Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS142887.roa
File:                     AS142887.roa (raw, json)
Hash identifier:          aDnDQITGO6NmeriTBky32JSUQFrB7T7jcAyNvbo3nw4=
Subject key identifier:   C1:CA:5A:A4:32:06:7B:0D:26:FF:3B:97:2E:52:2D:E6:3E:A2:D5:1D
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       0B63FD9701EAEB59762D328C88330D7CB6746B22
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS142887.roa
Signing time:             Wed 04 Mar 2026 06:07:34 +0000
ROA not before:           Wed 04 Mar 2026 06:02:34 +0000
ROA not after:            Wed 03 Mar 2027 06:07:34 +0000
asID:                     142887
IP address blocks:        240a:a0ed::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0b:63:fd:97:01:ea:eb:59:76:2d:32:8c:88:33:0d:7c:b6:74:6b:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:02:34 2026 GMT
            Not After : Mar  3 06:07:34 2027 GMT
        Subject: CN=C1CA5AA432067B0D26FF3B972E522DE63EA2D51D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:b7:ee:b3:6d:96:ac:01:13:1d:2a:ef:76:ed:
                    53:0e:4c:ae:67:ac:47:56:00:87:52:10:92:a7:3e:
                    7d:e9:a3:b4:e4:9c:f8:56:ff:f9:5d:f5:a0:d8:89:
                    a7:d5:ad:6c:2b:31:8e:8f:30:7f:39:f4:0a:02:15:
                    a4:6f:1f:c2:6a:af:19:f1:9d:fa:fb:30:22:9b:4f:
                    48:1d:08:78:c6:50:66:3e:b6:28:93:0a:c9:55:e7:
                    80:93:d9:4e:d6:d8:c4:fa:da:6d:66:9c:44:4b:82:
                    7f:91:5a:0b:00:98:b4:e5:aa:db:fe:5c:3a:97:3e:
                    4c:da:ae:9d:54:f1:e7:18:49:7f:3b:c5:bb:f0:f0:
                    0e:88:f1:6c:2e:aa:c0:d0:c2:48:e3:d1:c8:f6:cc:
                    f7:18:cd:a6:9f:7f:c8:d7:49:96:ef:3a:1e:c4:83:
                    c3:74:d9:9c:bc:e7:66:97:67:a3:df:dc:a8:56:f7:
                    dd:39:85:85:9d:cc:a0:98:e4:71:ce:0d:ce:a6:e4:
                    2e:0a:d1:7f:d2:b7:68:5a:f0:c3:86:1e:8a:c0:4d:
                    ee:d1:90:81:8b:90:ad:f4:f6:2e:f5:3e:d7:78:e0:
                    b1:a0:ca:3a:e5:0d:f7:d2:35:49:cd:59:a5:37:53:
                    9a:c3:e9:2b:b7:f9:75:6f:b3:bd:42:9e:5a:c3:de:
                    cc:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:CA:5A:A4:32:06:7B:0D:26:FF:3B:97:2E:52:2D:E6:3E:A2:D5:1D
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS142887.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a0ed::/32

    Signature Algorithm: sha256WithRSAEncryption
         cd:37:d1:fd:74:9d:b6:8a:78:a3:93:17:22:9a:8a:05:3d:bd:
         49:0b:46:0f:e0:d8:9d:72:8d:8a:99:f7:a6:2c:18:f0:df:a4:
         62:37:de:79:1e:d1:1a:89:91:76:19:92:4a:47:9f:70:a7:26:
         40:98:f0:95:7a:70:62:43:f3:f8:03:ae:1f:00:7f:28:c8:42:
         e8:a3:2b:09:eb:1f:09:1b:46:22:a2:65:91:2f:f6:b6:63:e3:
         76:bf:87:80:7f:4f:39:af:db:9b:85:e7:f1:92:03:fb:f9:7d:
         5e:6d:e2:96:cd:b8:39:dc:7b:5b:15:0d:0f:f7:9e:fa:23:57:
         6d:9f:1f:fb:6b:57:79:cb:67:b4:8e:43:94:50:38:a0:32:7c:
         b6:bd:e0:dd:f7:3b:7a:2a:e8:73:82:ea:af:a3:94:ea:9a:26:
         4e:ce:fa:77:2d:28:62:9b:d8:51:0c:09:78:82:84:78:1c:59:
         22:9f:df:b4:b1:50:c1:b5:35:7d:94:64:c2:15:70:3f:21:7a:
         8f:70:f1:59:ac:c9:61:25:8a:5d:77:0f:2a:1c:09:71:1e:67:
         b3:27:39:c7:b5:10:02:d9:dc:83:9c:99:07:38:7b:31:e9:ff:
         11:63:1e:6f:a4:c6:f1:e8:e8:61:3e:12:f7:f0:7e:6b:49:9b:
         89:c4:64:0b
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUC2P9lwHq61l2LTKMiDMNfLZ0ayIwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDIzNFoX
DTI3MDMwMzA2MDczNFowMzExMC8GA1UEAxMoQzFDQTVBQTQzMjA2N0IwRDI2RkYz
Qjk3MkU1MjJERTYzRUEyRDUxRDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMC37rNtlqwBEx0q73btUw5MrmesR1YAh1IQkqc+femjtOSc+Fb/+V31oNiJ
p9WtbCsxjo8wfzn0CgIVpG8fwmqvGfGd+vswIptPSB0IeMZQZj62KJMKyVXngJPZ
TtbYxPrabWacREuCf5FaCwCYtOWq2/5cOpc+TNqunVTx5xhJfzvFu/DwDojxbC6q
wNDCSOPRyPbM9xjNpp9/yNdJlu86HsSDw3TZnLznZpdno9/cqFb33TmFhZ3MoJjk
cc4NzqbkLgrRf9K3aFrww4YeisBN7tGQgYuQrfT2LvU+13jgsaDKOuUN99I1Sc1Z
pTdTmsPpK7f5dW+zvUKeWsPezJsCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBTBylqk
MgZ7DSb/O5cuUi3mPqLVHTAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0Mjg4Ny5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
oO0wDQYJKoZIhvcNAQELBQADggEBAM030f10nbaKeKOTFyKaigU9vUkLRg/g2J1y
jYqZ96YsGPDfpGI33nke0RqJkXYZkkpHn3CnJkCY8JV6cGJD8/gDrh8AfyjIQuij
KwnrHwkbRiKiZZEv9rZj43a/h4B/Tzmv25uF5/GSA/v5fV5t4pbNuDnce1sVDQ/3
nvojV22fH/trV3nLZ7SOQ5RQOKAyfLa94N33O3oq6HOC6q+jlOqaJk7O+nctKGKb
2FEMCXiChHgcWSKf37SxUMG1NX2UZMIVcD8heo9w8VmsyWElil13DyocCXEeZ7Mn
Oce1EALZ3IOcmQc4ezHp/xFjHm+kxvHo6GE+EvfwfmtJm4nEZAs=
-----END CERTIFICATE-----