Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS142898.roa
File:                     AS142898.roa (raw, json)
Hash identifier:          FYTwmULOaHPe1L6HFlPmRwZqX4ripLhzq2ipN9sKPFQ=
Subject key identifier:   7B:A4:5A:CF:67:89:B6:0A:CA:DC:12:7C:66:6A:EA:80:BF:BA:91:BF
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       7AB7DCDCA41EAD62F51A50237C454E0540DD5F83
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS142898.roa
Signing time:             Wed 04 Mar 2026 06:06:32 +0000
ROA not before:           Wed 04 Mar 2026 06:01:32 +0000
ROA not after:            Wed 03 Mar 2027 06:06:32 +0000
asID:                     142898
IP address blocks:        240a:a0f8::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7a:b7:dc:dc:a4:1e:ad:62:f5:1a:50:23:7c:45:4e:05:40:dd:5f:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:01:32 2026 GMT
            Not After : Mar  3 06:06:32 2027 GMT
        Subject: CN=7BA45ACF6789B60ACADC127C666AEA80BFBA91BF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:54:49:41:4f:13:45:a0:50:fb:5a:fe:96:26:
                    b5:62:ea:33:79:27:6b:14:bf:1c:39:60:fe:2a:4f:
                    6c:b7:52:b3:27:f4:c2:b0:ff:4b:28:35:6d:3c:31:
                    93:95:c2:d8:9d:c0:17:36:51:5c:fa:78:ce:80:06:
                    75:d8:db:d9:bd:62:8d:20:39:98:24:e5:f7:cf:2c:
                    5a:8d:d9:fb:5c:e8:b4:52:33:e6:0c:d2:f0:da:a5:
                    fb:6a:27:99:b2:63:4c:b7:a9:e9:78:b5:5f:5b:90:
                    5c:c2:a4:0a:c1:b7:ea:d8:4b:0d:e5:83:58:68:ce:
                    2e:56:b5:4c:b9:ed:2c:7c:21:02:61:c1:26:c9:e2:
                    27:c6:4f:78:e9:a4:fa:70:16:6d:fe:da:e4:85:40:
                    03:6b:64:07:0a:71:aa:50:c3:7e:12:cd:9c:62:8e:
                    10:75:bc:b7:2e:d7:b9:ff:19:fe:9c:93:f7:0d:d8:
                    93:6e:c4:a4:db:78:82:a3:18:78:8f:34:eb:db:8f:
                    48:e9:3c:65:a8:72:c5:82:04:33:da:a7:de:fc:82:
                    d8:fc:c6:62:f2:55:7d:1c:e2:4a:d8:fc:34:ca:bf:
                    cf:78:b9:f1:0e:51:a2:8d:65:f3:1f:23:6b:49:cf:
                    3d:df:2c:bb:56:68:59:f3:75:4a:42:a6:42:9c:73:
                    9c:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:A4:5A:CF:67:89:B6:0A:CA:DC:12:7C:66:6A:EA:80:BF:BA:91:BF
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS142898.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a0f8::/32

    Signature Algorithm: sha256WithRSAEncryption
         cc:cf:bb:f9:11:8d:2c:3e:74:d1:58:98:9f:d7:6e:77:37:5b:
         49:e7:09:45:fb:53:62:2e:45:78:c8:18:b8:c7:7a:42:e7:69:
         2f:eb:e3:2d:36:fb:6c:1e:b9:26:78:c0:6a:e1:18:91:29:93:
         12:79:a3:60:f6:21:c7:18:de:bc:46:25:82:15:8c:38:03:c5:
         20:54:9e:8a:67:da:46:4c:5d:6d:39:b3:04:d8:36:2a:0f:14:
         b5:bb:6a:bb:c7:fd:f0:94:2f:56:6b:0e:7e:d0:13:7d:2c:bd:
         b5:23:eb:38:aa:44:95:d0:81:fa:46:05:b5:a7:97:3b:60:03:
         c8:3c:2e:4f:76:d7:ee:b3:8d:b8:61:64:0f:71:a7:49:f5:9f:
         4a:c9:ac:0e:ed:5b:48:2b:8a:b9:91:8b:ae:5c:69:2d:1b:8c:
         c7:65:ab:c4:c9:c2:e8:87:4a:61:14:4a:81:65:e6:b1:ec:f3:
         fe:cc:e8:10:45:6c:8b:f8:2a:ba:5c:78:11:1d:81:38:c0:7a:
         29:a4:3d:cf:d2:e5:17:38:94:9c:79:6d:bb:ea:d8:3a:73:81:
         a5:eb:11:a9:82:41:12:23:82:59:41:66:0a:35:6a:4c:4b:85:
         13:ac:e0:6c:7d:88:2a:92:24:3b:86:80:04:5d:38:cc:0f:7e:
         25:9a:b5:8c
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUerfc3KQerWL1GlAjfEVOBUDdX4MwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDEzMloX
DTI3MDMwMzA2MDYzMlowMzExMC8GA1UEAxMoN0JBNDVBQ0Y2Nzg5QjYwQUNBREMx
MjdDNjY2QUVBODBCRkJBOTFCRjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANZUSUFPE0WgUPta/pYmtWLqM3knaxS/HDlg/ipPbLdSsyf0wrD/Syg1bTwx
k5XC2J3AFzZRXPp4zoAGddjb2b1ijSA5mCTl988sWo3Z+1zotFIz5gzS8Nql+2on
mbJjTLep6Xi1X1uQXMKkCsG36thLDeWDWGjOLla1TLntLHwhAmHBJsniJ8ZPeOmk
+nAWbf7a5IVAA2tkBwpxqlDDfhLNnGKOEHW8ty7Xuf8Z/pyT9w3Yk27EpNt4gqMY
eI8069uPSOk8ZahyxYIEM9qn3vyC2PzGYvJVfRziStj8NMq/z3i58Q5Roo1l8x8j
a0nPPd8su1ZoWfN1SkKmQpxznJ8CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBR7pFrP
Z4m2CsrcEnxmauqAv7qRvzAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0Mjg5OC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
oPgwDQYJKoZIhvcNAQELBQADggEBAMzPu/kRjSw+dNFYmJ/Xbnc3W0nnCUX7U2Iu
RXjIGLjHekLnaS/r4y02+2weuSZ4wGrhGJEpkxJ5o2D2IccY3rxGJYIVjDgDxSBU
nopn2kZMXW05swTYNioPFLW7arvH/fCUL1ZrDn7QE30svbUj6ziqRJXQgfpGBbWn
lztgA8g8Lk921+6zjbhhZA9xp0n1n0rJrA7tW0grirmRi65caS0bjMdlq8TJwuiH
SmEUSoFl5rHs8/7M6BBFbIv4KrpceBEdgTjAeimkPc/S5Rc4lJx5bbvq2DpzgaXr
EamCQRIjgllBZgo1akxLhROs4Gx9iCqSJDuGgARdOMwPfiWatYw=
-----END CERTIFICATE-----