:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:69:31:80:B8:D4:A0:09:E4:08:49:D4:9E:72:06:CD:93:8F:2C:96
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS142736.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a056::/32

    Signature Algorithm: sha256WithRSAEncryption
         17:49:8e:65:6e:11:69:e3:25:cd:71:e7:00:78:ae:88:32:08:
         e7:44:21:a3:80:96:09:d6:ba:fd:30:89:50:0b:52:2f:c1:9d:
         d5:45:07:87:62:30:87:96:62:22:34:63:88:7d:46:cf:af:47:
         62:3f:ea:a5:ff:64:51:f9:0e:25:1c:0a:2f:48:2e:9b:7e:3c:
         b2:5f:ec:76:5b:c8:4a:d8:41:71:9c:09:ce:b6:fe:bb:a0:b3:
         89:9a:44:75:c7:11:8b:62:a4:fe:f5:5e:ac:09:4c:ec:3c:9f:
         2e:5d:7a:1f:24:17:e0:c3:8a:05:44:73:10:26:f8:91:79:9b:
         b9:af:3f:c0:e5:8f:0c:6d:fb:c2:03:d1:e8:fa:30:83:b5:43:
         aa:41:d7:ae:bb:70:b1:5c:49:d5:93:f5:da:33:0c:07:c9:97:
         4a:74:7b:30:23:d1:11:bb:a6:a0:a7:93:12:d6:40:0b:cc:1e:
         af:20:33:9b:26:b9:9f:9e:7c:0b:6f:8c:c4:f1:17:1f:50:cb:
         ea:d8:66:af:d0:79:0e:46:ab:0c:e8:5d:fc:4e:49:fd:56:21:
         f4:3b:4a:28:ce:e4:7a:21:ed:bb:04:93:78:2a:1d:83:26:7c:
         2d:21:df:a7:46:d9:16:9b:33:9a:a6:29:98:72:7f:93:18:5a:
         ee:37:af:34
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUKpwrOIrxz+ISOWmpdNTlubqiKhQwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDIyM1oX
DTI3MDMwMzA2MDcyM1owMzExMC8GA1UEAxMoNzc2OTMxODBCOEQ0QTAwOUU0MDg0
OUQ0OUU3MjA2Q0Q5MzhGMkM5NjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAPh18qlx2gm8Y/v6Ry8YZhgRi4LyssFKLw1gC7o+6+ESLk6/zgi03dUIyrfr
nLNLBHfqA/XgqqVeZ53/wdRdvuWJYEpqy/X1pHE00gqrKI3ZBeOM9NNw8kE2f0h9
enWLvCrxytbsFIEWanSu8a/i9+LZoDhTvVEMFn4o8gq1xG6vcnCcrnqulqr32Q+h
GJYqKhNXBKEpSUKCgJ9WoJah34RTVk7IEhA8rxw3QvWysKN4gJtuK19ykB3vJ+kh
h73W+ftKI3DkdzZPa7K03XO4TM6tj2440XCysrriLH90FGnxOSlDZjEaGGSFwrdn
NeUcRcF+FSykaYgM4xGufGnO1lcCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBR3aTGA
uNSgCeQISdSecgbNk48sljAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MjczNi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
oFYwDQYJKoZIhvcNAQELBQADggEBABdJjmVuEWnjJc1x5wB4rogyCOdEIaOAlgnW
uv0wiVALUi/BndVFB4diMIeWYiI0Y4h9Rs+vR2I/6qX/ZFH5DiUcCi9ILpt+PLJf
7HZbyErYQXGcCc62/rugs4maRHXHEYtipP71XqwJTOw8ny5deh8kF+DDigVEcxAm
+JF5m7mvP8Dljwxt+8ID0ej6MIO1Q6pB1667cLFcSdWT9dozDAfJl0p0ezAj0RG7
pqCnkxLWQAvMHq8gM5smuZ+efAtvjMTxFx9Qy+rYZq/QeQ5GqwzoXfxOSf1WIfQ7
SijO5Hoh7bsEk3gqHYMmfC0h36dG2RabM5qmKZhyf5MYWu43rzQ=
-----END CERTIFICATE-----