Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS142823.roa
File:                     AS142823.roa (raw, json)
Hash identifier:          YsC3iMhVmYsDKucQGhM4z71hAmMdY2ldC/FD5Fg9LTI=
Subject key identifier:   29:88:95:E1:D3:F1:8F:BA:EB:8F:54:67:A8:CF:B9:D4:97:41:CF:8D
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       45930B432088531B5EFB5AA9ADD647602A2A5C0A
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS142823.roa
Signing time:             Wed 04 Mar 2026 06:07:19 +0000
ROA not before:           Wed 04 Mar 2026 06:02:19 +0000
ROA not after:            Wed 03 Mar 2027 06:07:19 +0000
asID:                     142823
IP address blocks:        240a:a0ad::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:93:0b:43:20:88:53:1b:5e:fb:5a:a9:ad:d6:47:60:2a:2a:5c:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:02:19 2026 GMT
            Not After : Mar  3 06:07:19 2027 GMT
        Subject: CN=298895E1D3F18FBAEB8F5467A8CFB9D49741CF8D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:ce:43:63:61:8b:6b:25:29:b4:cd:16:27:4f:
                    14:b9:16:a0:c4:00:55:69:ed:d6:b0:3c:ab:03:d0:
                    0c:dd:fa:c0:b4:7f:f7:0d:31:af:ba:d3:e9:b7:1d:
                    cb:3c:0a:99:50:9c:b6:93:15:4c:75:00:f1:42:5a:
                    04:97:54:96:6a:79:54:22:99:77:79:bc:23:59:9c:
                    e9:b7:09:e7:15:be:0b:04:7f:47:0d:74:08:a9:49:
                    b0:12:52:4e:eb:80:97:ab:16:66:8d:6b:20:cf:aa:
                    55:a8:e0:d3:65:04:66:d9:60:8a:e2:96:11:d6:e7:
                    65:49:f2:8c:2c:47:a9:ba:58:a6:46:fe:40:62:0c:
                    f5:4e:ab:5d:02:e4:e7:87:8d:1a:18:20:2f:34:4b:
                    2a:7f:81:1e:a7:1e:f9:57:aa:17:df:12:12:f3:92:
                    3f:03:68:f5:d6:f7:82:96:6f:7c:b5:ff:88:20:a9:
                    80:8b:2f:36:ff:8d:0f:68:88:a3:d7:85:3d:de:18:
                    98:ee:fb:51:fa:1c:bb:82:a3:7c:63:ab:16:59:6d:
                    9a:49:ce:08:ec:9f:d9:2e:92:b3:eb:53:79:e2:b6:
                    04:cc:aa:d2:d3:e9:27:9e:9f:19:26:00:7f:fe:f1:
                    9a:55:33:a9:55:39:a6:4e:01:7b:d7:de:1b:30:a7:
                    23:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:88:95:E1:D3:F1:8F:BA:EB:8F:54:67:A8:CF:B9:D4:97:41:CF:8D
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS142823.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a0ad::/32

    Signature Algorithm: sha256WithRSAEncryption
         a9:dc:e1:e5:93:c9:45:96:37:db:96:a0:ba:6f:43:22:80:5a:
         be:c4:ef:b1:f3:f7:eb:64:dc:e5:06:e2:08:59:f5:fc:86:9a:
         94:19:13:8a:ab:6c:5d:12:26:1d:26:c5:2a:d1:24:dd:c8:60:
         73:8f:ff:3a:5e:e6:95:ec:a5:c3:16:46:58:84:cb:41:17:fe:
         69:80:2d:a3:bb:7e:4a:80:7f:be:f0:1e:63:01:78:20:9e:3e:
         27:95:23:82:99:f3:4e:cd:e1:18:c2:70:33:31:02:37:e4:2e:
         2b:86:78:80:06:5b:c8:e1:61:bc:00:dc:96:74:c8:4a:8b:c2:
         7c:6f:4b:29:0e:75:34:63:98:bf:cc:f3:fd:c2:09:30:9b:60:
         28:ca:27:9e:d0:1f:d8:3c:5e:64:ee:70:bc:0e:01:25:19:fd:
         19:36:72:3b:bf:7b:6e:1a:28:95:e3:05:01:fd:cd:29:a3:63:
         1e:1d:99:5d:ac:f2:59:4e:6e:db:2a:9f:6f:5f:49:16:da:12:
         5d:66:2d:48:91:25:92:ae:85:67:67:5f:fd:a3:ea:8c:91:ae:
         ae:13:fb:ba:4f:12:86:e3:70:e9:32:09:90:9d:07:64:15:3a:
         5a:9e:88:0e:3b:24:5b:db:94:73:45:02:b6:90:c8:ab:aa:5b:
         de:32:86:d1
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIURZMLQyCIUxte+1qprdZHYCoqXAowDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDIxOVoX
DTI3MDMwMzA2MDcxOVowMzExMC8GA1UEAxMoMjk4ODk1RTFEM0YxOEZCQUVCOEY1
NDY3QThDRkI5RDQ5NzQxQ0Y4RDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOTOQ2Nhi2slKbTNFidPFLkWoMQAVWnt1rA8qwPQDN36wLR/9w0xr7rT6bcd
yzwKmVCctpMVTHUA8UJaBJdUlmp5VCKZd3m8I1mc6bcJ5xW+CwR/Rw10CKlJsBJS
TuuAl6sWZo1rIM+qVajg02UEZtlgiuKWEdbnZUnyjCxHqbpYpkb+QGIM9U6rXQLk
54eNGhggLzRLKn+BHqce+VeqF98SEvOSPwNo9db3gpZvfLX/iCCpgIsvNv+ND2iI
o9eFPd4YmO77Ufocu4KjfGOrFlltmknOCOyf2S6Ss+tTeeK2BMyq0tPpJ56fGSYA
f/7xmlUzqVU5pk4Be9feGzCnI4ECAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQpiJXh
0/GPuuuPVGeoz7nUl0HPjTAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MjgyMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
oK0wDQYJKoZIhvcNAQELBQADggEBAKnc4eWTyUWWN9uWoLpvQyKAWr7E77Hz9+tk
3OUG4ghZ9fyGmpQZE4qrbF0SJh0mxSrRJN3IYHOP/zpe5pXspcMWRliEy0EX/mmA
LaO7fkqAf77wHmMBeCCePieVI4KZ807N4RjCcDMxAjfkLiuGeIAGW8jhYbwA3JZ0
yEqLwnxvSykOdTRjmL/M8/3CCTCbYCjKJ57QH9g8XmTucLwOASUZ/Rk2cju/e24a
KJXjBQH9zSmjYx4dmV2s8llObtsqn29fSRbaEl1mLUiRJZKuhWdnX/2j6oyRrq4T
+7pPEobjcOkyCZCdB2QVOlqeiA47JFvblHNFAraQyKuqW94yhtE=
-----END CERTIFICATE-----