Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS142784.roa
File:                     AS142784.roa (raw, json)
Hash identifier:          pz799ta7IUZwt8sWBRGc/mbiJwjyxUda0zsJatWvqQs=
Subject key identifier:   00:77:AC:5D:8B:D6:DB:8F:55:25:1E:D7:3C:3E:8E:29:50:5C:40:67
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       0D80832065C86F375A716EFDB8EE95C438E245F4
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS142784.roa
Signing time:             Wed 04 Mar 2026 06:05:14 +0000
ROA not before:           Wed 04 Mar 2026 06:00:14 +0000
ROA not after:            Wed 03 Mar 2027 06:05:14 +0000
asID:                     142784
IP address blocks:        240a:a086::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:80:83:20:65:c8:6f:37:5a:71:6e:fd:b8:ee:95:c4:38:e2:45:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:00:14 2026 GMT
            Not After : Mar  3 06:05:14 2027 GMT
        Subject: CN=0077AC5D8BD6DB8F55251ED73C3E8E29505C4067
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:e6:98:38:32:a2:e1:76:65:f9:64:0a:ba:92:
                    d2:7b:a7:f9:1b:2f:98:ea:3c:be:52:8a:d2:8f:3f:
                    1f:ea:d7:86:8e:20:42:e5:35:f7:ba:8b:63:cc:86:
                    a4:97:53:b5:2c:c9:17:3b:e9:05:b8:9d:c2:70:17:
                    e8:8b:fb:38:63:9b:ea:4f:64:7a:45:03:9d:a3:45:
                    6b:e8:aa:f3:66:b4:04:10:ae:d0:57:be:56:47:98:
                    52:f2:d2:fe:ad:93:03:5e:a2:86:5f:bb:4f:7b:e6:
                    b5:bb:db:ee:7e:ba:b1:17:86:5a:14:02:7e:1b:f8:
                    7f:8d:c3:27:e7:df:23:d9:f2:d2:6d:82:d6:f2:6e:
                    b8:77:ab:ae:76:f8:ee:d6:16:93:e4:ef:aa:c2:0f:
                    4b:c8:14:6b:d2:d0:b6:90:f6:12:03:60:df:08:ae:
                    bc:31:ac:91:9c:b1:01:2c:26:85:a6:78:9c:4a:63:
                    0b:f0:89:d9:c5:1b:db:a2:f5:ef:ce:50:80:c9:a7:
                    48:77:93:e8:7b:b3:c5:8d:08:ea:50:e9:0b:eb:20:
                    8a:2f:c8:76:ff:8c:31:6b:bd:d0:85:81:82:cd:7a:
                    db:6c:28:75:9f:de:61:a0:16:ae:0b:5b:74:b9:a4:
                    26:5e:7c:89:03:89:f7:c5:bb:84:b6:46:79:ec:0b:
                    c9:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:77:AC:5D:8B:D6:DB:8F:55:25:1E:D7:3C:3E:8E:29:50:5C:40:67
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS142784.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a086::/32

    Signature Algorithm: sha256WithRSAEncryption
         52:36:b7:2b:45:83:27:4e:29:53:2f:c2:1e:71:48:4e:51:9e:
         41:b4:31:ee:6e:a3:c1:24:4e:04:8e:74:47:af:85:e8:82:da:
         88:93:7d:81:be:49:89:1a:a1:5b:78:70:03:34:bc:4b:86:81:
         bc:49:b0:f8:ad:18:f1:7a:b8:64:47:15:ca:93:1c:9f:b5:74:
         95:ab:fe:23:45:17:31:e1:d0:4f:21:9f:8b:dc:06:1e:11:62:
         5a:b5:3b:40:84:b2:f1:d2:f0:7b:78:c1:fa:5a:92:77:cb:e0:
         36:08:a7:ad:e7:c3:5d:03:a1:6d:ba:0b:64:89:83:2d:68:4a:
         e1:4a:90:c0:98:4b:5a:e1:ad:c0:a8:30:b6:08:a0:bc:79:c8:
         11:13:86:7d:86:65:23:a3:bb:ac:5b:ca:7d:61:d4:ce:19:ad:
         c7:b5:db:13:c9:07:37:e3:d0:21:66:71:d9:37:ff:b2:64:68:
         d9:24:0d:df:52:c7:ba:76:72:37:de:c5:bb:d6:b7:83:42:be:
         de:40:0e:1a:17:43:18:e3:56:c7:17:e6:18:10:c8:3f:ad:de:
         4f:d2:a7:1d:28:09:e6:be:7a:28:92:4c:1b:9b:7e:7d:c3:88:
         f1:be:95:59:ef:16:1c:8f:b3:18:ac:b0:3b:b4:87:e7:41:09:
         77:66:51:22
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUDYCDIGXIbzdacW79uO6VxDjiRfQwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDAxNFoX
DTI3MDMwMzA2MDUxNFowMzExMC8GA1UEAxMoMDA3N0FDNUQ4QkQ2REI4RjU1MjUx
RUQ3M0MzRThFMjk1MDVDNDA2NzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL3mmDgyouF2ZflkCrqS0nun+RsvmOo8vlKK0o8/H+rXho4gQuU197qLY8yG
pJdTtSzJFzvpBbidwnAX6Iv7OGOb6k9kekUDnaNFa+iq82a0BBCu0Fe+VkeYUvLS
/q2TA16ihl+7T3vmtbvb7n66sReGWhQCfhv4f43DJ+ffI9ny0m2C1vJuuHerrnb4
7tYWk+TvqsIPS8gUa9LQtpD2EgNg3wiuvDGskZyxASwmhaZ4nEpjC/CJ2cUb26L1
785QgMmnSHeT6HuzxY0I6lDpC+sgii/Idv+MMWu90IWBgs1622wodZ/eYaAWrgtb
dLmkJl58iQOJ98W7hLZGeewLyXsCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQAd6xd
i9bbj1UlHtc8Po4pUFxAZzAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0Mjc4NC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
oIYwDQYJKoZIhvcNAQELBQADggEBAFI2tytFgydOKVMvwh5xSE5RnkG0Me5uo8Ek
TgSOdEevheiC2oiTfYG+SYkaoVt4cAM0vEuGgbxJsPitGPF6uGRHFcqTHJ+1dJWr
/iNFFzHh0E8hn4vcBh4RYlq1O0CEsvHS8Ht4wfpaknfL4DYIp63nw10DoW26C2SJ
gy1oSuFKkMCYS1rhrcCoMLYIoLx5yBEThn2GZSOju6xbyn1h1M4Zrce12xPJBzfj
0CFmcdk3/7JkaNkkDd9Sx7p2cjfexbvWt4NCvt5ADhoXQxjjVscX5hgQyD+t3k/S
px0oCea+eiiSTBubfn3DiPG+lVnvFhyPsxissDu0h+dBCXdmUSI=
-----END CERTIFICATE-----