Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS142977.roa
File:                     AS142977.roa (raw, json)
Hash identifier:          utnCEwbfJSOicGdzhv94z33VZ1rD5CGIAJkjJDsvs9Q=
Subject key identifier:   84:BD:01:37:C6:2C:8A:57:B3:EA:66:1F:72:CE:39:A1:BC:AE:51:7E
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       7B81FFACAE6B6672BAA2E0514E3C3C6170D12829
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS142977.roa
Signing time:             Wed 04 Mar 2026 06:07:33 +0000
ROA not before:           Wed 04 Mar 2026 06:02:33 +0000
ROA not after:            Wed 03 Mar 2027 06:07:33 +0000
asID:                     142977
IP address blocks:        240a:a147::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7b:81:ff:ac:ae:6b:66:72:ba:a2:e0:51:4e:3c:3c:61:70:d1:28:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:02:33 2026 GMT
            Not After : Mar  3 06:07:33 2027 GMT
        Subject: CN=84BD0137C62C8A57B3EA661F72CE39A1BCAE517E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:5f:8d:95:41:af:f8:1b:ae:2e:32:e2:18:69:
                    fb:a1:dc:bc:6b:5b:ea:ce:ea:7a:68:99:f3:e2:0d:
                    ec:a9:48:ef:7e:1c:79:0d:7f:9e:af:cf:c9:61:92:
                    4d:77:e0:2c:fb:d8:c7:e1:e6:c8:fa:5b:a5:dd:fc:
                    be:66:7f:e1:65:3a:71:1e:e9:c8:8a:b6:25:e0:45:
                    43:af:a0:f0:6e:51:08:d9:fa:33:ad:0a:da:90:05:
                    d0:f1:66:ce:83:95:62:7f:d6:0b:78:a9:e9:9e:fc:
                    cf:91:dd:01:cb:c3:eb:e6:08:2c:8a:66:2d:30:c1:
                    a3:ce:fc:91:b6:8c:0e:11:2c:e6:45:9c:a9:f7:6a:
                    7d:5c:72:6f:35:7c:80:f2:5f:e4:40:bf:60:8c:a7:
                    6e:4d:43:52:d8:b2:bf:51:b3:9a:f5:89:e2:bf:d2:
                    63:0c:84:a5:d4:28:d4:d3:62:70:cc:a9:ed:19:23:
                    eb:2a:4b:8f:69:40:a3:45:29:bd:d1:f6:9a:a1:db:
                    58:6e:40:38:a2:82:8b:1b:2d:e9:78:ed:b8:81:55:
                    d7:e9:f0:2c:57:b1:a7:d7:b8:57:be:ed:28:24:83:
                    e9:24:aa:18:03:03:07:27:59:66:96:73:3d:cc:62:
                    3a:4c:1e:62:95:57:71:c7:16:ba:4d:f4:2e:61:78:
                    72:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:BD:01:37:C6:2C:8A:57:B3:EA:66:1F:72:CE:39:A1:BC:AE:51:7E
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS142977.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a147::/32

    Signature Algorithm: sha256WithRSAEncryption
         cd:d0:bc:7e:da:1e:73:e6:21:93:f1:08:94:3d:e3:c4:f7:e2:
         5d:12:ee:23:55:4e:2c:68:7b:61:dc:1a:27:73:5a:d3:6b:e9:
         a5:f5:ef:ec:2f:3e:1b:c1:f8:2b:73:ae:82:56:b2:14:a2:36:
         c0:7f:fe:7a:5b:b6:23:ff:da:46:fc:35:c9:c5:3a:e9:a0:b6:
         a4:d9:6e:b9:67:af:09:05:54:5d:ce:eb:05:fd:19:8b:d6:b9:
         c4:9a:75:51:f9:27:05:cd:0d:61:90:83:c4:ce:5e:e2:73:bf:
         4a:bd:26:a0:68:38:f5:b5:2a:1c:69:95:fa:42:4b:af:44:2f:
         2f:10:99:d8:9f:70:76:23:45:8a:3f:5f:4e:91:44:ce:bd:c7:
         68:2c:ad:d8:2d:50:70:0f:fb:35:e9:5b:96:ef:1e:52:6c:02:
         f8:c4:dc:f8:82:8f:66:f5:44:96:ae:6f:a3:9e:6d:97:db:49:
         40:93:18:96:89:de:9a:be:55:e1:55:3b:e7:1c:34:48:b4:3b:
         32:8c:d5:17:87:d1:ff:2d:50:2e:52:02:16:a0:e8:99:fa:b5:
         79:c3:01:62:61:5d:fb:0d:21:98:7b:de:79:c1:5a:13:79:95:
         17:f4:0d:98:bd:76:35:dd:6f:19:71:92:c7:af:f8:f7:f5:1f:
         b3:c0:d2:46
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUe4H/rK5rZnK6ouBRTjw8YXDRKCkwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDIzM1oX
DTI3MDMwMzA2MDczM1owMzExMC8GA1UEAxMoODRCRDAxMzdDNjJDOEE1N0IzRUE2
NjFGNzJDRTM5QTFCQ0FFNTE3RTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKJfjZVBr/gbri4y4hhp+6HcvGtb6s7qemiZ8+IN7KlI734ceQ1/nq/PyWGS
TXfgLPvYx+HmyPpbpd38vmZ/4WU6cR7pyIq2JeBFQ6+g8G5RCNn6M60K2pAF0PFm
zoOVYn/WC3ip6Z78z5HdAcvD6+YILIpmLTDBo878kbaMDhEs5kWcqfdqfVxybzV8
gPJf5EC/YIynbk1DUtiyv1GzmvWJ4r/SYwyEpdQo1NNicMyp7Rkj6ypLj2lAo0Up
vdH2mqHbWG5AOKKCixst6XjtuIFV1+nwLFexp9e4V77tKCSD6SSqGAMDBydZZpZz
PcxiOkweYpVXcccWuk30LmF4cgkCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBSEvQE3
xiyKV7PqZh9yzjmhvK5RfjAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0Mjk3Ny5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
oUcwDQYJKoZIhvcNAQELBQADggEBAM3QvH7aHnPmIZPxCJQ948T34l0S7iNVTixo
e2HcGidzWtNr6aX17+wvPhvB+CtzroJWshSiNsB//npbtiP/2kb8NcnFOumgtqTZ
brlnrwkFVF3O6wX9GYvWucSadVH5JwXNDWGQg8TOXuJzv0q9JqBoOPW1KhxplfpC
S69ELy8QmdifcHYjRYo/X06RRM69x2gsrdgtUHAP+zXpW5bvHlJsAvjE3PiCj2b1
RJaub6OebZfbSUCTGJaJ3pq+VeFVO+ccNEi0OzKM1ReH0f8tUC5SAhag6Jn6tXnD
AWJhXfsNIZh73nnBWhN5lRf0DZi9djXdbxlxksev+Pf1H7PA0kY=
-----END CERTIFICATE-----