Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS142883.roa
File:                     AS142883.roa (raw, json)
Hash identifier:          Zn2qPwDuNxkZm33EvGj9MGcZ7CyJHOz6qzpWqId1z0c=
Subject key identifier:   E1:92:70:EF:AA:9B:07:BB:17:82:FE:07:69:50:41:07:67:30:71:0A
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       68EEA59279AEB6E0400E7940C841B185AF199526
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS142883.roa
Signing time:             Wed 04 Mar 2026 06:07:39 +0000
ROA not before:           Wed 04 Mar 2026 06:02:39 +0000
ROA not after:            Wed 03 Mar 2027 06:07:39 +0000
asID:                     142883
IP address blocks:        240a:a0e9::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:ee:a5:92:79:ae:b6:e0:40:0e:79:40:c8:41:b1:85:af:19:95:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:02:39 2026 GMT
            Not After : Mar  3 06:07:39 2027 GMT
        Subject: CN=E19270EFAA9B07BB1782FE07695041076730710A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:fa:f3:0f:49:36:58:8a:10:c0:0a:66:2a:98:
                    ac:e5:a0:2e:1e:2e:6c:01:21:b3:bf:66:8a:ad:2b:
                    af:04:d1:09:53:63:f9:5d:42:24:bc:74:f7:f0:7a:
                    86:fa:7a:40:e3:c0:25:32:f1:f4:4b:b2:4a:64:2f:
                    0c:c8:c6:1f:16:a0:0d:0e:c6:61:8f:20:c8:e8:d4:
                    2f:01:ab:33:80:cb:2f:be:5c:11:ac:bf:48:a4:4c:
                    dd:1c:b9:28:8d:2a:fe:e8:83:d1:f8:2a:25:3d:5c:
                    b5:e7:d7:f2:f5:e4:04:0f:1e:80:fc:cd:c2:8e:92:
                    ab:21:d1:01:11:8c:87:62:2c:fe:43:7e:c1:e8:a3:
                    3d:58:08:82:46:c8:1b:6a:14:ec:d6:26:ff:61:cc:
                    92:b6:26:e7:d9:08:04:0a:d9:e8:31:d9:a1:f5:19:
                    a7:88:32:3f:a1:16:85:f1:36:d8:63:0a:a5:c7:ea:
                    12:1b:77:8e:b4:07:69:46:bb:8c:80:99:51:98:ee:
                    51:58:b7:b2:17:0d:d3:99:c7:5c:72:fd:00:da:6a:
                    c0:b2:86:82:e6:6e:e6:d6:ac:5e:51:6e:8e:bc:cc:
                    ff:16:59:48:71:fe:0c:9b:2a:05:2d:8e:45:66:df:
                    b6:1a:74:59:fc:73:a6:f9:27:12:9b:82:dd:98:64:
                    0e:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:92:70:EF:AA:9B:07:BB:17:82:FE:07:69:50:41:07:67:30:71:0A
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS142883.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a0e9::/32

    Signature Algorithm: sha256WithRSAEncryption
         bb:bc:e8:2e:50:f6:d6:83:70:10:78:31:23:fb:57:e4:f7:d5:
         15:f8:40:36:d5:0a:b9:a0:c9:3b:88:b3:4c:67:76:71:1d:28:
         32:e9:d2:00:89:ed:38:9c:ad:78:99:c8:9f:d6:4b:ad:3f:6c:
         d8:3a:44:75:46:2a:91:b1:da:2b:7c:af:c8:1b:ac:e1:ab:f6:
         01:84:ff:8b:de:ca:9a:4e:3f:14:fa:c1:78:de:86:42:b4:5d:
         c2:03:04:e1:94:19:4d:02:dc:df:38:d1:e7:eb:a3:ba:4b:a7:
         d1:a0:a7:7c:3a:0a:88:bf:e3:c9:8b:2f:68:3a:34:22:d1:0d:
         c0:3f:f3:25:e6:6e:ee:27:17:62:1a:93:b8:0e:00:29:d0:62:
         ba:f0:86:fa:e7:3d:c8:83:8d:44:49:9a:47:d7:95:85:1c:9d:
         4b:aa:14:05:b8:0d:de:43:d8:5c:c2:ea:de:89:c4:dd:26:cd:
         4d:c7:87:20:e8:a8:00:22:22:89:fc:d0:c9:31:4a:59:c0:dc:
         f6:78:75:1b:67:22:e3:9b:89:44:84:40:e9:f3:57:f7:80:70:
         82:1b:33:1b:29:79:83:92:a6:c0:20:e0:c7:70:81:35:c9:ff:
         6d:a5:ed:0a:d4:a7:69:93:60:be:5b:a5:79:1c:cd:d9:1a:1e:
         ae:e1:5c:a9
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUaO6lknmutuBADnlAyEGxha8ZlSYwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDIzOVoX
DTI3MDMwMzA2MDczOVowMzExMC8GA1UEAxMoRTE5MjcwRUZBQTlCMDdCQjE3ODJG
RTA3Njk1MDQxMDc2NzMwNzEwQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMj68w9JNliKEMAKZiqYrOWgLh4ubAEhs79miq0rrwTRCVNj+V1CJLx09/B6
hvp6QOPAJTLx9EuySmQvDMjGHxagDQ7GYY8gyOjULwGrM4DLL75cEay/SKRM3Ry5
KI0q/uiD0fgqJT1ctefX8vXkBA8egPzNwo6SqyHRARGMh2Is/kN+weijPVgIgkbI
G2oU7NYm/2HMkrYm59kIBArZ6DHZofUZp4gyP6EWhfE22GMKpcfqEht3jrQHaUa7
jICZUZjuUVi3shcN05nHXHL9ANpqwLKGguZu5tasXlFujrzM/xZZSHH+DJsqBS2O
RWbfthp0WfxzpvknEpuC3ZhkDhECAwEAAaOCAcUwggHBMB0GA1UdDgQWBBThknDv
qpsHuxeC/gdpUEEHZzBxCjAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0Mjg4My5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
oOkwDQYJKoZIhvcNAQELBQADggEBALu86C5Q9taDcBB4MSP7V+T31RX4QDbVCrmg
yTuIs0xndnEdKDLp0gCJ7TicrXiZyJ/WS60/bNg6RHVGKpGx2it8r8gbrOGr9gGE
/4veyppOPxT6wXjehkK0XcIDBOGUGU0C3N840efro7pLp9Ggp3w6Coi/48mLL2g6
NCLRDcA/8yXmbu4nF2Iak7gOACnQYrrwhvrnPciDjURJmkfXlYUcnUuqFAW4Dd5D
2FzC6t6JxN0mzU3HhyDoqAAiIon80MkxSlnA3PZ4dRtnIuObiUSEQOnzV/eAcIIb
MxspeYOSpsAg4MdwgTXJ/22l7QrUp2mTYL5bpXkczdkaHq7hXKk=
-----END CERTIFICATE-----