Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS142937.roa
File:                     AS142937.roa (raw, json)
Hash identifier:          dXee/WVoeN4EARKuEI39egiUWarspWvAFt8b9DPjP4M=
Subject key identifier:   09:69:CD:54:F4:3B:F4:37:7D:01:EA:FB:76:61:09:FF:46:AD:1E:BF
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       3A04D4B8D6B4E03679DE26D994FB51B9A822873A
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS142937.roa
Signing time:             Wed 04 Mar 2026 06:07:54 +0000
ROA not before:           Wed 04 Mar 2026 06:02:54 +0000
ROA not after:            Wed 03 Mar 2027 06:07:54 +0000
asID:                     142937
IP address blocks:        240a:a11f::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3a:04:d4:b8:d6:b4:e0:36:79:de:26:d9:94:fb:51:b9:a8:22:87:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:02:54 2026 GMT
            Not After : Mar  3 06:07:54 2027 GMT
        Subject: CN=0969CD54F43BF4377D01EAFB766109FF46AD1EBF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:38:bb:d8:8b:57:63:c4:8f:ff:94:ac:b9:1f:
                    c6:61:4e:74:b7:d3:f2:a9:3a:cb:32:94:2a:90:5d:
                    d2:81:04:bd:9d:3c:69:8c:0a:3e:b3:d0:8d:fc:ee:
                    ea:f6:b0:2e:e9:68:2a:5e:28:0f:f3:cd:49:44:12:
                    28:0e:dd:f1:36:aa:f5:a3:91:84:5c:9e:3f:d6:53:
                    e5:7a:d5:46:fc:81:05:f9:12:57:ba:70:c1:cf:e4:
                    fa:a1:45:18:30:b1:a0:32:03:ac:84:df:2e:5d:ca:
                    dc:7a:89:17:ef:45:49:0f:4f:f5:e4:05:ee:85:a0:
                    38:f0:e2:12:8e:16:78:b7:7e:42:ad:cb:81:90:06:
                    25:f5:5c:8e:07:ce:ad:30:f7:c2:90:80:b1:de:2b:
                    72:09:d7:e3:4a:d1:f2:fd:ef:88:cd:20:2a:ef:e3:
                    32:75:0c:e0:b1:a0:6c:87:82:d8:2e:79:53:0d:0c:
                    56:0e:a9:c6:1b:7e:bc:40:80:71:a2:12:6e:32:5f:
                    ad:2d:a8:cc:ae:4c:8a:df:17:a1:93:ef:2a:51:ca:
                    b7:02:6a:0f:b1:7a:f0:58:15:e5:5c:63:a6:d3:44:
                    9d:d6:57:8d:a4:a2:79:76:87:0e:ca:c5:21:a4:43:
                    23:b6:e7:5f:92:22:2a:d3:83:43:4f:e5:77:73:2c:
                    71:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:69:CD:54:F4:3B:F4:37:7D:01:EA:FB:76:61:09:FF:46:AD:1E:BF
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS142937.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a11f::/32

    Signature Algorithm: sha256WithRSAEncryption
         32:a1:79:bd:16:03:16:a2:a5:40:c4:38:8c:a8:4f:15:7b:4d:
         0e:91:d5:eb:61:c1:21:9f:33:4f:41:26:39:27:c1:01:82:d3:
         40:14:c5:46:dd:d5:dd:ac:0b:d1:ed:23:3c:81:cc:f8:75:f0:
         7d:77:60:fb:a3:1b:98:f0:e7:8b:82:10:75:22:91:46:73:c8:
         f1:4a:31:6a:7b:45:74:9d:35:5a:4c:a0:2e:4c:fa:1b:26:07:
         34:b1:ca:4e:50:0a:03:c6:07:ea:fe:21:6b:fa:5c:97:f0:15:
         7e:92:4f:ea:82:9a:63:c9:16:ac:0e:b1:82:bf:db:f4:4b:56:
         70:00:85:63:dd:64:ae:ed:87:b3:07:c3:7e:6b:57:f9:0f:30:
         38:24:0c:e0:33:60:ac:59:93:3f:88:22:54:4e:ce:3c:13:9a:
         f0:8d:6b:25:3d:61:ed:08:af:6c:b7:9f:4d:6c:38:d8:33:1b:
         cb:c9:15:71:78:c3:c5:84:ba:8a:10:53:8a:27:b8:fb:d7:c8:
         fa:05:e4:5a:dc:b7:2b:ba:00:0b:93:ea:4c:eb:fd:f8:fd:94:
         6a:ee:28:7c:7d:aa:5b:6b:09:df:f3:96:32:a7:af:40:57:fe:
         bd:cd:6d:6e:f4:b1:5d:0e:de:56:cc:7b:fd:6f:6b:9f:31:e6:
         7e:d3:c8:e0
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUOgTUuNa04DZ53ibZlPtRuagihzowDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDI1NFoX
DTI3MDMwMzA2MDc1NFowMzExMC8GA1UEAxMoMDk2OUNENTRGNDNCRjQzNzdEMDFF
QUZCNzY2MTA5RkY0NkFEMUVCRjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAPA4u9iLV2PEj/+UrLkfxmFOdLfT8qk6yzKUKpBd0oEEvZ08aYwKPrPQjfzu
6vawLuloKl4oD/PNSUQSKA7d8Taq9aORhFyeP9ZT5XrVRvyBBfkSV7pwwc/k+qFF
GDCxoDIDrITfLl3K3HqJF+9FSQ9P9eQF7oWgOPDiEo4WeLd+Qq3LgZAGJfVcjgfO
rTD3wpCAsd4rcgnX40rR8v3viM0gKu/jMnUM4LGgbIeC2C55Uw0MVg6pxht+vECA
caISbjJfrS2ozK5Mit8XoZPvKlHKtwJqD7F68FgV5VxjptNEndZXjaSieXaHDsrF
IaRDI7bnX5IiKtODQ0/ld3MscSsCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQJac1U
9Dv0N30B6vt2YQn/Rq0evzAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MjkzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
oR8wDQYJKoZIhvcNAQELBQADggEBADKheb0WAxaipUDEOIyoTxV7TQ6R1ethwSGf
M09BJjknwQGC00AUxUbd1d2sC9HtIzyBzPh18H13YPujG5jw54uCEHUikUZzyPFK
MWp7RXSdNVpMoC5M+hsmBzSxyk5QCgPGB+r+IWv6XJfwFX6ST+qCmmPJFqwOsYK/
2/RLVnAAhWPdZK7th7MHw35rV/kPMDgkDOAzYKxZkz+IIlROzjwTmvCNayU9Ye0I
r2y3n01sONgzG8vJFXF4w8WEuooQU4onuPvXyPoF5Frctyu6AAuT6kzr/fj9lGru
KHx9qltrCd/zljKnr0BX/r3NbW70sV0O3lbMe/1va58x5n7TyOA=
-----END CERTIFICATE-----