Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS142829.roa
File:                     AS142829.roa (raw, json)
Hash identifier:          CvioIbAGEjdvPydjFiA7LEPUgZBji1BE9f12ttnKJJw=
Subject key identifier:   83:4E:FE:66:9C:5A:72:FB:EE:B3:DC:2E:16:9A:27:70:69:23:8B:F1
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       6FBDD1701267FA301D7B0B996297D1EC51A8246C
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS142829.roa
Signing time:             Wed 04 Mar 2026 06:05:12 +0000
ROA not before:           Wed 04 Mar 2026 06:00:12 +0000
ROA not after:            Wed 03 Mar 2027 06:05:12 +0000
asID:                     142829
IP address blocks:        240a:a0b3::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6f:bd:d1:70:12:67:fa:30:1d:7b:0b:99:62:97:d1:ec:51:a8:24:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:00:12 2026 GMT
            Not After : Mar  3 06:05:12 2027 GMT
        Subject: CN=834EFE669C5A72FBEEB3DC2E169A277069238BF1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:b2:6c:fd:eb:bf:ab:da:af:2a:9f:2e:99:43:
                    7c:af:7d:52:ac:0a:7c:51:ac:ef:5d:f0:8f:a5:ca:
                    b5:0f:9b:2a:30:e6:23:6d:db:f1:71:07:e2:b4:92:
                    d4:2a:fc:53:19:76:99:4f:1e:4b:75:68:3a:d2:e5:
                    e7:63:57:e0:0b:7c:d9:f1:b2:74:80:cc:17:39:cf:
                    a8:0e:5b:56:f0:00:19:93:dc:4b:03:63:23:3c:f8:
                    96:91:5c:0a:69:1a:0c:ae:06:1a:44:2c:99:f9:90:
                    61:8c:22:33:a9:68:73:df:3d:87:c4:72:88:3c:c0:
                    98:39:4c:6b:dc:ee:dc:34:88:75:3e:f7:48:d6:a2:
                    ae:d2:58:18:66:8f:93:01:e8:a1:d5:77:b2:89:74:
                    a3:19:7e:12:38:d2:71:21:33:1f:0b:b1:c7:78:6f:
                    88:97:ee:ba:9c:b6:e2:e1:0b:fe:77:ca:b8:70:b4:
                    64:ee:ce:f4:f6:27:8c:a5:2d:69:1e:62:70:a9:3d:
                    97:54:8f:5f:39:33:90:15:21:99:b3:42:6a:e8:44:
                    40:5f:9d:89:9b:9b:07:5b:22:bc:f6:d3:5c:b6:23:
                    ba:1a:41:46:98:79:54:3e:9d:00:a3:db:21:ad:ae:
                    58:1f:5b:3e:c2:bb:cd:c6:a2:af:a8:44:61:c7:0c:
                    95:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:4E:FE:66:9C:5A:72:FB:EE:B3:DC:2E:16:9A:27:70:69:23:8B:F1
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS142829.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a0b3::/32

    Signature Algorithm: sha256WithRSAEncryption
         47:c1:d8:ec:50:25:88:56:49:26:dd:34:39:86:37:22:48:12:
         04:12:58:30:32:22:6e:80:3f:be:67:e3:fa:25:84:d9:9a:21:
         f2:46:c9:ea:f8:49:2c:e6:99:4a:d9:84:f1:12:7b:29:7c:a4:
         2e:e0:35:c1:6d:b0:67:86:42:1b:ad:e5:ff:50:c0:a1:b5:2f:
         27:da:3b:89:4d:3d:b8:fb:37:7a:16:3f:31:4d:0d:66:14:65:
         fb:f3:86:5e:67:54:d0:bd:fb:47:16:f8:79:5d:90:33:41:8b:
         96:d5:45:c1:3f:b9:0b:5d:6d:7d:ab:7d:ed:6a:35:7e:65:62:
         a3:5a:1d:e7:63:95:64:aa:16:ab:90:e8:25:9e:3c:4d:20:2d:
         d8:05:53:8c:8a:47:ab:7a:8f:f2:3f:e5:35:a6:64:54:3d:e4:
         ef:0f:1e:6c:8a:86:e0:47:21:f1:1c:02:57:ab:bb:d8:4f:66:
         38:0f:50:33:bc:ae:0f:b1:e9:ba:70:fb:ce:1b:fd:f7:d8:1d:
         85:b1:96:46:b4:1c:c6:0e:b0:5b:e5:bb:0c:21:84:87:8b:21:
         c1:9b:a4:1e:37:f9:6f:7a:0f:27:30:e5:1c:3d:9e:c0:1e:87:
         52:86:54:51:7b:a2:b3:79:7b:4f:dc:93:e0:86:a5:33:16:4a:
         a4:c5:24:71
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUb73RcBJn+jAdewuZYpfR7FGoJGwwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDAxMloX
DTI3MDMwMzA2MDUxMlowMzExMC8GA1UEAxMoODM0RUZFNjY5QzVBNzJGQkVFQjNE
QzJFMTY5QTI3NzA2OTIzOEJGMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANiybP3rv6varyqfLplDfK99UqwKfFGs713wj6XKtQ+bKjDmI23b8XEH4rSS
1Cr8Uxl2mU8eS3VoOtLl52NX4At82fGydIDMFznPqA5bVvAAGZPcSwNjIzz4lpFc
CmkaDK4GGkQsmfmQYYwiM6loc989h8RyiDzAmDlMa9zu3DSIdT73SNairtJYGGaP
kwHoodV3sol0oxl+EjjScSEzHwuxx3hviJfuupy24uEL/nfKuHC0ZO7O9PYnjKUt
aR5icKk9l1SPXzkzkBUhmbNCauhEQF+diZubB1sivPbTXLYjuhpBRph5VD6dAKPb
Ia2uWB9bPsK7zcair6hEYccMlXECAwEAAaOCAcUwggHBMB0GA1UdDgQWBBSDTv5m
nFpy++6z3C4WmidwaSOL8TAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MjgyOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
oLMwDQYJKoZIhvcNAQELBQADggEBAEfB2OxQJYhWSSbdNDmGNyJIEgQSWDAyIm6A
P75n4/olhNmaIfJGyer4SSzmmUrZhPESeyl8pC7gNcFtsGeGQhut5f9QwKG1Lyfa
O4lNPbj7N3oWPzFNDWYUZfvzhl5nVNC9+0cW+HldkDNBi5bVRcE/uQtdbX2rfe1q
NX5lYqNaHedjlWSqFquQ6CWePE0gLdgFU4yKR6t6j/I/5TWmZFQ95O8PHmyKhuBH
IfEcAleru9hPZjgPUDO8rg+x6bpw+84b/ffYHYWxlka0HMYOsFvluwwhhIeLIcGb
pB43+W96Dycw5Rw9nsAeh1KGVFF7orN5e0/ck+CGpTMWSqTFJHE=
-----END CERTIFICATE-----