Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS142845.roa
File:                     AS142845.roa (raw, json)
Hash identifier:          MQvjnTW6dkIxUWaHWzO7c4f/i6mZBI0NG0xV2j3xoio=
Subject key identifier:   C3:C2:BE:0F:A7:0F:18:61:6F:08:9A:7B:DA:3C:43:E1:56:4D:EA:07
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       6DA2DE118CAA31A5EBF991F03F9F4505CDF3877B
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS142845.roa
Signing time:             Wed 04 Mar 2026 06:06:46 +0000
ROA not before:           Wed 04 Mar 2026 06:01:46 +0000
ROA not after:            Wed 03 Mar 2027 06:06:46 +0000
asID:                     142845
IP address blocks:        240a:a0c3::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6d:a2:de:11:8c:aa:31:a5:eb:f9:91:f0:3f:9f:45:05:cd:f3:87:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:01:46 2026 GMT
            Not After : Mar  3 06:06:46 2027 GMT
        Subject: CN=C3C2BE0FA70F18616F089A7BDA3C43E1564DEA07
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:ba:c4:0c:52:e0:ca:2a:fd:7d:dd:9a:5e:ea:
                    69:91:1e:5d:62:64:94:2e:cd:90:1f:6e:e1:b9:de:
                    66:56:52:30:c4:3f:6f:7d:54:a0:85:c9:67:27:c1:
                    d8:f2:0f:78:fa:75:5b:3e:78:28:d3:27:5c:e8:91:
                    52:48:87:ca:5d:65:d3:ac:f5:d3:d3:55:76:7e:e2:
                    f8:a7:4f:00:3c:af:46:f1:67:66:0f:d7:bd:1b:8b:
                    a5:51:e1:3d:81:ec:66:57:3c:51:57:9a:ac:c5:62:
                    51:1a:df:fb:3c:05:c8:d5:40:ef:1f:04:66:c9:89:
                    d8:9d:d4:89:f2:49:2a:d2:84:57:7a:18:fc:66:f2:
                    e0:de:d6:cb:bc:bf:76:05:27:be:13:77:d3:50:af:
                    a8:5e:68:68:cf:81:fd:a3:48:95:d3:5b:44:f0:07:
                    c8:77:9c:c7:ef:ac:e7:18:20:a2:6a:a0:25:1e:dd:
                    7f:0b:01:92:e3:55:8e:56:2b:7e:ee:ea:68:cf:c1:
                    a5:08:96:38:19:96:54:97:28:83:0e:14:ca:56:33:
                    17:91:bb:95:5b:eb:4f:fe:5e:6e:8a:65:ca:3e:bd:
                    82:c2:86:81:ff:a0:51:0b:4d:9c:d9:3b:21:34:79:
                    1c:d0:92:66:b4:9b:18:23:4e:c4:a8:73:0b:e1:a2:
                    ef:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:C2:BE:0F:A7:0F:18:61:6F:08:9A:7B:DA:3C:43:E1:56:4D:EA:07
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS142845.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a0c3::/32

    Signature Algorithm: sha256WithRSAEncryption
         44:12:d5:ad:be:ab:0c:d9:85:f7:d2:f8:d4:f6:90:ca:43:90:
         14:c3:36:2d:3c:e4:ad:bd:7b:25:bc:62:36:6d:49:40:5d:9b:
         42:b5:e3:4a:46:0f:28:96:8f:81:4a:81:d2:48:a8:97:7f:8f:
         37:9a:47:8c:4f:9d:cc:7e:85:37:ea:a1:e4:ad:8d:fe:03:e0:
         be:c7:35:d2:46:87:46:4e:6f:df:df:1e:f1:2d:11:7b:49:fe:
         38:5d:32:bf:01:4f:f3:99:f4:b9:c0:9e:f6:eb:e6:83:72:a4:
         e1:2a:f2:f2:14:95:de:8d:c0:a8:c0:89:d2:f0:af:4a:ec:ff:
         39:df:c9:61:49:9f:c3:48:e1:45:dd:3a:44:9c:58:20:6f:d1:
         a8:34:c4:31:13:b4:d9:f7:3e:66:8d:b3:8c:66:11:03:2f:35:
         f4:69:4f:b0:7d:9b:b5:90:f2:6d:90:11:f4:36:20:d7:23:cf:
         59:a7:17:b1:b3:77:52:35:3d:14:30:df:f1:e3:fe:f7:ca:9c:
         98:3a:3b:f2:41:1d:59:56:b1:fc:3b:8b:60:62:79:08:15:9b:
         90:a3:59:96:c2:47:9d:7d:63:2e:08:49:d5:5d:15:92:51:61:
         e3:ab:05:3b:1f:e4:f7:b6:b5:cc:81:d4:92:85:07:0b:1c:9f:
         38:85:05:18
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUbaLeEYyqMaXr+ZHwP59FBc3zh3swDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDE0NloX
DTI3MDMwMzA2MDY0NlowMzExMC8GA1UEAxMoQzNDMkJFMEZBNzBGMTg2MTZGMDg5
QTdCREEzQzQzRTE1NjRERUEwNzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMi6xAxS4Moq/X3dml7qaZEeXWJklC7NkB9u4bneZlZSMMQ/b31UoIXJZyfB
2PIPePp1Wz54KNMnXOiRUkiHyl1l06z109NVdn7i+KdPADyvRvFnZg/XvRuLpVHh
PYHsZlc8UVearMViURrf+zwFyNVA7x8EZsmJ2J3UifJJKtKEV3oY/Gby4N7Wy7y/
dgUnvhN301CvqF5oaM+B/aNIldNbRPAHyHecx++s5xggomqgJR7dfwsBkuNVjlYr
fu7qaM/BpQiWOBmWVJcogw4UylYzF5G7lVvrT/5eboplyj69gsKGgf+gUQtNnNk7
ITR5HNCSZrSbGCNOxKhzC+Gi778CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBTDwr4P
pw8YYW8ImnvaPEPhVk3qBzAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0Mjg0NS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
oMMwDQYJKoZIhvcNAQELBQADggEBAEQS1a2+qwzZhffS+NT2kMpDkBTDNi085K29
eyW8YjZtSUBdm0K140pGDyiWj4FKgdJIqJd/jzeaR4xPncx+hTfqoeStjf4D4L7H
NdJGh0ZOb9/fHvEtEXtJ/jhdMr8BT/OZ9LnAnvbr5oNypOEq8vIUld6NwKjAidLw
r0rs/znfyWFJn8NI4UXdOkScWCBv0ag0xDETtNn3PmaNs4xmEQMvNfRpT7B9m7WQ
8m2QEfQ2INcjz1mnF7Gzd1I1PRQw3/Hj/vfKnJg6O/JBHVlWsfw7i2BieQgVm5Cj
WZbCR519Yy4ISdVdFZJRYeOrBTsf5Pe2tcyB1JKFBwscnziFBRg=
-----END CERTIFICATE-----