Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS142804.roa
File:                     AS142804.roa (raw, json)
Hash identifier:          SjAliZCdO6X/egvQq8y7Iy6HhBDuEUNlhMAphp5Mx5g=
Subject key identifier:   F7:7E:93:A0:BD:8E:8F:83:3B:FF:5D:7D:61:24:F0:0B:DC:1D:27:E0
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       5F8502B5B9511AF121AFC0B14EF8A0B5083821D2
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS142804.roa
Signing time:             Wed 04 Mar 2026 06:07:08 +0000
ROA not before:           Wed 04 Mar 2026 06:02:08 +0000
ROA not after:            Wed 03 Mar 2027 06:07:08 +0000
asID:                     142804
IP address blocks:        240a:a09a::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5f:85:02:b5:b9:51:1a:f1:21:af:c0:b1:4e:f8:a0:b5:08:38:21:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:02:08 2026 GMT
            Not After : Mar  3 06:07:08 2027 GMT
        Subject: CN=F77E93A0BD8E8F833BFF5D7D6124F00BDC1D27E0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:3a:e6:cd:22:09:92:d3:24:ae:dd:4f:d8:7d:
                    40:cb:7b:37:b7:26:fc:5b:0e:df:3b:d7:36:e8:89:
                    e2:1f:bd:d4:81:cc:e1:4f:47:6a:42:7c:70:00:b8:
                    2b:16:f1:97:c9:b9:c7:ff:a4:5a:74:d0:09:4d:4b:
                    34:45:da:e1:a2:d3:81:aa:1e:54:d4:ee:d8:74:dc:
                    4e:f4:19:38:1d:10:e4:f4:b1:5d:95:6f:1c:11:69:
                    a9:31:de:5a:0b:0f:d4:a3:7c:40:61:6e:77:a1:5f:
                    e4:6b:1f:7a:bf:7d:17:31:61:e1:a1:ba:41:27:b3:
                    b5:fc:e6:3e:94:dd:93:85:2c:80:1e:09:ac:ad:91:
                    a9:20:9b:88:c2:fd:52:bd:c6:a1:8a:e7:46:b4:6a:
                    ca:bb:bf:6e:82:dd:93:b3:88:96:b9:0f:33:7a:c9:
                    3c:30:51:02:5e:35:0e:4d:1a:0f:9a:99:63:c0:f1:
                    06:1f:e8:5d:d6:07:b4:24:82:1b:37:4c:84:65:f0:
                    28:96:05:9f:f3:d0:1e:86:3c:68:bf:3f:1f:54:64:
                    2d:8d:68:d7:45:9e:a8:01:e2:3e:97:93:48:5a:6f:
                    86:45:0d:8e:b3:c3:6d:ec:29:f4:b4:67:fb:4f:6b:
                    83:f9:71:f5:9d:06:b0:9f:36:0c:ea:26:b3:08:41:
                    76:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:7E:93:A0:BD:8E:8F:83:3B:FF:5D:7D:61:24:F0:0B:DC:1D:27:E0
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS142804.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a09a::/32

    Signature Algorithm: sha256WithRSAEncryption
         48:99:d3:3d:75:8d:7f:15:25:38:1b:6b:22:d2:ed:7a:01:a0:
         de:0e:18:ff:1e:69:2e:45:f3:99:82:f9:63:c0:71:f6:c0:03:
         d6:20:b0:64:9f:94:07:d4:67:63:f9:db:80:50:b5:80:15:8d:
         70:80:ac:0a:1b:7a:7d:b6:d4:0c:5c:76:8b:3a:d6:f7:21:27:
         85:cf:6f:bc:4f:f5:2f:6a:62:ad:2d:c4:26:26:4e:dd:7a:de:
         80:37:f8:86:a2:71:b3:02:b1:e2:c3:b9:1b:01:bc:ba:2c:ed:
         39:2c:f9:bc:ac:e0:2b:d2:18:6d:60:ba:24:74:64:b6:e5:2d:
         97:c6:3d:0d:25:c4:30:30:85:2f:16:49:5d:a8:9b:3f:d8:a6:
         e3:03:16:94:be:18:4b:ee:69:da:2f:f6:c2:b7:bd:fb:86:d0:
         e7:56:99:57:b1:54:b5:f8:05:0e:80:d2:4f:3c:8f:f7:dc:62:
         a9:42:40:9e:97:92:2c:e7:9f:32:ad:ca:d2:03:ae:0a:6b:38:
         46:fb:5b:bf:4b:ba:9b:91:9f:c4:f7:3c:df:3e:b9:5e:8f:bc:
         95:08:86:c7:34:6a:66:88:5e:d8:f7:ec:3d:a1:f0:83:73:ec:
         75:3d:7b:80:24:1c:3c:ef:c7:31:46:97:4f:22:af:79:6b:9f:
         7d:ac:6f:b5
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUX4UCtblRGvEhr8CxTvigtQg4IdIwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDIwOFoX
DTI3MDMwMzA2MDcwOFowMzExMC8GA1UEAxMoRjc3RTkzQTBCRDhFOEY4MzNCRkY1
RDdENjEyNEYwMEJEQzFEMjdFMDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOE65s0iCZLTJK7dT9h9QMt7N7cm/FsO3zvXNuiJ4h+91IHM4U9HakJ8cAC4
Kxbxl8m5x/+kWnTQCU1LNEXa4aLTgaoeVNTu2HTcTvQZOB0Q5PSxXZVvHBFpqTHe
WgsP1KN8QGFud6Ff5Gsfer99FzFh4aG6QSeztfzmPpTdk4UsgB4JrK2RqSCbiML9
Ur3GoYrnRrRqyru/boLdk7OIlrkPM3rJPDBRAl41Dk0aD5qZY8DxBh/oXdYHtCSC
GzdMhGXwKJYFn/PQHoY8aL8/H1RkLY1o10WeqAHiPpeTSFpvhkUNjrPDbewp9LRn
+09rg/lx9Z0GsJ82DOomswhBdkcCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBT3fpOg
vY6Pgzv/XX1hJPAL3B0n4DAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MjgwNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
oJowDQYJKoZIhvcNAQELBQADggEBAEiZ0z11jX8VJTgbayLS7XoBoN4OGP8eaS5F
85mC+WPAcfbAA9YgsGSflAfUZ2P524BQtYAVjXCArAoben221Axcdos61vchJ4XP
b7xP9S9qYq0txCYmTt163oA3+IaicbMCseLDuRsBvLos7Tks+bys4CvSGG1guiR0
ZLblLZfGPQ0lxDAwhS8WSV2omz/YpuMDFpS+GEvuadov9sK3vfuG0OdWmVexVLX4
BQ6A0k88j/fcYqlCQJ6XkiznnzKtytIDrgprOEb7W79LupuRn8T3PN8+uV6PvJUI
hsc0amaIXtj37D2h8INz7HU9e4AkHDzvxzFGl08ir3lrn32sb7U=
-----END CERTIFICATE-----