Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS142802.roa
File:                     AS142802.roa (raw, json)
Hash identifier:          CURRJ9lXnnrJErnu5xKzmjzJG7fFD7TEouzFzKDrkos=
Subject key identifier:   DC:68:B9:1F:17:47:C1:A8:1A:1F:81:0E:68:5A:D8:95:C4:77:64:D2
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       43E79E0FB7AE2C0F56F6FC9D660CA705118A0D87
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS142802.roa
Signing time:             Wed 04 Mar 2026 06:07:17 +0000
ROA not before:           Wed 04 Mar 2026 06:02:17 +0000
ROA not after:            Wed 03 Mar 2027 06:07:17 +0000
asID:                     142802
IP address blocks:        240a:a098::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:e7:9e:0f:b7:ae:2c:0f:56:f6:fc:9d:66:0c:a7:05:11:8a:0d:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:02:17 2026 GMT
            Not After : Mar  3 06:07:17 2027 GMT
        Subject: CN=DC68B91F1747C1A81A1F810E685AD895C47764D2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:f0:08:b4:17:c3:21:8c:07:ff:75:77:fe:bb:
                    7e:3f:d8:45:ea:a7:6a:71:fe:b5:cb:22:44:00:16:
                    93:bf:1b:45:3b:70:93:f6:1e:0e:1d:84:15:b0:2e:
                    69:82:77:78:2a:14:8d:99:a6:fa:03:ec:52:fc:78:
                    2b:2d:74:b0:67:b7:5b:89:0c:a7:2a:0c:3e:92:75:
                    85:f6:02:07:38:c2:41:5b:72:61:f7:ff:a6:9a:3f:
                    6a:38:45:ec:ae:10:87:f3:9b:c2:d8:70:ec:a4:9b:
                    cb:70:8b:f8:d6:07:48:fb:39:fc:99:37:4d:79:e8:
                    6c:bd:4d:7f:e2:9e:26:54:c0:a6:3b:d9:7f:b4:77:
                    46:9e:fb:14:c6:e1:61:f6:89:14:37:6c:c0:82:99:
                    d8:a1:70:dc:df:1b:71:64:53:08:a3:08:73:d4:9c:
                    c9:66:87:c5:7d:98:e8:78:60:b2:86:fa:21:13:22:
                    f9:bc:6e:67:d2:79:1d:19:c2:d5:b1:c0:ed:4a:f4:
                    85:2c:55:3f:74:38:11:7b:6a:bc:6a:b0:05:0e:1a:
                    a9:1d:19:13:6b:ae:70:99:59:12:f2:4f:14:27:06:
                    9b:24:0e:f0:71:85:a6:77:20:a6:56:01:29:f0:4a:
                    2a:cf:42:67:99:ea:e7:a3:9a:ff:8c:af:5a:84:ef:
                    84:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:68:B9:1F:17:47:C1:A8:1A:1F:81:0E:68:5A:D8:95:C4:77:64:D2
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS142802.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a098::/32

    Signature Algorithm: sha256WithRSAEncryption
         2d:66:20:61:c2:9c:fc:80:7f:62:5c:a2:90:80:d3:61:01:e7:
         06:86:fd:78:2a:60:36:95:2e:57:0d:4e:58:aa:ae:da:84:62:
         3c:75:f4:44:c7:99:11:3e:7b:d9:75:05:a3:67:bf:3b:51:c7:
         65:8e:74:b2:7f:a8:ca:36:4e:b8:f2:b6:19:48:14:e6:a3:ab:
         49:45:cb:66:52:c5:5d:42:a9:58:93:e5:08:1c:a5:6e:34:00:
         09:78:9d:0a:55:ae:d5:a2:db:1d:e8:05:bc:c0:f7:09:95:2e:
         a6:bc:55:53:f2:3d:16:d8:88:d8:fe:79:e1:6b:92:36:d3:aa:
         e0:ba:38:88:0f:29:a2:80:db:a2:04:50:3b:87:e2:88:f3:e5:
         af:77:eb:bf:7c:34:5d:86:1a:29:78:bc:84:e1:22:a8:34:b6:
         2d:a4:08:fc:62:5a:6b:f8:32:9b:bc:8d:96:dd:73:04:a5:e0:
         71:9e:ec:fe:03:5a:f2:f4:fb:af:d5:83:a7:32:db:25:09:88:
         db:d7:48:7a:c0:99:1d:e6:c9:59:f9:8e:64:c7:76:f7:51:50:
         1d:54:33:7c:d2:17:ea:eb:63:2e:63:bc:92:c5:d1:c5:e7:e9:
         f4:1f:2b:9b:ad:2f:02:6b:58:96:29:fe:b0:7a:2b:63:4a:08:
         7f:2b:a8:09
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUQ+eeD7euLA9W9vydZgynBRGKDYcwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDIxN1oX
DTI3MDMwMzA2MDcxN1owMzExMC8GA1UEAxMoREM2OEI5MUYxNzQ3QzFBODFBMUY4
MTBFNjg1QUQ4OTVDNDc3NjREMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOLwCLQXwyGMB/91d/67fj/YReqnanH+tcsiRAAWk78bRTtwk/YeDh2EFbAu
aYJ3eCoUjZmm+gPsUvx4Ky10sGe3W4kMpyoMPpJ1hfYCBzjCQVtyYff/ppo/ajhF
7K4Qh/Obwthw7KSby3CL+NYHSPs5/Jk3TXnobL1Nf+KeJlTApjvZf7R3Rp77FMbh
YfaJFDdswIKZ2KFw3N8bcWRTCKMIc9ScyWaHxX2Y6Hhgsob6IRMi+bxuZ9J5HRnC
1bHA7Ur0hSxVP3Q4EXtqvGqwBQ4aqR0ZE2uucJlZEvJPFCcGmyQO8HGFpncgplYB
KfBKKs9CZ5nq56Oa/4yvWoTvhOECAwEAAaOCAcUwggHBMB0GA1UdDgQWBBTcaLkf
F0fBqBofgQ5oWtiVxHdk0jAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MjgwMi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
oJgwDQYJKoZIhvcNAQELBQADggEBAC1mIGHCnPyAf2JcopCA02EB5waG/XgqYDaV
LlcNTliqrtqEYjx19ETHmRE+e9l1BaNnvztRx2WOdLJ/qMo2TrjythlIFOajq0lF
y2ZSxV1CqViT5QgcpW40AAl4nQpVrtWi2x3oBbzA9wmVLqa8VVPyPRbYiNj+eeFr
kjbTquC6OIgPKaKA26IEUDuH4ojz5a936798NF2GGil4vIThIqg0ti2kCPxiWmv4
Mpu8jZbdcwSl4HGe7P4DWvL0+6/Vg6cy2yUJiNvXSHrAmR3myVn5jmTHdvdRUB1U
M3zSF+rrYy5jvJLF0cXn6fQfK5utLwJrWJYp/rB6K2NKCH8rqAk=
-----END CERTIFICATE-----