Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS142753.roa
File:                     AS142753.roa (raw, json)
Hash identifier:          Tk/mkgmxx1hhM8gJ4yKsBBYvYTbkvMTObkWnUQDFhJo=
Subject key identifier:   16:78:92:F6:0A:25:03:94:8F:93:37:EB:D6:7F:7B:36:A1:00:7C:7C
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       61B61283E382FD97F811BC327347F2CA2470CA66
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS142753.roa
Signing time:             Wed 04 Mar 2026 06:05:26 +0000
ROA not before:           Wed 04 Mar 2026 06:00:26 +0000
ROA not after:            Wed 03 Mar 2027 06:05:26 +0000
asID:                     142753
IP address blocks:        240a:a067::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:b6:12:83:e3:82:fd:97:f8:11:bc:32:73:47:f2:ca:24:70:ca:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:00:26 2026 GMT
            Not After : Mar  3 06:05:26 2027 GMT
        Subject: CN=167892F60A2503948F9337EBD67F7B36A1007C7C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:cc:0e:9d:77:59:05:5c:a2:a0:9e:ce:fb:52:
                    7d:93:9b:51:fb:fb:3b:3d:8e:4a:bb:fd:21:c3:18:
                    de:d9:63:cd:d1:3a:00:6f:7f:90:33:49:9f:e7:51:
                    75:fd:2c:13:a4:63:d7:18:d1:b1:f6:c9:9d:95:ea:
                    b2:82:a1:20:ba:f6:5f:ef:ae:60:91:c7:42:44:f1:
                    4a:6e:d1:c3:2a:82:dd:49:fc:e1:52:c5:51:80:84:
                    47:ac:81:b4:22:e9:84:0e:67:f9:21:5a:7f:ca:32:
                    75:73:05:8f:03:68:35:67:c9:75:21:0d:63:98:bf:
                    57:c3:e3:6e:2d:09:2b:a7:62:bf:46:81:90:8b:57:
                    26:e8:3f:d9:05:10:67:1b:2f:fc:98:ee:6f:39:41:
                    e9:1d:ad:fe:00:4a:4e:47:71:81:e3:5a:da:80:9b:
                    7d:3a:c2:d0:46:7e:48:e1:b3:64:67:4f:75:31:ae:
                    1b:d1:67:6e:51:b2:71:84:a5:ef:50:43:0b:2f:87:
                    c1:ac:72:c3:3c:24:0c:09:47:5d:3c:5b:28:2c:08:
                    05:13:15:5d:b6:76:70:8c:36:a0:48:22:69:9b:12:
                    44:13:b5:6c:57:8b:ab:0b:6a:a2:6a:13:85:ff:57:
                    c6:b5:b1:49:22:af:93:5b:17:da:be:75:94:3d:2c:
                    66:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:78:92:F6:0A:25:03:94:8F:93:37:EB:D6:7F:7B:36:A1:00:7C:7C
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS142753.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a067::/32

    Signature Algorithm: sha256WithRSAEncryption
         5e:fa:23:88:51:ac:12:13:d0:37:cd:75:c0:d1:c7:02:40:8d:
         d8:95:98:a0:f1:c3:bc:8d:d2:a4:78:a1:d7:1f:d6:4c:eb:45:
         d2:d7:da:e6:c6:dc:09:f3:0c:eb:bc:7a:2b:4c:34:59:3f:bd:
         4c:eb:de:9f:f5:70:92:f1:fb:27:8c:f4:4c:56:d0:af:06:b3:
         fa:af:dd:a0:a7:e8:e7:0a:b2:f9:9f:62:9c:bf:b3:1f:e2:7d:
         1b:a9:e5:16:bb:52:a0:2f:e5:77:f5:b3:63:d6:10:9e:8d:71:
         af:0f:d3:19:51:3b:1c:4e:74:49:89:54:9f:ba:47:98:4a:df:
         d8:c4:94:4b:67:90:18:a4:69:73:d4:c3:77:7d:45:23:7f:2e:
         65:2f:29:0a:05:2b:b4:82:7e:4e:b7:2c:26:fb:eb:d5:c0:74:
         f1:a0:db:7f:bb:d5:94:e1:2c:45:37:40:0a:12:2b:e4:1c:4c:
         e1:00:ad:68:1f:63:3b:8d:dd:c9:1b:d8:41:07:a9:60:d9:ec:
         a2:e0:59:5d:a3:22:89:cb:3c:c9:27:4c:8d:d4:2f:de:2b:b5:
         60:4e:ed:a7:9a:70:14:8b:d2:98:da:c0:c6:bf:ba:65:c8:27:
         39:11:7e:0c:bc:b7:a8:4e:d9:63:f2:58:81:85:88:79:a0:97:
         57:55:d9:13
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUYbYSg+OC/Zf4Ebwyc0fyyiRwymYwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDAyNloX
DTI3MDMwMzA2MDUyNlowMzExMC8GA1UEAxMoMTY3ODkyRjYwQTI1MDM5NDhGOTMz
N0VCRDY3RjdCMzZBMTAwN0M3QzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALnMDp13WQVcoqCezvtSfZObUfv7Oz2OSrv9IcMY3tljzdE6AG9/kDNJn+dR
df0sE6Rj1xjRsfbJnZXqsoKhILr2X++uYJHHQkTxSm7RwyqC3Un84VLFUYCER6yB
tCLphA5n+SFaf8oydXMFjwNoNWfJdSENY5i/V8Pjbi0JK6div0aBkItXJug/2QUQ
Zxsv/JjubzlB6R2t/gBKTkdxgeNa2oCbfTrC0EZ+SOGzZGdPdTGuG9FnblGycYSl
71BDCy+HwaxywzwkDAlHXTxbKCwIBRMVXbZ2cIw2oEgiaZsSRBO1bFeLqwtqomoT
hf9XxrWxSSKvk1sX2r51lD0sZhECAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQWeJL2
CiUDlI+TN+vWf3s2oQB8fDAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0Mjc1My5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
oGcwDQYJKoZIhvcNAQELBQADggEBAF76I4hRrBIT0DfNdcDRxwJAjdiVmKDxw7yN
0qR4odcf1kzrRdLX2ubG3AnzDOu8eitMNFk/vUzr3p/1cJLx+yeM9ExW0K8Gs/qv
3aCn6OcKsvmfYpy/sx/ifRup5Ra7UqAv5Xf1s2PWEJ6Nca8P0xlROxxOdEmJVJ+6
R5hK39jElEtnkBikaXPUw3d9RSN/LmUvKQoFK7SCfk63LCb769XAdPGg23+71ZTh
LEU3QAoSK+QcTOEArWgfYzuN3ckb2EEHqWDZ7KLgWV2jIonLPMknTI3UL94rtWBO
7aeacBSL0pjawMa/umXIJzkRfgy8t6hO2WPyWIGFiHmgl1dV2RM=
-----END CERTIFICATE-----