Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS142774.roa
File:                     AS142774.roa (raw, json)
Hash identifier:          0bLZmnTpauPWr+mBRn3+mRhfHLFwj0wNHZxuS4iM9nA=
Subject key identifier:   19:0D:E0:CD:EE:83:CE:23:7A:A7:EE:4F:68:18:BD:5C:40:7F:39:80
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       37520D50D7F974AB1824EA0D301E0F3DA88A9E51
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS142774.roa
Signing time:             Wed 04 Mar 2026 06:05:53 +0000
ROA not before:           Wed 04 Mar 2026 06:00:53 +0000
ROA not after:            Wed 03 Mar 2027 06:05:53 +0000
asID:                     142774
IP address blocks:        240a:a07c::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:52:0d:50:d7:f9:74:ab:18:24:ea:0d:30:1e:0f:3d:a8:8a:9e:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:00:53 2026 GMT
            Not After : Mar  3 06:05:53 2027 GMT
        Subject: CN=190DE0CDEE83CE237AA7EE4F6818BD5C407F3980
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:47:aa:2c:60:bc:4e:7d:d1:97:60:9b:64:a2:
                    a6:c3:f9:b5:35:59:eb:32:af:22:5b:14:c9:a3:57:
                    4f:79:84:70:18:9c:65:68:a3:78:48:75:93:9c:4e:
                    bc:b2:71:00:96:7f:d6:de:04:a8:58:a6:8d:01:c8:
                    01:30:a6:b5:6b:6b:1a:84:76:96:a4:c9:a5:c1:63:
                    09:a8:db:f5:f6:be:7f:7b:17:aa:4e:09:b1:07:9a:
                    0b:9d:a3:c7:d3:b3:23:de:40:87:e7:60:93:f2:45:
                    35:ae:94:b7:d9:bc:bb:af:c0:50:48:a5:86:f3:af:
                    d4:c8:54:d0:d8:91:59:43:e8:75:4d:60:60:12:51:
                    15:2c:d2:37:60:4e:0f:c7:2d:36:c5:fc:b6:f0:f0:
                    67:89:8d:1e:e0:4f:60:bf:62:6d:11:87:d8:0e:91:
                    ab:d6:a7:b2:46:d5:84:59:be:60:b4:d5:6e:bb:dd:
                    2b:0e:5b:be:b2:a8:d5:27:fc:c4:1c:b0:72:56:f5:
                    31:a1:86:10:22:0e:90:89:b4:1a:c0:fe:b0:8e:23:
                    17:76:19:77:01:1f:49:3c:53:0e:2b:d6:0b:c6:30:
                    0a:3b:ab:ef:18:21:56:68:c0:46:4e:99:42:81:08:
                    a5:22:ff:c7:b8:8a:e0:bb:3c:5a:08:96:b5:e3:ab:
                    3d:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:0D:E0:CD:EE:83:CE:23:7A:A7:EE:4F:68:18:BD:5C:40:7F:39:80
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS142774.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a07c::/32

    Signature Algorithm: sha256WithRSAEncryption
         b2:bd:41:ae:b3:ac:18:38:e8:76:e5:ac:0b:14:8a:a1:5a:f0:
         66:18:c7:b1:b9:c2:1b:8f:d1:30:96:83:61:f1:fd:00:c1:6d:
         da:b0:51:77:48:d2:48:7c:cd:4e:6a:cb:fc:5f:74:0a:71:ce:
         6a:5f:5b:f1:f7:ac:e2:0c:9f:35:b4:4d:41:93:de:4c:f8:78:
         5a:64:6f:20:b0:dc:fd:14:06:0e:cf:71:69:c1:02:60:b7:93:
         46:3d:34:6c:3c:d1:f8:3b:7c:ca:7c:b0:16:81:fc:29:dd:e2:
         b5:c8:7b:41:46:0c:02:83:c8:e8:3b:f9:9d:9c:97:dd:bd:ba:
         94:3c:8a:37:51:cd:37:04:fa:62:32:aa:71:1f:13:46:c5:3a:
         cb:fc:57:08:3f:ba:10:26:b7:60:2e:8e:1c:86:36:6e:69:c7:
         1c:09:8c:50:0b:12:7f:49:8c:e1:2c:11:1b:77:82:72:93:34:
         91:73:c4:08:71:e6:5d:90:28:06:13:a4:6f:b4:75:f7:73:e9:
         47:de:2a:93:f7:2e:45:f3:1f:62:dc:fe:8d:92:44:0e:05:ce:
         5a:56:de:14:70:2b:5d:a8:c2:d1:5f:84:9a:60:67:cb:04:9c:
         20:c3:22:69:72:ee:36:bb:c6:b7:6c:be:15:16:8d:43:6c:d3:
         a9:b6:42:c8
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUN1INUNf5dKsYJOoNMB4PPaiKnlEwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDA1M1oX
DTI3MDMwMzA2MDU1M1owMzExMC8GA1UEAxMoMTkwREUwQ0RFRTgzQ0UyMzdBQTdF
RTRGNjgxOEJENUM0MDdGMzk4MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAN5HqixgvE590Zdgm2SipsP5tTVZ6zKvIlsUyaNXT3mEcBicZWijeEh1k5xO
vLJxAJZ/1t4EqFimjQHIATCmtWtrGoR2lqTJpcFjCajb9fa+f3sXqk4JsQeaC52j
x9OzI95Ah+dgk/JFNa6Ut9m8u6/AUEilhvOv1MhU0NiRWUPodU1gYBJRFSzSN2BO
D8ctNsX8tvDwZ4mNHuBPYL9ibRGH2A6Rq9anskbVhFm+YLTVbrvdKw5bvrKo1Sf8
xBywclb1MaGGECIOkIm0GsD+sI4jF3YZdwEfSTxTDivWC8YwCjur7xghVmjARk6Z
QoEIpSL/x7iK4Ls8WgiWteOrPX0CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQZDeDN
7oPOI3qn7k9oGL1cQH85gDAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0Mjc3NC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
oHwwDQYJKoZIhvcNAQELBQADggEBALK9Qa6zrBg46HblrAsUiqFa8GYYx7G5whuP
0TCWg2Hx/QDBbdqwUXdI0kh8zU5qy/xfdApxzmpfW/H3rOIMnzW0TUGT3kz4eFpk
byCw3P0UBg7PcWnBAmC3k0Y9NGw80fg7fMp8sBaB/Cnd4rXIe0FGDAKDyOg7+Z2c
l929upQ8ijdRzTcE+mIyqnEfE0bFOsv8Vwg/uhAmt2AujhyGNm5pxxwJjFALEn9J
jOEsERt3gnKTNJFzxAhx5l2QKAYTpG+0dfdz6UfeKpP3LkXzH2Lc/o2SRA4FzlpW
3hRwK12owtFfhJpgZ8sEnCDDImly7ja7xrdsvhUWjUNs06m2Qsg=
-----END CERTIFICATE-----