Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS142828.roa
File:                     AS142828.roa (raw, json)
Hash identifier:          oqY6UU4zmVALNvYC+wlWUuAaVTm19YBSGQ15XvcjQw0=
Subject key identifier:   DF:8F:4F:49:D4:30:12:8F:BC:1D:26:EE:36:A9:CD:82:65:53:04:30
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       25F9F8B5EA52754FC815EC0E05F86BC4643F83E8
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS142828.roa
Signing time:             Wed 04 Mar 2026 06:05:25 +0000
ROA not before:           Wed 04 Mar 2026 06:00:25 +0000
ROA not after:            Wed 03 Mar 2027 06:05:25 +0000
asID:                     142828
IP address blocks:        240a:a0b2::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:f9:f8:b5:ea:52:75:4f:c8:15:ec:0e:05:f8:6b:c4:64:3f:83:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:00:25 2026 GMT
            Not After : Mar  3 06:05:25 2027 GMT
        Subject: CN=DF8F4F49D430128FBC1D26EE36A9CD8265530430
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:4d:eb:9e:91:40:8d:d4:66:85:ff:60:43:0f:
                    ca:94:09:5a:59:e1:47:74:04:80:fa:d8:e2:ae:e9:
                    fe:99:0f:f3:e2:7f:27:82:b6:d5:ee:e0:2e:85:b8:
                    98:64:ab:ed:90:58:ef:67:97:61:d3:47:3c:e9:82:
                    09:29:f9:ca:01:a6:75:73:b6:02:fb:f3:c7:6e:bc:
                    ec:2a:4f:21:bb:65:2e:16:d5:61:cd:7c:70:8c:e6:
                    da:f9:6f:00:57:59:b8:02:9f:8c:b2:6f:c0:15:9d:
                    40:bb:cd:ff:f2:c6:93:04:98:0c:8c:5a:54:47:bd:
                    79:43:1c:db:5e:2a:1a:90:a9:93:b9:a6:d9:2b:fb:
                    05:da:e5:93:51:0f:83:8c:60:85:47:ca:89:27:7d:
                    93:4c:48:ad:75:02:15:80:b0:ae:92:1b:d5:de:b9:
                    00:25:5f:fb:fe:11:96:79:ac:2a:a9:a5:5d:32:e5:
                    07:59:7f:31:0c:61:f5:45:70:59:57:2f:4f:dc:cd:
                    59:48:ea:84:ad:3f:11:c4:d3:a1:51:e7:5d:fe:ab:
                    da:ab:26:51:17:61:05:39:8b:e8:51:4d:61:f2:c6:
                    fe:4c:a5:82:4c:cd:81:1e:84:e2:b3:d4:24:b6:b9:
                    3f:37:72:51:e1:75:ce:e7:5b:57:64:ac:61:dc:48:
                    fe:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:8F:4F:49:D4:30:12:8F:BC:1D:26:EE:36:A9:CD:82:65:53:04:30
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS142828.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a0b2::/32

    Signature Algorithm: sha256WithRSAEncryption
         47:a4:73:ff:1f:39:0f:05:fa:2b:d9:3e:53:95:b4:ab:28:0d:
         e5:15:f6:40:56:3b:57:5d:58:a4:b7:b5:1e:64:c6:07:8b:eb:
         bc:1d:76:ef:28:49:46:f8:63:13:1b:42:25:5d:50:81:02:0b:
         33:f7:cd:1d:c6:35:3c:b5:a1:46:50:a8:72:ea:2e:74:19:6b:
         21:c2:79:6b:b6:c4:42:fa:3a:16:8e:6a:e3:90:75:de:b5:6e:
         39:29:8a:39:bd:a3:d0:59:01:ad:dd:e4:ff:62:e1:74:43:97:
         61:f5:c3:85:00:74:88:ee:54:f0:09:c6:9d:cb:97:d2:6e:2e:
         74:76:f5:c2:d8:9d:57:96:77:28:5c:d7:2b:9e:a6:ae:59:ec:
         cc:66:d2:5b:77:79:29:aa:67:88:54:80:85:8e:27:76:64:aa:
         53:42:3a:87:04:39:98:d3:76:14:17:ac:d3:d4:df:73:a3:72:
         b5:bf:7e:aa:7b:f9:ad:3d:ba:e9:d7:c0:be:66:3d:3f:bd:b5:
         9c:81:e0:19:ed:b0:9a:a5:60:8b:07:2e:a3:b8:fb:6e:82:c7:
         85:49:0c:1c:7e:d6:aa:1c:37:15:df:ad:d5:f6:55:d8:40:ab:
         c7:16:19:45:4d:c0:f2:16:f1:f5:10:4e:32:f7:1f:34:f4:f5:
         45:b7:5c:05
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUJfn4tepSdU/IFewOBfhrxGQ/g+gwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDAyNVoX
DTI3MDMwMzA2MDUyNVowMzExMC8GA1UEAxMoREY4RjRGNDlENDMwMTI4RkJDMUQy
NkVFMzZBOUNEODI2NTUzMDQzMDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL1N656RQI3UZoX/YEMPypQJWlnhR3QEgPrY4q7p/pkP8+J/J4K21e7gLoW4
mGSr7ZBY72eXYdNHPOmCCSn5ygGmdXO2Avvzx2687CpPIbtlLhbVYc18cIzm2vlv
AFdZuAKfjLJvwBWdQLvN//LGkwSYDIxaVEe9eUMc214qGpCpk7mm2Sv7Bdrlk1EP
g4xghUfKiSd9k0xIrXUCFYCwrpIb1d65ACVf+/4RlnmsKqmlXTLlB1l/MQxh9UVw
WVcvT9zNWUjqhK0/EcTToVHnXf6r2qsmURdhBTmL6FFNYfLG/kylgkzNgR6E4rPU
JLa5PzdyUeF1zudbV2SsYdxI/rcCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBTfj09J
1DASj7wdJu42qc2CZVMEMDAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MjgyOC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
oLIwDQYJKoZIhvcNAQELBQADggEBAEekc/8fOQ8F+ivZPlOVtKsoDeUV9kBWO1dd
WKS3tR5kxgeL67wddu8oSUb4YxMbQiVdUIECCzP3zR3GNTy1oUZQqHLqLnQZayHC
eWu2xEL6OhaOauOQdd61bjkpijm9o9BZAa3d5P9i4XRDl2H1w4UAdIjuVPAJxp3L
l9JuLnR29cLYnVeWdyhc1yuepq5Z7Mxm0lt3eSmqZ4hUgIWOJ3ZkqlNCOocEOZjT
dhQXrNPU33OjcrW/fqp7+a09uunXwL5mPT+9tZyB4BntsJqlYIsHLqO4+26Cx4VJ
DBx+1qocNxXfrdX2VdhAq8cWGUVNwPIW8fUQTjL3HzT09UW3XAU=
-----END CERTIFICATE-----