Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS142778.roa
File:                     AS142778.roa (raw, json)
Hash identifier:          C22NG1Q2l033bI/C1CWovnGBqYLfGYKyajQdg3DMJVY=
Subject key identifier:   79:15:2F:DB:FF:1D:88:61:0D:B1:1E:E0:B6:87:6E:C5:22:E8:2F:6D
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       7B1F71B6D26D84C0B355DD2A087C3777F90C70CD
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS142778.roa
Signing time:             Wed 04 Mar 2026 06:07:32 +0000
ROA not before:           Wed 04 Mar 2026 06:02:32 +0000
ROA not after:            Wed 03 Mar 2027 06:07:32 +0000
asID:                     142778
IP address blocks:        240a:a080::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7b:1f:71:b6:d2:6d:84:c0:b3:55:dd:2a:08:7c:37:77:f9:0c:70:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:02:32 2026 GMT
            Not After : Mar  3 06:07:32 2027 GMT
        Subject: CN=79152FDBFF1D88610DB11EE0B6876EC522E82F6D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:db:91:e9:55:98:79:fc:bb:4e:28:04:f0:1e:
                    de:85:8b:5c:cc:c4:bf:da:68:f5:8f:5e:bc:c4:af:
                    34:f1:ec:52:d0:12:b7:d8:14:70:60:fc:3f:9e:ae:
                    1d:6d:c9:68:1e:72:60:2b:cd:dd:ad:66:71:53:f0:
                    5d:61:8c:a3:78:e3:74:f2:91:91:2f:9a:ac:4c:4b:
                    b8:3f:e6:57:77:19:c5:08:ce:d9:58:e1:6b:d4:de:
                    0d:35:4f:98:91:5c:0b:08:98:0a:45:01:14:84:34:
                    1f:6e:c0:ab:d8:3a:c0:5a:25:c6:31:97:7d:29:dc:
                    0c:04:1a:42:90:c7:5a:37:35:3e:05:bf:21:7f:5b:
                    cd:4f:32:ac:18:2f:fe:a5:0a:82:ea:f5:76:f3:d4:
                    31:b1:a6:c7:d3:fa:21:da:d2:dd:b4:ef:a3:c2:c0:
                    5a:57:87:e0:e0:4a:84:a9:50:39:00:d1:a0:74:c5:
                    e4:c0:df:34:fa:56:c0:98:18:0e:06:96:fa:e2:49:
                    f3:ff:46:7a:81:4b:7a:96:f1:49:4b:6c:bd:05:3a:
                    a8:6d:c6:84:0b:c2:18:db:ae:25:ec:13:04:02:76:
                    e7:2b:a9:df:f2:df:6a:02:90:81:ba:d2:80:1b:85:
                    97:ae:39:44:85:e9:be:4d:be:c2:8c:fa:4d:99:ba:
                    ea:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:15:2F:DB:FF:1D:88:61:0D:B1:1E:E0:B6:87:6E:C5:22:E8:2F:6D
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS142778.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a080::/32

    Signature Algorithm: sha256WithRSAEncryption
         d9:b3:11:e8:d5:72:37:89:22:f0:f1:ed:2c:16:3c:69:92:a6:
         97:5f:4f:2b:00:d3:11:cb:e5:a3:4f:cd:54:f9:a4:c1:18:35:
         0e:71:71:64:a4:e9:47:ec:c0:2d:70:7c:da:95:08:72:60:68:
         86:8c:68:cd:99:97:c7:55:20:d7:19:ad:14:3d:34:a9:b0:9a:
         35:0c:10:f9:d5:95:75:63:57:54:36:b7:17:4f:d2:64:11:24:
         e2:b1:ca:df:e1:a8:53:7e:5d:87:13:83:73:97:0c:a3:f2:0d:
         43:90:c9:5b:44:11:57:af:6a:b5:8f:bc:7f:45:1c:23:27:40:
         53:9c:51:64:03:f1:e5:a2:24:70:03:53:0f:dc:00:1f:f2:9b:
         c0:eb:f1:2d:13:60:21:3c:25:da:48:71:5e:77:38:ad:f2:87:
         8d:ed:9c:69:01:a8:a9:18:53:5c:60:e8:31:ad:04:0b:55:cc:
         2b:f6:56:b8:9b:54:db:a3:99:ce:25:92:26:50:15:49:1a:37:
         97:c6:28:22:d2:07:8e:a2:b5:cf:bd:f4:86:73:93:ac:aa:50:
         6d:96:59:61:3e:1c:c4:df:20:5c:95:49:ef:86:50:cc:5b:50:
         35:5b:05:00:29:7c:d0:c8:fc:3b:26:56:03:9e:e0:53:51:43:
         86:0c:c3:1f
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUex9xttJthMCzVd0qCHw3d/kMcM0wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDIzMloX
DTI3MDMwMzA2MDczMlowMzExMC8GA1UEAxMoNzkxNTJGREJGRjFEODg2MTBEQjEx
RUUwQjY4NzZFQzUyMkU4MkY2RDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK/bkelVmHn8u04oBPAe3oWLXMzEv9po9Y9evMSvNPHsUtASt9gUcGD8P56u
HW3JaB5yYCvN3a1mcVPwXWGMo3jjdPKRkS+arExLuD/mV3cZxQjO2Vjha9TeDTVP
mJFcCwiYCkUBFIQ0H27Aq9g6wFolxjGXfSncDAQaQpDHWjc1PgW/IX9bzU8yrBgv
/qUKgur1dvPUMbGmx9P6IdrS3bTvo8LAWleH4OBKhKlQOQDRoHTF5MDfNPpWwJgY
DgaW+uJJ8/9GeoFLepbxSUtsvQU6qG3GhAvCGNuuJewTBAJ25yup3/LfagKQgbrS
gBuFl645RIXpvk2+woz6TZm66mECAwEAAaOCAcUwggHBMB0GA1UdDgQWBBR5FS/b
/x2IYQ2xHuC2h27FIugvbTAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0Mjc3OC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
oIAwDQYJKoZIhvcNAQELBQADggEBANmzEejVcjeJIvDx7SwWPGmSppdfTysA0xHL
5aNPzVT5pMEYNQ5xcWSk6UfswC1wfNqVCHJgaIaMaM2Zl8dVINcZrRQ9NKmwmjUM
EPnVlXVjV1Q2txdP0mQRJOKxyt/hqFN+XYcTg3OXDKPyDUOQyVtEEVevarWPvH9F
HCMnQFOcUWQD8eWiJHADUw/cAB/ym8Dr8S0TYCE8JdpIcV53OK3yh43tnGkBqKkY
U1xg6DGtBAtVzCv2VribVNujmc4lkiZQFUkaN5fGKCLSB46itc+99IZzk6yqUG2W
WWE+HMTfIFyVSe+GUMxbUDVbBQApfNDI/DsmVgOe4FNRQ4YMwx8=
-----END CERTIFICATE-----