Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS142881.roa
File:                     AS142881.roa (raw, json)
Hash identifier:          xRQF1a5nigRUNB0ASQ6e6oauC0ZTJn4GI1AWSE1QEVk=
Subject key identifier:   95:9F:36:0E:72:B4:F4:5F:13:E0:53:1F:7E:29:58:B1:44:93:23:AE
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       6A4629AF0E026E0DFE85C94203E3F19C3FDBBE84
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS142881.roa
Signing time:             Wed 04 Mar 2026 06:08:04 +0000
ROA not before:           Wed 04 Mar 2026 06:03:04 +0000
ROA not after:            Wed 03 Mar 2027 06:08:04 +0000
asID:                     142881
IP address blocks:        240a:a0e7::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6a:46:29:af:0e:02:6e:0d:fe:85:c9:42:03:e3:f1:9c:3f:db:be:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:03:04 2026 GMT
            Not After : Mar  3 06:08:04 2027 GMT
        Subject: CN=959F360E72B4F45F13E0531F7E2958B1449323AE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:59:68:09:91:a1:d7:fc:50:a3:5b:4c:f6:3d:
                    26:b7:74:b2:04:44:c0:2d:58:38:a7:9e:1b:05:2a:
                    b0:ab:d3:b2:24:a1:e6:ab:15:77:d5:c6:e4:50:f6:
                    69:00:6b:ef:58:86:2f:f9:f4:d9:92:46:ec:c7:3d:
                    4d:f1:b6:2a:28:51:49:9f:54:4c:37:27:05:20:75:
                    4b:4c:b6:ce:c9:2a:94:11:0b:46:42:f9:f8:97:58:
                    64:91:19:72:eb:7a:e2:14:41:62:0b:ba:90:cc:ae:
                    c1:e4:4a:ed:0a:ab:dd:5b:22:33:a1:43:1b:e9:cc:
                    a2:a9:cf:d5:51:8c:75:6f:cc:5c:0c:2c:38:c7:ac:
                    76:5b:da:7b:5f:55:22:6b:2c:27:bc:78:d9:36:87:
                    95:28:ca:c5:b0:be:41:7d:3b:5f:fa:d4:9e:00:bf:
                    91:de:71:44:4a:ac:c7:af:87:11:14:d4:05:9e:0d:
                    a5:1b:dd:59:7f:97:59:72:8e:87:f3:11:ca:74:37:
                    3b:37:cc:ed:37:1d:20:fb:7a:c7:27:23:d3:c1:60:
                    dc:08:77:95:a9:57:5a:fc:17:91:7d:e7:2a:35:60:
                    47:3e:9a:69:24:50:cc:d0:14:6e:91:ee:65:b7:c9:
                    61:8e:dd:52:e5:80:97:7e:d9:9c:fc:73:74:07:a2:
                    03:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:9F:36:0E:72:B4:F4:5F:13:E0:53:1F:7E:29:58:B1:44:93:23:AE
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS142881.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a0e7::/32

    Signature Algorithm: sha256WithRSAEncryption
         cc:78:86:72:18:50:9f:02:ce:b0:e7:09:c9:a6:b6:03:ac:7b:
         3f:e9:2a:df:04:f2:1c:b2:91:91:4f:ef:3d:91:fc:cd:ad:5c:
         e0:4f:9b:8d:3d:98:7d:2b:95:36:c1:c7:fd:6a:26:50:64:03:
         32:1d:de:53:6a:9b:b1:78:7b:9d:be:7a:af:1a:c9:64:f4:33:
         8a:fb:13:dc:67:ca:a4:74:20:fc:52:18:ed:08:2a:6d:70:18:
         61:53:f8:ea:f3:4e:6d:c0:f8:26:7d:c7:20:c6:94:e6:49:ba:
         a6:47:37:74:49:19:ee:7a:3f:45:d1:08:66:67:b8:03:45:67:
         df:af:4d:ca:c2:79:3b:f1:0b:a3:e4:df:dd:52:57:3f:49:96:
         18:8b:cd:d1:ca:90:59:4c:15:06:e0:51:47:d2:bf:e6:37:0c:
         dd:87:22:7b:4c:6f:f4:cf:2a:44:a2:9a:f8:a0:f7:27:f0:66:
         86:86:db:cc:f7:72:48:f1:5c:81:52:7e:06:45:db:eb:31:90:
         7c:9b:e9:fe:8a:b1:94:8d:e4:a4:66:46:66:93:7e:fb:80:da:
         65:db:19:8a:76:31:71:31:28:e2:d9:58:b6:ea:f8:0a:75:f0:
         c7:6f:29:6d:ea:08:0c:84:ac:11:8c:e7:e7:42:bf:f0:cb:46:
         81:47:2a:b4
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUakYprw4Cbg3+hclCA+PxnD/bvoQwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDMwNFoX
DTI3MDMwMzA2MDgwNFowMzExMC8GA1UEAxMoOTU5RjM2MEU3MkI0RjQ1RjEzRTA1
MzFGN0UyOTU4QjE0NDkzMjNBRTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKJZaAmRodf8UKNbTPY9Jrd0sgREwC1YOKeeGwUqsKvTsiSh5qsVd9XG5FD2
aQBr71iGL/n02ZJG7Mc9TfG2KihRSZ9UTDcnBSB1S0y2zskqlBELRkL5+JdYZJEZ
cut64hRBYgu6kMyuweRK7Qqr3VsiM6FDG+nMoqnP1VGMdW/MXAwsOMesdlvae19V
ImssJ7x42TaHlSjKxbC+QX07X/rUngC/kd5xREqsx6+HERTUBZ4NpRvdWX+XWXKO
h/MRynQ3OzfM7TcdIPt6xycj08Fg3Ah3lalXWvwXkX3nKjVgRz6aaSRQzNAUbpHu
ZbfJYY7dUuWAl37ZnPxzdAeiA78CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBSVnzYO
crT0XxPgUx9+KVixRJMjrjAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0Mjg4MS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
oOcwDQYJKoZIhvcNAQELBQADggEBAMx4hnIYUJ8CzrDnCcmmtgOsez/pKt8E8hyy
kZFP7z2R/M2tXOBPm409mH0rlTbBx/1qJlBkAzId3lNqm7F4e52+eq8ayWT0M4r7
E9xnyqR0IPxSGO0IKm1wGGFT+OrzTm3A+CZ9xyDGlOZJuqZHN3RJGe56P0XRCGZn
uANFZ9+vTcrCeTvxC6Pk391SVz9JlhiLzdHKkFlMFQbgUUfSv+Y3DN2HIntMb/TP
KkSimvig9yfwZoaG28z3ckjxXIFSfgZF2+sxkHyb6f6KsZSN5KRmRmaTfvuA2mXb
GYp2MXExKOLZWLbq+Ap18MdvKW3qCAyErBGM5+dCv/DLRoFHKrQ=
-----END CERTIFICATE-----