Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS142874.roa
File:                     AS142874.roa (raw, json)
Hash identifier:          3R9dNj6LS+TGlqQ4+ZIoVq0o8M7crOodni+gnBUsVOs=
Subject key identifier:   C4:E4:22:7F:65:25:FA:B4:5D:DF:F4:16:EE:71:FB:07:2A:A4:88:A2
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       2B64AE77CD50D02CDA141BB5866828EF2DDED33A
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS142874.roa
Signing time:             Wed 04 Mar 2026 06:07:04 +0000
ROA not before:           Wed 04 Mar 2026 06:02:04 +0000
ROA not after:            Wed 03 Mar 2027 06:07:04 +0000
asID:                     142874
IP address blocks:        240a:a0e0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2b:64:ae:77:cd:50:d0:2c:da:14:1b:b5:86:68:28:ef:2d:de:d3:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:02:04 2026 GMT
            Not After : Mar  3 06:07:04 2027 GMT
        Subject: CN=C4E4227F6525FAB45DDFF416EE71FB072AA488A2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:8d:ac:77:26:47:87:27:a1:13:04:9b:f5:fd:
                    f7:86:78:e7:cf:b5:18:7f:11:75:56:65:12:32:b1:
                    e6:26:7d:2b:ff:e4:61:33:51:f1:9e:e6:47:a3:b0:
                    4f:a4:57:17:60:2f:c9:fd:bb:0c:c4:4c:5f:13:7f:
                    61:f5:d6:59:94:eb:27:b9:4d:68:96:1b:10:67:73:
                    4e:76:50:fa:73:6c:5b:40:a4:93:b8:c5:4d:ec:6a:
                    1a:cc:42:d4:a9:84:f8:c0:3f:98:93:3f:9a:6b:70:
                    ca:aa:c9:ca:f0:ff:1e:5b:19:0a:a4:82:05:85:fb:
                    9d:cf:89:03:7c:40:4b:c6:6a:eb:ea:00:b4:03:8b:
                    6c:e9:04:64:30:7d:f2:fc:43:30:95:1b:d1:f9:02:
                    cc:76:98:bd:06:62:85:e5:37:ed:eb:37:fe:73:af:
                    3f:d4:ec:3d:97:bf:b6:b7:f2:68:cf:f8:bb:bd:90:
                    a2:2d:78:7e:52:0f:09:5a:6d:9a:ff:eb:08:57:a7:
                    89:99:5a:40:c9:7e:c3:36:ba:d2:62:01:7d:33:3e:
                    62:7f:c1:20:4e:be:0b:33:56:ee:04:9a:58:0d:c6:
                    4a:ce:9b:f8:1b:f6:2d:00:ed:78:65:8e:9c:55:c2:
                    54:2e:54:0d:f1:bb:34:79:20:8f:bd:59:ba:84:34:
                    94:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:E4:22:7F:65:25:FA:B4:5D:DF:F4:16:EE:71:FB:07:2A:A4:88:A2
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS142874.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a0e0::/32

    Signature Algorithm: sha256WithRSAEncryption
         22:79:2a:92:79:f6:c0:a0:b2:bd:9d:80:a5:d0:2e:5b:3a:16:
         56:cb:64:91:60:b1:ff:55:ac:c2:2b:ba:38:17:cf:92:74:b0:
         af:17:26:2f:24:0e:db:41:23:62:1a:fb:95:19:89:80:1c:4b:
         c8:0d:ea:93:a6:ea:9f:e8:80:ff:e2:fe:03:5a:97:52:3e:cc:
         30:7b:55:67:49:6c:25:a8:ff:e1:0b:70:93:d5:6c:ba:d6:32:
         ba:32:81:3c:86:89:da:b0:03:31:63:cd:3d:f7:fc:20:ad:cf:
         c4:bd:40:a0:d1:da:27:17:08:fd:74:3e:96:0f:3f:1d:bb:2d:
         79:94:b9:8c:3d:c5:11:70:b7:ef:70:9f:d1:48:9b:1d:34:e0:
         b6:0d:47:76:d4:7e:da:0c:0f:29:0f:08:22:a4:eb:21:a8:a4:
         42:30:0c:cb:46:67:d0:07:72:0e:65:62:03:a7:f3:87:3a:6a:
         7f:af:fc:88:84:5e:66:e2:d6:34:5d:4a:9f:9a:c7:92:15:c7:
         da:ec:99:ae:6a:00:95:e4:50:7c:63:80:0e:9c:2a:3d:33:13:
         9e:86:10:aa:c5:fc:29:33:2c:b9:73:54:4c:c0:82:a5:78:2a:
         52:d8:1b:33:26:73:c0:3b:87:5e:9d:63:0d:17:7a:d5:60:8c:
         2b:27:09:39
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUK2Sud81Q0CzaFBu1hmgo7y3e0zowDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDIwNFoX
DTI3MDMwMzA2MDcwNFowMzExMC8GA1UEAxMoQzRFNDIyN0Y2NTI1RkFCNDVEREZG
NDE2RUU3MUZCMDcyQUE0ODhBMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL2NrHcmR4cnoRMEm/X994Z458+1GH8RdVZlEjKx5iZ9K//kYTNR8Z7mR6Ow
T6RXF2Avyf27DMRMXxN/YfXWWZTrJ7lNaJYbEGdzTnZQ+nNsW0Ckk7jFTexqGsxC
1KmE+MA/mJM/mmtwyqrJyvD/HlsZCqSCBYX7nc+JA3xAS8Zq6+oAtAOLbOkEZDB9
8vxDMJUb0fkCzHaYvQZiheU37es3/nOvP9TsPZe/trfyaM/4u72Qoi14flIPCVpt
mv/rCFeniZlaQMl+wza60mIBfTM+Yn/BIE6+CzNW7gSaWA3GSs6b+Bv2LQDteGWO
nFXCVC5UDfG7NHkgj71ZuoQ0lMECAwEAAaOCAcUwggHBMB0GA1UdDgQWBBTE5CJ/
ZSX6tF3f9BbucfsHKqSIojAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0Mjg3NC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
oOAwDQYJKoZIhvcNAQELBQADggEBACJ5KpJ59sCgsr2dgKXQLls6FlbLZJFgsf9V
rMIrujgXz5J0sK8XJi8kDttBI2Ia+5UZiYAcS8gN6pOm6p/ogP/i/gNal1I+zDB7
VWdJbCWo/+ELcJPVbLrWMroygTyGidqwAzFjzT33/CCtz8S9QKDR2icXCP10PpYP
Px27LXmUuYw9xRFwt+9wn9FImx004LYNR3bUftoMDykPCCKk6yGopEIwDMtGZ9AH
cg5lYgOn84c6an+v/IiEXmbi1jRdSp+ax5IVx9rsma5qAJXkUHxjgA6cKj0zE56G
EKrF/CkzLLlzVEzAgqV4KlLYGzMmc8A7h16dYw0XetVgjCsnCTk=
-----END CERTIFICATE-----