Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS142951.roa
File:                     AS142951.roa (raw, json)
Hash identifier:          ZbZmG77N6EAzaFxP6ymGKQHTnJvSkUfy7rcjE/iHOKA=
Subject key identifier:   23:D9:FE:D4:13:91:87:29:0B:BF:52:29:8E:1F:49:0D:A0:A0:0A:A8
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       76E06DBADF7CE15953550F59CCA1C415CD2E64CA
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS142951.roa
Signing time:             Wed 04 Mar 2026 06:06:30 +0000
ROA not before:           Wed 04 Mar 2026 06:01:30 +0000
ROA not after:            Wed 03 Mar 2027 06:06:30 +0000
asID:                     142951
IP address blocks:        240a:a12d::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            76:e0:6d:ba:df:7c:e1:59:53:55:0f:59:cc:a1:c4:15:cd:2e:64:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:01:30 2026 GMT
            Not After : Mar  3 06:06:30 2027 GMT
        Subject: CN=23D9FED4139187290BBF52298E1F490DA0A00AA8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:f8:ed:2d:43:23:8a:84:ca:8e:5e:f2:09:88:
                    b5:22:86:95:20:18:c2:91:ab:62:34:7d:7a:ea:5c:
                    5b:55:6d:87:77:38:c4:f3:03:2a:db:ca:4a:03:ba:
                    55:c8:ed:85:fc:00:31:0d:c2:86:79:11:54:96:3a:
                    a3:5d:b7:33:b8:7a:63:99:c0:e7:00:ca:d4:ca:7c:
                    ca:fe:63:e3:83:50:dd:1e:1d:6f:b9:d9:cc:53:cc:
                    3a:24:a1:1f:99:87:76:9b:20:d8:04:8d:88:a4:b4:
                    e4:bd:a8:4e:29:93:bf:c7:d3:6d:3b:1d:fc:46:49:
                    40:84:27:cd:e3:52:81:8d:68:03:85:18:37:b7:b9:
                    41:55:e1:99:66:65:0a:90:bb:3f:5f:98:80:72:a5:
                    8e:88:0c:e6:8c:8e:e5:e2:a0:7c:0f:14:c4:9d:96:
                    dc:68:1f:b3:e2:29:7c:90:c4:67:3c:51:21:f2:59:
                    04:ef:f6:5a:dc:3a:2a:50:1d:35:67:7a:4d:6c:21:
                    52:ad:35:3a:19:00:27:a4:9f:24:a2:ad:16:39:20:
                    b8:13:ef:5a:f1:2e:3b:03:e1:c3:6e:1b:7c:ce:c0:
                    33:1e:65:52:85:9f:c1:95:e5:98:3b:78:20:8e:97:
                    34:5d:dc:33:b2:98:94:52:ea:a6:04:90:29:8c:df:
                    12:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:D9:FE:D4:13:91:87:29:0B:BF:52:29:8E:1F:49:0D:A0:A0:0A:A8
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS142951.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a12d::/32

    Signature Algorithm: sha256WithRSAEncryption
         82:de:07:fd:ad:11:87:e7:f8:74:fb:37:ff:ff:3b:51:fc:1c:
         b8:69:26:c3:2a:8b:6c:13:ca:1f:ef:9c:0c:35:fb:13:da:30:
         da:4e:60:4e:4a:02:05:8c:e5:1f:7e:05:8a:3f:86:5e:f4:a9:
         23:c1:f7:ab:9d:e4:de:44:73:32:1a:9c:01:f6:fa:ba:da:d1:
         fb:9d:20:04:37:d1:61:9f:3c:fb:51:b9:bc:5a:b3:c8:af:1f:
         2c:d1:16:29:33:44:7d:f6:a6:09:f7:fd:02:08:49:17:56:86:
         f5:29:1c:d1:67:2e:c0:e6:ba:cc:90:57:5a:f8:8f:1b:b5:8b:
         ed:f8:05:e0:c1:7f:95:1e:4c:3e:bb:16:66:ec:49:90:46:e8:
         e3:61:59:d8:30:72:2d:7e:a1:58:93:25:60:f1:0a:32:72:19:
         14:b1:fe:76:0d:36:10:7b:4c:1a:8f:21:75:ab:48:ca:c3:e7:
         c1:43:86:48:88:ce:f3:c0:28:5d:54:0c:e1:9e:4b:3a:1c:65:
         85:50:24:58:ba:0d:b1:5b:66:ee:93:d1:32:04:52:bc:64:07:
         4d:ff:0c:4c:b4:1a:16:86:8f:4c:83:61:e2:56:2a:fc:07:a2:
         1a:c2:39:d1:4e:03:c2:88:7d:a6:71:6f:bc:a1:1f:97:be:14:
         54:07:5c:f9
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUduBtut984VlTVQ9ZzKHEFc0uZMowDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDEzMFoX
DTI3MDMwMzA2MDYzMFowMzExMC8GA1UEAxMoMjNEOUZFRDQxMzkxODcyOTBCQkY1
MjI5OEUxRjQ5MERBMEEwMEFBODCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANv47S1DI4qEyo5e8gmItSKGlSAYwpGrYjR9eupcW1Vth3c4xPMDKtvKSgO6
VcjthfwAMQ3ChnkRVJY6o123M7h6Y5nA5wDK1Mp8yv5j44NQ3R4db7nZzFPMOiSh
H5mHdpsg2ASNiKS05L2oTimTv8fTbTsd/EZJQIQnzeNSgY1oA4UYN7e5QVXhmWZl
CpC7P1+YgHKljogM5oyO5eKgfA8UxJ2W3Ggfs+IpfJDEZzxRIfJZBO/2Wtw6KlAd
NWd6TWwhUq01OhkAJ6SfJKKtFjkguBPvWvEuOwPhw24bfM7AMx5lUoWfwZXlmDt4
II6XNF3cM7KYlFLqpgSQKYzfEgcCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQj2f7U
E5GHKQu/UimOH0kNoKAKqDAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0Mjk1MS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
oS0wDQYJKoZIhvcNAQELBQADggEBAILeB/2tEYfn+HT7N///O1H8HLhpJsMqi2wT
yh/vnAw1+xPaMNpOYE5KAgWM5R9+BYo/hl70qSPB96ud5N5EczIanAH2+rra0fud
IAQ30WGfPPtRubxas8ivHyzRFikzRH32pgn3/QIISRdWhvUpHNFnLsDmusyQV1r4
jxu1i+34BeDBf5UeTD67FmbsSZBG6ONhWdgwci1+oViTJWDxCjJyGRSx/nYNNhB7
TBqPIXWrSMrD58FDhkiIzvPAKF1UDOGeSzocZYVQJFi6DbFbZu6T0TIEUrxkB03/
DEy0GhaGj0yDYeJWKvwHohrCOdFOA8KIfaZxb7yhH5e+FFQHXPk=
-----END CERTIFICATE-----