Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS142880.roa
File:                     AS142880.roa (raw, json)
Hash identifier:          XrLhFfEgiivsUluI+G5NCHksMivzap6Qpt07Bfqs8B0=
Subject key identifier:   F4:1B:8F:12:37:B8:19:28:5A:55:09:4D:0B:79:CB:6E:79:74:DA:39
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       6DD5FF414ECB0507771356A4DB617499D287D3B7
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS142880.roa
Signing time:             Wed 04 Mar 2026 06:07:26 +0000
ROA not before:           Wed 04 Mar 2026 06:02:26 +0000
ROA not after:            Wed 03 Mar 2027 06:07:26 +0000
asID:                     142880
IP address blocks:        240a:a0e6::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6d:d5:ff:41:4e:cb:05:07:77:13:56:a4:db:61:74:99:d2:87:d3:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:02:26 2026 GMT
            Not After : Mar  3 06:07:26 2027 GMT
        Subject: CN=F41B8F1237B819285A55094D0B79CB6E7974DA39
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:55:62:ff:f6:9b:c9:b8:77:37:67:79:4b:9e:
                    35:53:01:db:6c:8f:37:9e:f2:fe:64:d3:3d:37:31:
                    87:4c:b5:59:9e:cb:68:13:ff:1a:ba:a7:b8:44:60:
                    6a:89:01:7e:60:e0:ed:1c:3c:c1:b1:eb:8b:41:a4:
                    ef:c3:c9:c1:17:5b:a8:27:df:df:66:4f:39:61:03:
                    e6:76:73:80:e7:de:83:64:02:2b:d6:86:f6:bf:da:
                    f5:df:b1:ef:43:23:04:af:f8:be:95:84:0d:b1:2d:
                    ad:88:98:44:99:9a:4f:2e:16:95:a0:73:bc:7f:af:
                    d5:49:bc:22:52:c5:b1:3b:9d:b9:c5:0e:33:ad:a2:
                    f5:d7:48:8a:70:e0:6b:fe:4a:29:8d:4a:c5:7a:09:
                    1a:88:cd:b9:da:0d:1e:ca:78:a2:c6:55:e9:64:91:
                    6e:9a:35:1c:f7:58:c2:ca:7e:6e:e5:62:58:16:6b:
                    25:de:24:50:ae:c1:f3:15:c5:df:9d:78:d5:85:da:
                    c3:7d:d8:81:38:f8:0f:dd:b3:03:90:b2:0e:2d:c2:
                    14:07:b7:c0:21:20:c0:6f:4c:32:38:d9:94:1f:d0:
                    08:39:41:ce:3a:02:07:52:d3:50:5c:8f:b0:11:90:
                    91:23:b7:1f:3e:e0:f8:34:08:1e:4f:68:49:27:98:
                    41:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:1B:8F:12:37:B8:19:28:5A:55:09:4D:0B:79:CB:6E:79:74:DA:39
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS142880.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a0e6::/32

    Signature Algorithm: sha256WithRSAEncryption
         16:1e:47:70:77:3f:92:71:ed:cc:20:21:14:56:e1:21:37:9d:
         05:c1:79:12:35:53:1f:18:52:7b:1e:88:60:f6:44:d6:62:5d:
         cc:21:0b:1d:03:a2:dc:31:1e:1b:d8:72:43:09:15:02:3e:ce:
         fa:0e:27:a7:f2:8d:59:57:0d:b3:f3:9e:49:3a:1d:89:8e:6d:
         db:50:8f:2f:0b:66:86:2f:0c:26:75:b1:fe:08:93:34:69:1f:
         ba:30:59:57:cc:2f:2f:00:55:a4:b3:b6:3f:9d:3e:2a:6c:8b:
         a7:e7:26:e8:ed:6f:5c:c1:a2:3a:20:a6:95:ff:a0:3f:22:db:
         c8:ca:1e:64:88:76:9f:f0:1f:4e:5e:87:e6:78:4e:58:a5:9f:
         be:81:4a:ce:ab:44:8b:88:43:aa:46:cd:cd:7b:cc:f1:a7:a6:
         4a:cd:52:2c:c1:1f:a2:35:48:bf:f3:c7:2f:c2:24:13:94:43:
         5d:70:8f:ef:29:9e:a6:37:f3:a8:32:ba:ad:d5:25:9f:b3:2e:
         9c:4d:31:be:69:35:92:c1:9d:e9:6e:1f:90:7b:81:7e:88:38:
         f5:02:0d:fd:cd:92:9a:36:62:42:05:f0:d6:24:2d:eb:f4:6e:
         c2:d5:77:b1:a8:d7:b6:69:ad:39:f9:52:30:29:22:ce:35:fe:
         00:b1:30:bb
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUbdX/QU7LBQd3E1ak22F0mdKH07cwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDIyNloX
DTI3MDMwMzA2MDcyNlowMzExMC8GA1UEAxMoRjQxQjhGMTIzN0I4MTkyODVBNTUw
OTREMEI3OUNCNkU3OTc0REEzOTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK1VYv/2m8m4dzdneUueNVMB22yPN57y/mTTPTcxh0y1WZ7LaBP/GrqnuERg
aokBfmDg7Rw8wbHri0Gk78PJwRdbqCff32ZPOWED5nZzgOfeg2QCK9aG9r/a9d+x
70MjBK/4vpWEDbEtrYiYRJmaTy4WlaBzvH+v1Um8IlLFsTuducUOM62i9ddIinDg
a/5KKY1KxXoJGojNudoNHsp4osZV6WSRbpo1HPdYwsp+buViWBZrJd4kUK7B8xXF
35141YXaw33YgTj4D92zA5CyDi3CFAe3wCEgwG9MMjjZlB/QCDlBzjoCB1LTUFyP
sBGQkSO3Hz7g+DQIHk9oSSeYQa0CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBT0G48S
N7gZKFpVCU0LectueXTaOTAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0Mjg4MC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
oOYwDQYJKoZIhvcNAQELBQADggEBABYeR3B3P5Jx7cwgIRRW4SE3nQXBeRI1Ux8Y
UnseiGD2RNZiXcwhCx0DotwxHhvYckMJFQI+zvoOJ6fyjVlXDbPznkk6HYmObdtQ
jy8LZoYvDCZ1sf4IkzRpH7owWVfMLy8AVaSztj+dPipsi6fnJujtb1zBojogppX/
oD8i28jKHmSIdp/wH05eh+Z4Tliln76BSs6rRIuIQ6pGzc17zPGnpkrNUizBH6I1
SL/zxy/CJBOUQ11wj+8pnqY386gyuq3VJZ+zLpxNMb5pNZLBneluH5B7gX6IOPUC
Df3Nkpo2YkIF8NYkLev0bsLVd7Go17ZprTn5UjApIs41/gCxMLs=
-----END CERTIFICATE-----