Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS142871.roa
File:                     AS142871.roa (raw, json)
Hash identifier:          bnQ8/L5E6gVGovW4Ho/f9rMjl4eTf0vjU+8J9kxpfTk=
Subject key identifier:   6C:D4:07:FC:9A:FB:BF:71:35:C0:32:46:AB:3F:AC:3F:9C:7E:C7:4A
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       395FF024F76B8D631EA05451BB9152C4B29826BD
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS142871.roa
Signing time:             Wed 04 Mar 2026 06:06:41 +0000
ROA not before:           Wed 04 Mar 2026 06:01:41 +0000
ROA not after:            Wed 03 Mar 2027 06:06:41 +0000
asID:                     142871
IP address blocks:        240a:a0dd::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:5f:f0:24:f7:6b:8d:63:1e:a0:54:51:bb:91:52:c4:b2:98:26:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:01:41 2026 GMT
            Not After : Mar  3 06:06:41 2027 GMT
        Subject: CN=6CD407FC9AFBBF7135C03246AB3FAC3F9C7EC74A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:d2:5e:60:30:99:15:2c:d4:8e:7a:5a:c9:2f:
                    29:27:6d:09:85:b5:32:a2:a9:c6:d8:34:f6:4e:dd:
                    f4:66:2e:52:df:2a:60:9e:f5:5d:a6:dc:df:c2:1a:
                    36:88:d0:ff:05:54:4c:85:6e:c2:83:fe:6c:29:04:
                    d0:18:b0:0b:3f:ab:87:6c:d5:4d:dc:bf:ad:7c:40:
                    81:80:5c:dc:7d:86:53:a2:46:67:c4:31:23:79:f5:
                    b0:d4:65:67:72:c4:9d:94:13:76:a2:ab:84:15:2d:
                    11:7f:86:b6:8e:cd:91:ab:7a:a5:b3:f1:7a:0f:76:
                    3d:80:a4:38:11:a4:1b:e2:4c:8b:28:ee:0e:e3:9f:
                    83:24:f2:82:ba:08:c2:b8:b2:63:2a:bd:0e:17:0e:
                    7b:f1:7a:8d:64:89:e2:a2:89:c0:5d:2f:68:3b:c4:
                    20:cc:fa:ba:89:d5:cc:1c:c2:b3:fe:9b:10:7a:40:
                    1f:8f:86:02:00:08:67:7a:03:d4:24:2e:0a:3e:ec:
                    1c:37:a1:ee:09:a4:80:e7:d8:3f:83:99:0b:7a:2a:
                    56:d1:70:37:db:12:32:01:1a:66:a7:84:31:5c:ab:
                    8d:00:2f:2f:03:ab:98:62:d1:34:74:54:78:88:37:
                    82:02:e0:f3:e4:04:41:c5:aa:3c:c1:0d:65:7e:99:
                    85:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:D4:07:FC:9A:FB:BF:71:35:C0:32:46:AB:3F:AC:3F:9C:7E:C7:4A
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS142871.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a0dd::/32

    Signature Algorithm: sha256WithRSAEncryption
         98:3b:56:37:58:fa:ca:21:c6:96:c7:8b:aa:19:d4:45:72:a6:
         b0:a2:50:ff:d4:d5:9c:d7:ca:8c:50:07:81:9d:4a:f7:a6:a2:
         de:23:61:90:2c:f1:91:95:70:20:08:af:69:9e:dc:7e:2a:f8:
         78:75:75:1a:c4:a6:06:61:3b:9d:bc:ea:0f:45:0f:06:2a:70:
         7a:25:92:0b:64:19:47:2b:7a:fc:d0:00:94:4b:9f:e8:52:e2:
         0e:8e:b4:c0:0e:32:8d:16:7b:69:a7:4b:78:2a:eb:c5:5f:0e:
         84:79:4c:c8:f7:29:2a:5d:0f:9e:15:5f:ca:87:64:3e:37:7c:
         dc:ad:06:5b:38:f2:b7:ce:05:32:a0:85:27:a2:bf:56:68:3b:
         b6:b1:21:2c:ca:4d:a3:cf:bc:87:15:54:41:1a:a5:51:8e:2e:
         77:bf:fd:82:a5:e0:9d:67:96:30:3a:be:ca:44:43:66:de:21:
         6f:34:7f:4d:d6:76:53:c5:ea:20:3c:cd:03:56:bb:4d:5e:43:
         8e:d2:30:43:1f:6d:cc:59:1e:9b:b4:5c:a8:46:49:55:51:12:
         df:4a:5b:d8:e9:5c:5e:7b:99:67:01:8c:ff:2d:7e:af:47:33:
         bb:f7:54:40:f1:92:3d:e1:0f:d0:61:fe:8b:08:01:1e:da:0f:
         92:35:c5:99
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUOV/wJPdrjWMeoFRRu5FSxLKYJr0wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDE0MVoX
DTI3MDMwMzA2MDY0MVowMzExMC8GA1UEAxMoNkNENDA3RkM5QUZCQkY3MTM1QzAz
MjQ2QUIzRkFDM0Y5QzdFQzc0QTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKfSXmAwmRUs1I56WskvKSdtCYW1MqKpxtg09k7d9GYuUt8qYJ71Xabc38Ia
NojQ/wVUTIVuwoP+bCkE0BiwCz+rh2zVTdy/rXxAgYBc3H2GU6JGZ8QxI3n1sNRl
Z3LEnZQTdqKrhBUtEX+Gto7Nkat6pbPxeg92PYCkOBGkG+JMiyjuDuOfgyTygroI
wriyYyq9DhcOe/F6jWSJ4qKJwF0vaDvEIMz6uonVzBzCs/6bEHpAH4+GAgAIZ3oD
1CQuCj7sHDeh7gmkgOfYP4OZC3oqVtFwN9sSMgEaZqeEMVyrjQAvLwOrmGLRNHRU
eIg3ggLg8+QEQcWqPMENZX6ZhTECAwEAAaOCAcUwggHBMB0GA1UdDgQWBBRs1Af8
mvu/cTXAMkarP6w/nH7HSjAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0Mjg3MS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
oN0wDQYJKoZIhvcNAQELBQADggEBAJg7VjdY+sohxpbHi6oZ1EVyprCiUP/U1ZzX
yoxQB4GdSvemot4jYZAs8ZGVcCAIr2me3H4q+Hh1dRrEpgZhO5286g9FDwYqcHol
kgtkGUcrevzQAJRLn+hS4g6OtMAOMo0We2mnS3gq68VfDoR5TMj3KSpdD54VX8qH
ZD43fNytBls48rfOBTKghSeiv1ZoO7axISzKTaPPvIcVVEEapVGOLne//YKl4J1n
ljA6vspEQ2beIW80f03WdlPF6iA8zQNWu01eQ47SMEMfbcxZHpu0XKhGSVVREt9K
W9jpXF57mWcBjP8tfq9HM7v3VEDxkj3hD9Bh/osIAR7aD5I1xZk=
-----END CERTIFICATE-----