Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS142780.roa
File:                     AS142780.roa (raw, json)
Hash identifier:          OSp4Ee7Moe4IqZ4bZ7cy82M+szg8sX4rBE5ICuMNsSY=
Subject key identifier:   F2:A3:DD:3B:14:5B:58:7B:8B:9D:F7:D7:A9:C9:B4:B2:3D:4D:F6:7D
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       3E4A791BA838D0D692F4199927D595F5E10E4CA4
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS142780.roa
Signing time:             Wed 04 Mar 2026 06:06:51 +0000
ROA not before:           Wed 04 Mar 2026 06:01:51 +0000
ROA not after:            Wed 03 Mar 2027 06:06:51 +0000
asID:                     142780
IP address blocks:        240a:a082::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3e:4a:79:1b:a8:38:d0:d6:92:f4:19:99:27:d5:95:f5:e1:0e:4c:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:01:51 2026 GMT
            Not After : Mar  3 06:06:51 2027 GMT
        Subject: CN=F2A3DD3B145B587B8B9DF7D7A9C9B4B23D4DF67D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:3a:97:8b:cd:72:c3:81:42:07:54:6f:8a:a2:
                    6a:c9:9f:30:f3:d4:ed:b3:99:6d:19:83:10:75:92:
                    6a:d6:e1:06:74:30:d3:c5:ef:95:81:95:21:53:6b:
                    02:8e:d8:77:61:39:90:1e:d5:89:4e:b2:aa:9c:1e:
                    e4:fd:39:a6:62:bd:0f:b9:dc:52:54:df:a9:13:76:
                    e4:3c:90:8d:af:11:e4:c1:d5:4e:b3:91:9c:39:d1:
                    b7:25:7f:f5:87:96:ee:e2:cf:d2:dd:06:9f:5c:3b:
                    c2:e3:a7:bd:02:b8:a5:17:d3:b6:28:dc:49:23:bb:
                    f5:73:af:c7:98:0d:d8:09:34:18:a8:de:35:6b:81:
                    03:f3:64:f7:71:7e:6c:26:8b:8a:17:0d:77:8a:19:
                    05:e1:e3:61:5a:08:6f:d3:90:ca:c3:c3:b5:54:73:
                    9e:6b:16:03:d9:38:bd:1b:53:0f:bb:f5:40:ab:f4:
                    02:f9:10:50:8f:21:8d:a3:e6:cd:0c:5c:7b:1f:f7:
                    5e:2d:83:a6:73:30:00:62:b8:c4:83:32:08:84:80:
                    c1:19:fc:e7:19:75:58:3e:00:27:0a:57:e5:5c:c6:
                    0f:e7:9e:33:38:30:26:c3:f4:7b:11:18:cb:45:fd:
                    a3:44:ef:2c:6b:79:ae:b3:30:96:29:bc:e4:12:dc:
                    8f:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:A3:DD:3B:14:5B:58:7B:8B:9D:F7:D7:A9:C9:B4:B2:3D:4D:F6:7D
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS142780.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a082::/32

    Signature Algorithm: sha256WithRSAEncryption
         a6:91:3e:a5:1d:d5:ca:09:e8:2b:f9:df:86:0f:0a:a4:f3:e4:
         d0:b5:11:b7:55:72:02:90:34:00:d4:ac:de:e1:f0:44:e7:1a:
         9a:c3:12:35:cd:2a:38:06:a1:96:41:7b:14:9c:8f:b2:22:1e:
         9e:7f:a8:4b:7e:c8:4e:d6:4a:81:00:f6:3f:a0:ae:aa:ad:3a:
         42:1b:06:e8:a1:7b:df:c3:e5:29:36:ae:b3:91:93:ae:c8:40:
         45:1c:b0:79:39:b0:ec:92:d8:21:76:2d:30:95:f9:fc:1f:73:
         ec:c6:cf:cb:f0:f9:c8:a0:a5:f2:9d:4d:b2:dc:54:16:af:a1:
         3c:72:8f:18:fb:3d:80:6a:f8:f0:61:80:a1:1e:80:67:6b:97:
         d2:94:55:3d:00:cf:ad:cc:97:60:cc:1f:12:37:fd:f1:85:d5:
         39:4f:07:ca:93:f7:0e:0f:85:27:07:45:5a:c0:65:25:94:9c:
         38:51:1e:79:41:bb:2c:9e:b6:9d:93:eb:f1:dd:4e:71:4b:1a:
         5b:9f:41:60:0d:e2:c5:be:50:90:16:0f:4c:97:2d:ac:3b:d1:
         60:26:b7:3f:26:ee:81:6a:20:75:d1:e4:71:80:4b:43:67:a3:
         d7:48:db:dc:ba:3c:2c:35:8b:40:3d:53:37:11:ff:dd:21:6f:
         20:d7:a8:0b
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUPkp5G6g40NaS9BmZJ9WV9eEOTKQwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDE1MVoX
DTI3MDMwMzA2MDY1MVowMzExMC8GA1UEAxMoRjJBM0REM0IxNDVCNTg3QjhCOURG
N0Q3QTlDOUI0QjIzRDRERjY3RDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL06l4vNcsOBQgdUb4qiasmfMPPU7bOZbRmDEHWSatbhBnQw08XvlYGVIVNr
Ao7Yd2E5kB7ViU6yqpwe5P05pmK9D7ncUlTfqRN25DyQja8R5MHVTrORnDnRtyV/
9YeW7uLP0t0Gn1w7wuOnvQK4pRfTtijcSSO79XOvx5gN2Ak0GKjeNWuBA/Nk93F+
bCaLihcNd4oZBeHjYVoIb9OQysPDtVRznmsWA9k4vRtTD7v1QKv0AvkQUI8hjaPm
zQxcex/3Xi2DpnMwAGK4xIMyCISAwRn85xl1WD4AJwpX5VzGD+eeMzgwJsP0exEY
y0X9o0TvLGt5rrMwlim85BLcj/8CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBTyo907
FFtYe4ud99epybSyPU32fTAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0Mjc4MC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
oIIwDQYJKoZIhvcNAQELBQADggEBAKaRPqUd1coJ6Cv534YPCqTz5NC1EbdVcgKQ
NADUrN7h8ETnGprDEjXNKjgGoZZBexScj7IiHp5/qEt+yE7WSoEA9j+grqqtOkIb
Buihe9/D5Sk2rrORk67IQEUcsHk5sOyS2CF2LTCV+fwfc+zGz8vw+cigpfKdTbLc
VBavoTxyjxj7PYBq+PBhgKEegGdrl9KUVT0Az63Ml2DMHxI3/fGF1TlPB8qT9w4P
hScHRVrAZSWUnDhRHnlBuyyetp2T6/HdTnFLGlufQWAN4sW+UJAWD0yXLaw70WAm
tz8m7oFqIHXR5HGAS0Nno9dI29y6PCw1i0A9UzcR/90hbyDXqAs=
-----END CERTIFICATE-----