Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS142745.roa
File:                     AS142745.roa (raw, json)
Hash identifier:          qJVNqBTSApaENg3yRb76RdYZ27bWSAzMtYpHTXSJ2Uw=
Subject key identifier:   DF:9E:D3:FB:68:72:24:FE:CF:B2:66:92:DC:65:55:08:57:00:53:1A
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       482B9B73B0BE3A6BAA508CF937EC79E486F07393
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS142745.roa
Signing time:             Wed 04 Mar 2026 06:06:03 +0000
ROA not before:           Wed 04 Mar 2026 06:01:03 +0000
ROA not after:            Wed 03 Mar 2027 06:06:03 +0000
asID:                     142745
IP address blocks:        240a:a05f::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            48:2b:9b:73:b0:be:3a:6b:aa:50:8c:f9:37:ec:79:e4:86:f0:73:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:01:03 2026 GMT
            Not After : Mar  3 06:06:03 2027 GMT
        Subject: CN=DF9ED3FB687224FECFB26692DC6555085700531A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:b8:ed:c7:94:b9:91:90:c6:38:43:9f:83:56:
                    f5:ea:03:03:b4:62:18:4f:f1:4f:27:23:df:ef:43:
                    b7:2b:29:ab:24:e1:f0:86:be:45:cd:7b:4f:dc:c8:
                    cb:19:16:e3:0c:6e:09:8a:6c:0e:c1:8c:0b:de:9d:
                    68:7c:6f:02:6a:1b:c5:5e:80:fb:2a:dd:4a:d3:f6:
                    70:69:75:84:ed:75:68:a2:be:37:c7:fb:6e:f2:51:
                    24:b9:52:cf:d7:c4:f7:12:49:b5:64:b7:81:83:99:
                    9b:05:b7:a5:21:bc:ef:d4:a7:aa:97:48:73:22:37:
                    ae:f5:19:c7:45:d2:c3:6a:de:ec:c3:90:a7:11:0d:
                    9a:74:6f:6e:14:16:ed:47:54:a0:ed:72:88:cc:9d:
                    75:0f:46:9b:07:d8:e6:1c:c7:57:c1:f1:f1:74:65:
                    6b:ba:e4:80:4f:e5:38:33:18:80:24:38:24:b9:be:
                    a1:dd:80:d0:5e:af:58:b7:8b:03:6c:12:60:aa:68:
                    08:db:79:2c:23:a2:19:ab:2c:84:98:d0:ef:5a:2d:
                    ed:08:ad:54:20:a9:24:b5:dc:05:b2:b9:4a:0e:a6:
                    04:53:5e:0a:c5:a8:ae:7f:90:1c:2e:18:a9:0b:e3:
                    74:9d:3c:e6:c2:82:0b:ea:08:bd:98:13:bb:05:c6:
                    32:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:9E:D3:FB:68:72:24:FE:CF:B2:66:92:DC:65:55:08:57:00:53:1A
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS142745.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a05f::/32

    Signature Algorithm: sha256WithRSAEncryption
         50:8a:6d:5e:03:8a:34:bd:b0:ee:6e:7a:02:13:e5:e6:f8:82:
         40:0e:93:d1:f2:10:36:da:f7:fc:70:39:37:32:8a:70:90:fd:
         9b:06:0a:6e:db:02:70:96:0f:66:96:ce:eb:c2:a1:81:53:7b:
         f5:e3:ab:9d:92:bc:e3:3b:fe:7d:27:59:6d:98:f6:ad:35:24:
         e2:74:b7:c1:46:b5:48:71:55:6b:54:b3:c0:59:b7:9f:c6:3a:
         2f:d3:81:e7:ba:33:1a:36:08:c4:ec:f5:32:09:7c:13:0a:40:
         54:2d:7f:8f:45:6f:6b:07:3e:ff:e0:bf:5e:d2:23:a3:0b:ad:
         cb:8f:12:ff:ba:c1:0f:78:ee:f2:fd:20:2e:0e:32:86:56:2b:
         76:dc:73:42:25:fe:74:64:9e:21:c3:34:81:e2:95:7d:b9:d9:
         9b:00:03:d9:5f:1c:43:72:cb:1c:a6:6e:f7:7f:c4:e8:b2:c6:
         51:4a:d4:e8:01:09:b5:3b:f9:cc:e0:05:5b:b2:bf:ea:ac:dd:
         e5:1d:18:58:e9:e8:03:0d:50:d0:7d:7b:84:33:c1:d1:6a:13:
         b8:1c:4b:7d:f7:30:69:ff:63:53:87:5a:85:cc:42:0d:fb:1d:
         04:6c:4a:5c:83:ee:d7:6d:16:cb:0a:da:55:f6:ca:45:66:44:
         c9:54:34:41
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUSCubc7C+OmuqUIz5N+x55Ibwc5MwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDEwM1oX
DTI3MDMwMzA2MDYwM1owMzExMC8GA1UEAxMoREY5RUQzRkI2ODcyMjRGRUNGQjI2
NjkyREM2NTU1MDg1NzAwNTMxQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKy47ceUuZGQxjhDn4NW9eoDA7RiGE/xTycj3+9DtyspqyTh8Ia+Rc17T9zI
yxkW4wxuCYpsDsGMC96daHxvAmobxV6A+yrdStP2cGl1hO11aKK+N8f7bvJRJLlS
z9fE9xJJtWS3gYOZmwW3pSG879SnqpdIcyI3rvUZx0XSw2re7MOQpxENmnRvbhQW
7UdUoO1yiMyddQ9GmwfY5hzHV8Hx8XRla7rkgE/lODMYgCQ4JLm+od2A0F6vWLeL
A2wSYKpoCNt5LCOiGasshJjQ71ot7QitVCCpJLXcBbK5Sg6mBFNeCsWorn+QHC4Y
qQvjdJ085sKCC+oIvZgTuwXGMuECAwEAAaOCAcUwggHBMB0GA1UdDgQWBBTfntP7
aHIk/s+yZpLcZVUIVwBTGjAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0Mjc0NS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
oF8wDQYJKoZIhvcNAQELBQADggEBAFCKbV4DijS9sO5uegIT5eb4gkAOk9HyEDba
9/xwOTcyinCQ/ZsGCm7bAnCWD2aWzuvCoYFTe/Xjq52SvOM7/n0nWW2Y9q01JOJ0
t8FGtUhxVWtUs8BZt5/GOi/Tgee6Mxo2CMTs9TIJfBMKQFQtf49Fb2sHPv/gv17S
I6MLrcuPEv+6wQ947vL9IC4OMoZWK3bcc0Il/nRkniHDNIHilX252ZsAA9lfHENy
yxymbvd/xOiyxlFK1OgBCbU7+czgBVuyv+qs3eUdGFjp6AMNUNB9e4QzwdFqE7gc
S333MGn/Y1OHWoXMQg37HQRsSlyD7tdtFssK2lX2ykVmRMlUNEE=
-----END CERTIFICATE-----