Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS142865.roa
File:                     AS142865.roa (raw, json)
Hash identifier:          pOXkiNeCT4EJw1k9ncLmxYy2gkeDabVPyPJ9+1wuDSU=
Subject key identifier:   C2:27:DC:F8:43:B1:12:C5:2A:72:4B:07:14:37:23:CC:6E:1C:74:63
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       2458938591FCB63BED0E273EA5ED04061F5BFB31
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS142865.roa
Signing time:             Wed 04 Mar 2026 06:05:26 +0000
ROA not before:           Wed 04 Mar 2026 06:00:26 +0000
ROA not after:            Wed 03 Mar 2027 06:05:26 +0000
asID:                     142865
IP address blocks:        240a:a0d7::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            24:58:93:85:91:fc:b6:3b:ed:0e:27:3e:a5:ed:04:06:1f:5b:fb:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:00:26 2026 GMT
            Not After : Mar  3 06:05:26 2027 GMT
        Subject: CN=C227DCF843B112C52A724B07143723CC6E1C7463
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:aa:59:25:32:29:78:a6:65:fc:ea:cb:b8:7a:
                    da:90:9f:bb:60:c0:21:12:f9:ca:36:cc:99:b4:62:
                    86:27:b5:1b:05:9c:54:7b:9c:30:08:9d:c1:1f:2e:
                    b4:58:1f:3e:81:55:c6:b3:31:33:ed:f1:56:a2:5b:
                    ef:b8:8a:41:92:18:87:92:87:c4:e2:bd:b9:75:ac:
                    3c:be:1e:3c:80:4d:15:ce:66:8e:e1:08:de:24:e1:
                    66:00:96:2e:1e:95:9b:0e:06:8e:6a:16:39:88:ab:
                    43:37:9e:44:c0:96:9d:d2:45:ca:48:18:79:e2:72:
                    61:42:f2:f4:b5:22:f4:c4:aa:88:f7:54:66:79:5f:
                    25:6c:74:82:17:2b:61:d0:8e:cc:30:ea:7e:3d:8a:
                    14:23:01:8b:69:11:80:cb:f1:0f:d1:6e:7c:4a:00:
                    03:bf:24:60:c1:4c:08:dc:fe:de:ab:a8:ed:44:40:
                    6f:46:55:8b:70:ed:ca:f0:22:b7:2d:62:82:4a:b4:
                    6f:93:8f:77:e0:fb:4b:97:25:dc:b1:85:73:59:bf:
                    cb:36:3e:0f:b0:56:58:55:48:22:a1:1b:6e:87:1f:
                    58:a1:fa:d2:fb:ed:d5:c6:24:1d:23:d1:8d:44:25:
                    6e:6e:bf:bd:c4:82:9e:11:2b:54:ee:b9:39:ad:37:
                    77:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:27:DC:F8:43:B1:12:C5:2A:72:4B:07:14:37:23:CC:6E:1C:74:63
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS142865.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a0d7::/32

    Signature Algorithm: sha256WithRSAEncryption
         4b:5f:35:85:94:8c:75:25:66:5c:e1:20:19:80:46:d2:d2:c8:
         69:42:18:ad:cb:b7:ca:57:4a:d6:a4:66:f3:13:0b:4a:f9:dd:
         8f:69:42:49:03:af:14:b6:34:a5:97:62:b8:9c:46:97:00:53:
         78:b4:d5:fc:94:ec:4f:7d:8e:b6:1d:63:f7:4a:63:01:2c:c1:
         a6:0e:0b:aa:83:b0:4f:33:cb:88:bc:04:41:44:c9:59:52:95:
         1f:33:7a:1e:48:7b:d6:74:84:24:df:ca:7d:dc:5a:97:fd:c9:
         99:ff:76:71:15:fe:37:e7:3c:dd:9f:37:5d:2d:35:cd:51:07:
         cc:05:6b:88:d1:b2:6d:d0:55:6e:e1:d6:4d:fe:95:f4:6e:c6:
         ce:47:fb:f9:e4:8a:9f:03:74:5c:a4:2a:c1:ad:32:2b:3e:0a:
         66:8a:a0:2a:36:51:fa:56:96:2a:3b:f6:65:b8:8c:ec:6a:f4:
         ce:e5:3a:20:b3:d2:2a:96:a5:5c:79:ea:f1:c5:ca:ba:4d:21:
         ba:2e:a1:8a:00:a2:fa:f3:50:97:8c:f1:5b:86:64:b8:55:b3:
         81:c9:93:3c:70:43:7c:6e:cd:ea:eb:71:7d:df:59:30:f7:cc:
         a6:b5:53:71:99:09:22:b3:40:34:14:1c:a7:78:a0:f8:c8:b5:
         6c:45:20:35
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUJFiThZH8tjvtDic+pe0EBh9b+zEwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDAyNloX
DTI3MDMwMzA2MDUyNlowMzExMC8GA1UEAxMoQzIyN0RDRjg0M0IxMTJDNTJBNzI0
QjA3MTQzNzIzQ0M2RTFDNzQ2MzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOmqWSUyKXimZfzqy7h62pCfu2DAIRL5yjbMmbRihie1GwWcVHucMAidwR8u
tFgfPoFVxrMxM+3xVqJb77iKQZIYh5KHxOK9uXWsPL4ePIBNFc5mjuEI3iThZgCW
Lh6Vmw4GjmoWOYirQzeeRMCWndJFykgYeeJyYULy9LUi9MSqiPdUZnlfJWx0ghcr
YdCOzDDqfj2KFCMBi2kRgMvxD9FufEoAA78kYMFMCNz+3quo7URAb0ZVi3DtyvAi
ty1igkq0b5OPd+D7S5cl3LGFc1m/yzY+D7BWWFVIIqEbbocfWKH60vvt1cYkHSPR
jUQlbm6/vcSCnhErVO65Oa03d1UCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBTCJ9z4
Q7ESxSpySwcUNyPMbhx0YzAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0Mjg2NS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
oNcwDQYJKoZIhvcNAQELBQADggEBAEtfNYWUjHUlZlzhIBmARtLSyGlCGK3Lt8pX
StakZvMTC0r53Y9pQkkDrxS2NKWXYricRpcAU3i01fyU7E99jrYdY/dKYwEswaYO
C6qDsE8zy4i8BEFEyVlSlR8zeh5Ie9Z0hCTfyn3cWpf9yZn/dnEV/jfnPN2fN10t
Nc1RB8wFa4jRsm3QVW7h1k3+lfRuxs5H+/nkip8DdFykKsGtMis+CmaKoCo2UfpW
lio79mW4jOxq9M7lOiCz0iqWpVx56vHFyrpNIbouoYoAovrzUJeM8VuGZLhVs4HJ
kzxwQ3xuzerrcX3fWTD3zKa1U3GZCSKzQDQUHKd4oPjItWxFIDU=
-----END CERTIFICATE-----