Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS142944.roa
File:                     AS142944.roa (raw, json)
Hash identifier:          pS4J5tCYC/kCqZO9RNgsjIVR0rrj3Njugjibhxq9RJ4=
Subject key identifier:   21:25:86:7B:12:A5:25:23:D3:31:E2:A3:6B:39:43:BB:CA:EE:91:BC
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       706D89CDCD3758962514B98F3FB9D92760528349
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS142944.roa
Signing time:             Wed 04 Mar 2026 06:07:10 +0000
ROA not before:           Wed 04 Mar 2026 06:02:10 +0000
ROA not after:            Wed 03 Mar 2027 06:07:10 +0000
asID:                     142944
IP address blocks:        240a:a126::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            70:6d:89:cd:cd:37:58:96:25:14:b9:8f:3f:b9:d9:27:60:52:83:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:02:10 2026 GMT
            Not After : Mar  3 06:07:10 2027 GMT
        Subject: CN=2125867B12A52523D331E2A36B3943BBCAEE91BC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:97:86:29:85:f9:c4:50:d1:aa:9b:0f:b9:1b:
                    73:80:43:6a:e8:22:f1:f3:a3:87:9b:69:10:23:57:
                    91:2a:62:2f:e4:fe:09:89:91:71:4b:e1:f8:b3:e5:
                    1d:cd:ba:79:ae:c3:c9:fb:99:a4:5d:53:c8:97:24:
                    84:f5:6c:82:0d:a2:49:09:77:af:8f:ec:4c:97:56:
                    e0:40:c2:0e:bf:3c:c2:aa:d5:55:c6:67:47:9a:4a:
                    4e:ee:f1:32:da:6d:83:5c:0f:ae:20:37:9c:f0:04:
                    08:46:8f:1c:f8:84:67:e1:7c:f8:97:57:ad:81:63:
                    be:0e:95:3b:b5:d2:95:9b:0c:0b:a0:80:50:8d:8b:
                    eb:1f:1c:11:93:c9:25:33:d9:45:ed:33:0c:51:1f:
                    2f:9a:d6:65:90:fa:8b:59:7c:2d:0e:f5:ae:2c:05:
                    08:7d:81:b2:f3:d6:c9:87:27:a2:1f:b8:c4:fc:a3:
                    6a:b7:10:87:0f:d5:11:a4:90:ac:f1:62:8b:49:6f:
                    a7:5b:9b:1b:fc:a0:27:b6:a2:41:0d:0d:8e:68:34:
                    70:ca:0f:a1:ae:35:45:da:f5:33:10:f8:d9:1d:5c:
                    45:b7:2c:be:b2:52:08:e9:6b:9a:68:db:32:49:63:
                    79:3b:9e:84:a4:3f:cf:2b:e5:b5:51:58:36:07:b0:
                    be:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:25:86:7B:12:A5:25:23:D3:31:E2:A3:6B:39:43:BB:CA:EE:91:BC
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS142944.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a126::/32

    Signature Algorithm: sha256WithRSAEncryption
         1d:18:46:1f:17:b2:aa:69:b7:51:31:82:82:da:b5:bf:52:a1:
         49:23:b6:e3:31:5a:50:8b:9c:2b:26:9d:1a:38:d6:0b:5c:9c:
         b4:44:bf:87:1c:21:b0:0c:2c:b4:f5:d2:5c:b0:c3:fc:15:44:
         d2:e6:24:48:98:d3:e9:9c:58:ca:00:44:5c:80:78:ec:25:7f:
         01:c3:ad:f8:4f:69:c7:75:3a:49:3e:4e:70:cb:21:ba:79:6e:
         a5:f5:62:19:47:69:76:1d:2b:eb:94:fd:11:94:c8:83:e4:35:
         91:e8:65:20:2b:60:00:72:b8:d1:f7:2b:3a:66:55:a4:01:9f:
         ed:9d:64:cd:7f:ed:29:f7:be:61:60:3d:60:95:56:1e:2c:96:
         7f:c6:e2:45:db:1b:6c:b2:b9:19:22:44:c5:40:69:93:79:c8:
         ee:d3:a8:4f:2a:5c:0c:21:e8:36:e5:37:37:f7:52:24:9e:e9:
         fd:38:5a:44:c0:7d:d2:b0:98:c5:e1:32:75:ef:60:81:e0:90:
         24:d8:b2:9e:d7:5f:94:e0:67:fd:60:26:d4:84:74:60:83:84:
         99:86:96:02:c7:eb:51:db:1a:27:24:3c:c5:60:0f:bb:cd:f0:
         f2:44:96:84:e5:09:8f:bc:18:b3:31:52:a8:b0:9c:e1:a1:97:
         7d:40:55:89
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUcG2Jzc03WJYlFLmPP7nZJ2BSg0kwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDIxMFoX
DTI3MDMwMzA2MDcxMFowMzExMC8GA1UEAxMoMjEyNTg2N0IxMkE1MjUyM0QzMzFF
MkEzNkIzOTQzQkJDQUVFOTFCQzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALWXhimF+cRQ0aqbD7kbc4BDaugi8fOjh5tpECNXkSpiL+T+CYmRcUvh+LPl
Hc26ea7DyfuZpF1TyJckhPVsgg2iSQl3r4/sTJdW4EDCDr88wqrVVcZnR5pKTu7x
Mtptg1wPriA3nPAECEaPHPiEZ+F8+JdXrYFjvg6VO7XSlZsMC6CAUI2L6x8cEZPJ
JTPZRe0zDFEfL5rWZZD6i1l8LQ71riwFCH2BsvPWyYcnoh+4xPyjarcQhw/VEaSQ
rPFii0lvp1ubG/ygJ7aiQQ0Njmg0cMoPoa41Rdr1MxD42R1cRbcsvrJSCOlrmmjb
MkljeTuehKQ/zyvltVFYNgewvi0CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQhJYZ7
EqUlI9Mx4qNrOUO7yu6RvDAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0Mjk0NC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
oSYwDQYJKoZIhvcNAQELBQADggEBAB0YRh8Xsqppt1ExgoLatb9SoUkjtuMxWlCL
nCsmnRo41gtcnLREv4ccIbAMLLT10lyww/wVRNLmJEiY0+mcWMoARFyAeOwlfwHD
rfhPacd1Okk+TnDLIbp5bqX1YhlHaXYdK+uU/RGUyIPkNZHoZSArYAByuNH3Kzpm
VaQBn+2dZM1/7Sn3vmFgPWCVVh4sln/G4kXbG2yyuRkiRMVAaZN5yO7TqE8qXAwh
6DblNzf3UiSe6f04WkTAfdKwmMXhMnXvYIHgkCTYsp7XX5TgZ/1gJtSEdGCDhJmG
lgLH61HbGickPMVgD7vN8PJEloTlCY+8GLMxUqiwnOGhl31AVYk=
-----END CERTIFICATE-----