Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS142805.roa
File:                     AS142805.roa (raw, json)
Hash identifier:          LTk9pB23rwwmCQD8Jy4mSgYtcwedqv5eUc/mRI4xvoQ=
Subject key identifier:   96:84:34:D5:A7:84:59:71:69:5E:9A:61:FC:1A:58:66:AB:81:83:68
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       6024D0276AAB11686A5FD4C084F1897530BF0516
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS142805.roa
Signing time:             Wed 04 Mar 2026 06:08:05 +0000
ROA not before:           Wed 04 Mar 2026 06:03:05 +0000
ROA not after:            Wed 03 Mar 2027 06:08:05 +0000
asID:                     142805
IP address blocks:        240a:a09b::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            60:24:d0:27:6a:ab:11:68:6a:5f:d4:c0:84:f1:89:75:30:bf:05:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:03:05 2026 GMT
            Not After : Mar  3 06:08:05 2027 GMT
        Subject: CN=968434D5A7845971695E9A61FC1A5866AB818368
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:2a:20:fc:a7:5c:48:f3:ee:12:b5:9b:18:84:
                    a8:f2:8e:30:ab:42:c4:ac:3c:61:f7:f1:51:1a:92:
                    96:1e:b8:e6:5d:37:e8:40:e0:15:3d:97:2f:bb:8d:
                    1c:08:5f:23:0a:0f:6a:8f:b4:12:fb:f1:a5:f5:3f:
                    6a:69:97:95:c3:12:8f:e9:22:ca:ea:b6:ba:39:e8:
                    4c:61:1f:0e:bc:cc:e3:cd:12:d3:5d:27:de:6a:61:
                    4b:01:37:08:26:18:10:50:ad:28:69:43:9f:d1:f1:
                    0f:c5:28:56:f3:9b:e0:8b:6e:c6:b0:bf:46:d6:58:
                    fc:24:d3:ac:38:29:7c:61:5b:e3:58:a9:db:32:2c:
                    e8:5d:0e:db:dc:1a:26:33:25:3e:ec:d2:2f:9b:8e:
                    a0:7c:9b:f9:62:29:43:b8:ec:24:03:27:5f:27:5f:
                    2d:aa:22:54:df:40:24:46:bb:dc:1c:a5:e1:1e:a7:
                    9f:41:9e:12:c1:21:59:20:12:93:88:2d:3c:16:a0:
                    45:d8:ac:cc:c7:64:ab:1b:1d:5f:95:1c:56:f6:8b:
                    8f:20:b8:c7:42:05:a8:d6:2e:80:06:cb:4f:ce:ca:
                    07:5c:36:cd:10:e2:30:60:0c:fb:81:ab:5a:df:29:
                    d5:06:41:57:0c:87:fc:1c:1c:ae:75:92:8c:d9:41:
                    ca:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:84:34:D5:A7:84:59:71:69:5E:9A:61:FC:1A:58:66:AB:81:83:68
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS142805.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a09b::/32

    Signature Algorithm: sha256WithRSAEncryption
         a3:2d:c7:d9:02:60:5b:76:d8:b5:4e:d9:1f:de:27:6a:d4:99:
         77:4f:59:b8:6e:0c:fd:b0:7a:d3:33:22:9f:da:ce:7c:dd:83:
         7f:89:49:27:a2:ee:af:67:80:3e:26:cd:e7:da:07:ec:87:07:
         d8:8c:b1:ae:3c:97:a4:f4:d9:6e:ed:ec:c1:84:63:f5:39:83:
         30:5c:03:44:3f:d0:83:d8:ea:09:1d:19:46:39:48:be:99:92:
         a6:42:ff:d2:fc:ed:58:1c:9c:da:43:d1:ba:7c:e8:fc:d9:ed:
         a3:5c:5b:6c:4b:b9:42:5b:3b:b0:0e:75:9e:bb:82:56:03:23:
         09:18:4c:da:1a:cb:af:be:23:13:5e:f3:3b:8f:d6:95:14:45:
         f3:3b:62:50:4e:68:da:84:0f:84:14:ff:b3:4f:4b:26:bb:a4:
         26:6f:52:91:15:5d:48:d3:e9:d1:08:62:65:77:00:94:0b:12:
         a6:ca:16:40:4f:c9:ca:3d:4b:53:95:93:0e:cb:be:a2:5c:25:
         d5:41:74:c5:da:4b:b1:c9:ff:d4:9f:20:55:06:87:cb:c6:4a:
         89:55:9c:88:cb:2d:36:56:be:87:ff:51:f9:f7:f6:84:19:b8:
         97:38:c4:d5:46:9f:db:4a:48:da:b1:dc:e7:d2:b1:1f:4c:b9:
         59:9c:5c:8b
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUYCTQJ2qrEWhqX9TAhPGJdTC/BRYwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDMwNVoX
DTI3MDMwMzA2MDgwNVowMzExMC8GA1UEAxMoOTY4NDM0RDVBNzg0NTk3MTY5NUU5
QTYxRkMxQTU4NjZBQjgxODM2ODCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALYqIPynXEjz7hK1mxiEqPKOMKtCxKw8YffxURqSlh645l036EDgFT2XL7uN
HAhfIwoPao+0EvvxpfU/ammXlcMSj+kiyuq2ujnoTGEfDrzM480S010n3mphSwE3
CCYYEFCtKGlDn9HxD8UoVvOb4ItuxrC/RtZY/CTTrDgpfGFb41ip2zIs6F0O29wa
JjMlPuzSL5uOoHyb+WIpQ7jsJAMnXydfLaoiVN9AJEa73Byl4R6nn0GeEsEhWSAS
k4gtPBagRdiszMdkqxsdX5UcVvaLjyC4x0IFqNYugAbLT87KB1w2zRDiMGAM+4Gr
Wt8p1QZBVwyH/BwcrnWSjNlByicCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBSWhDTV
p4RZcWlemmH8Glhmq4GDaDAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MjgwNS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
oJswDQYJKoZIhvcNAQELBQADggEBAKMtx9kCYFt22LVO2R/eJ2rUmXdPWbhuDP2w
etMzIp/aznzdg3+JSSei7q9ngD4mzefaB+yHB9iMsa48l6T02W7t7MGEY/U5gzBc
A0Q/0IPY6gkdGUY5SL6ZkqZC/9L87VgcnNpD0bp86PzZ7aNcW2xLuUJbO7AOdZ67
glYDIwkYTNoay6++IxNe8zuP1pUURfM7YlBOaNqED4QU/7NPSya7pCZvUpEVXUjT
6dEIYmV3AJQLEqbKFkBPyco9S1OVkw7LvqJcJdVBdMXaS7HJ/9SfIFUGh8vGSolV
nIjLLTZWvof/Ufn39oQZuJc4xNVGn9tKSNqx3OfSsR9MuVmcXIs=
-----END CERTIFICATE-----