Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS142766.roa
File:                     AS142766.roa (raw, json)
Hash identifier:          mrl7jeCannUqozItSHIfTNJW2d83MFAooXc2YV446R4=
Subject key identifier:   43:8B:0C:35:61:8A:58:D2:C3:D0:B0:A7:18:6C:27:D8:66:D3:9E:CF
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       5C965C68E019DADB91ADBA6CAE095CBADE916327
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS142766.roa
Signing time:             Wed 04 Mar 2026 06:06:32 +0000
ROA not before:           Wed 04 Mar 2026 06:01:32 +0000
ROA not after:            Wed 03 Mar 2027 06:06:32 +0000
asID:                     142766
IP address blocks:        240a:a074::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5c:96:5c:68:e0:19:da:db:91:ad:ba:6c:ae:09:5c:ba:de:91:63:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:01:32 2026 GMT
            Not After : Mar  3 06:06:32 2027 GMT
        Subject: CN=438B0C35618A58D2C3D0B0A7186C27D866D39ECF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:85:08:42:ae:91:a6:f0:9c:85:4c:ad:ed:8c:
                    a1:d4:41:71:2d:2d:0a:97:6b:07:18:63:d6:e6:b6:
                    e8:a1:49:38:fe:a4:51:00:36:03:b5:2f:59:5b:60:
                    0f:de:1d:14:d9:f8:b8:52:53:0d:47:3a:f9:17:21:
                    88:fb:4b:bc:a9:7f:c3:99:ee:be:d7:9b:89:bd:13:
                    c5:aa:50:e6:7c:d2:46:7a:19:06:9a:2a:e7:27:4f:
                    3c:33:65:be:9d:90:ac:7b:74:ab:74:52:38:d4:d5:
                    03:61:a2:52:29:ae:b9:d6:03:18:ba:e5:2f:e2:7e:
                    22:83:2a:c7:1f:bb:ae:89:ac:9f:bd:c1:81:37:fa:
                    69:55:6f:c2:dc:60:17:72:3a:6b:b0:10:7a:ec:d6:
                    ae:38:fa:e7:b5:47:13:b7:ef:d8:54:d3:a5:67:6f:
                    c6:12:3e:60:9c:5a:2f:77:b5:77:2f:04:de:b2:8f:
                    4f:09:5c:61:0e:02:8a:68:4d:d0:0a:e6:2b:c4:cc:
                    09:06:8f:e4:d5:79:11:d1:c1:6f:8d:c3:b7:ff:cf:
                    65:0c:62:77:03:25:ef:9b:88:de:fb:0e:30:eb:ce:
                    1b:c3:0b:51:ad:9e:66:4d:76:12:c0:53:ee:32:18:
                    43:d1:9e:0f:c9:73:b8:09:d0:62:e7:ae:70:f5:6f:
                    e3:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:8B:0C:35:61:8A:58:D2:C3:D0:B0:A7:18:6C:27:D8:66:D3:9E:CF
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS142766.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a074::/32

    Signature Algorithm: sha256WithRSAEncryption
         99:0d:b4:e1:e6:af:0d:02:81:81:60:77:3e:a9:02:d1:f5:f8:
         09:c7:ab:72:ce:3d:3c:a5:49:f6:b0:58:97:e5:5d:ea:ed:26:
         59:25:af:53:42:6e:28:4d:d7:66:61:8f:d5:16:7d:4e:65:67:
         f0:c0:c9:a6:5e:c8:46:39:e2:4e:6e:71:63:b1:5a:18:eb:63:
         f1:c8:45:cd:6f:80:fe:e2:22:ef:5c:b8:ca:73:e3:0c:59:53:
         57:b6:a4:92:1e:38:fa:e7:b7:fa:bf:a9:49:24:73:17:d6:f6:
         9d:ba:ec:b4:29:c1:24:f8:d1:ed:61:b9:8d:60:05:10:5a:8f:
         90:1a:f3:e1:6b:10:98:b5:79:d4:5f:0c:e3:93:9b:18:b9:c4:
         98:fb:3f:a7:17:fa:16:81:fd:1e:55:91:55:2d:8a:83:0a:d6:
         91:24:c6:7e:c2:81:cf:f4:68:97:c2:10:1d:95:52:be:5e:63:
         6b:e4:04:00:eb:33:98:cc:e9:23:65:48:09:ae:4c:77:33:cd:
         7c:04:35:69:14:c8:0a:6f:83:81:88:15:09:e9:f1:54:13:92:
         9a:f7:74:c0:ec:8b:83:a2:a3:07:84:f3:8f:ed:bf:cf:c8:cd:
         6f:54:50:b3:42:4d:47:85:c7:6e:31:62:3f:ce:eb:e2:e9:a0:
         bb:01:63:86
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUXJZcaOAZ2tuRrbpsrglcut6RYycwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDEzMloX
DTI3MDMwMzA2MDYzMlowMzExMC8GA1UEAxMoNDM4QjBDMzU2MThBNThEMkMzRDBC
MEE3MTg2QzI3RDg2NkQzOUVDRjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOeFCEKukabwnIVMre2ModRBcS0tCpdrBxhj1ua26KFJOP6kUQA2A7UvWVtg
D94dFNn4uFJTDUc6+RchiPtLvKl/w5nuvtebib0TxapQ5nzSRnoZBpoq5ydPPDNl
vp2QrHt0q3RSONTVA2GiUimuudYDGLrlL+J+IoMqxx+7romsn73BgTf6aVVvwtxg
F3I6a7AQeuzWrjj657VHE7fv2FTTpWdvxhI+YJxaL3e1dy8E3rKPTwlcYQ4CimhN
0ArmK8TMCQaP5NV5EdHBb43Dt//PZQxidwMl75uI3vsOMOvOG8MLUa2eZk12EsBT
7jIYQ9GeD8lzuAnQYueucPVv45MCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBRDiww1
YYpY0sPQsKcYbCfYZtOezzAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0Mjc2Ni5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
oHQwDQYJKoZIhvcNAQELBQADggEBAJkNtOHmrw0CgYFgdz6pAtH1+AnHq3LOPTyl
SfawWJflXertJlklr1NCbihN12Zhj9UWfU5lZ/DAyaZeyEY54k5ucWOxWhjrY/HI
Rc1vgP7iIu9cuMpz4wxZU1e2pJIeOPrnt/q/qUkkcxfW9p267LQpwST40e1huY1g
BRBaj5Aa8+FrEJi1edRfDOOTmxi5xJj7P6cX+haB/R5VkVUtioMK1pEkxn7Cgc/0
aJfCEB2VUr5eY2vkBADrM5jM6SNlSAmuTHczzXwENWkUyApvg4GIFQnp8VQTkpr3
dMDsi4OioweE84/tv8/IzW9UULNCTUeFx24xYj/O6+LpoLsBY4Y=
-----END CERTIFICATE-----