Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS142991.roa
File:                     AS142991.roa (raw, json)
Hash identifier:          7iaBjHreQh+rYrYDSqSgNqb95IfOpdV1d1AgzzZVi84=
Subject key identifier:   AA:24:28:AC:CF:CC:68:7B:53:AF:9A:FF:4E:C2:5B:52:6F:06:63:E4
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       12DA95BF0DA6D3F8089F1576244213C3E2A5D6C0
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS142991.roa
Signing time:             Wed 04 Mar 2026 06:05:15 +0000
ROA not before:           Wed 04 Mar 2026 06:00:15 +0000
ROA not after:            Wed 03 Mar 2027 06:05:15 +0000
asID:                     142991
IP address blocks:        240a:a155::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            12:da:95:bf:0d:a6:d3:f8:08:9f:15:76:24:42:13:c3:e2:a5:d6:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:00:15 2026 GMT
            Not After : Mar  3 06:05:15 2027 GMT
        Subject: CN=AA2428ACCFCC687B53AF9AFF4EC25B526F0663E4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:2a:70:09:b7:de:ec:3b:d2:fa:5d:01:57:e3:
                    39:34:15:a0:a4:09:59:9c:7c:d7:23:d6:25:d7:dd:
                    98:63:59:70:e4:d2:00:95:d9:ab:12:8d:1d:d2:d4:
                    a5:c8:17:e1:77:fb:80:b3:10:d5:5c:dd:cb:65:5a:
                    89:ae:56:2f:36:13:21:69:4e:11:f7:d4:db:df:f0:
                    bc:56:2a:77:92:d3:f5:78:b2:22:f8:b7:32:8d:e9:
                    e4:40:87:d9:2d:dc:5c:52:74:a8:45:b8:69:e6:b9:
                    61:18:14:84:51:6e:65:37:c3:79:0a:fc:35:62:ac:
                    84:0e:88:72:b4:ad:a2:5d:a6:9b:bd:48:6d:d7:47:
                    b6:0c:ea:74:44:bf:ce:a1:bf:b8:77:38:a6:75:6f:
                    72:fd:2c:e1:f3:27:b6:56:c1:15:b1:d3:f8:db:31:
                    c3:c5:70:2c:12:38:56:b7:68:49:e5:3d:88:08:e3:
                    35:d0:85:2e:87:dd:cc:1a:f3:d0:c0:0b:3a:b8:8e:
                    b5:26:ab:5a:4f:0f:81:fa:81:1b:14:e0:dd:bf:d0:
                    02:ca:7a:55:9a:fe:c3:da:11:3f:be:57:60:1e:e4:
                    f0:bc:9a:c2:ec:7a:ba:5c:72:b0:27:3f:42:8d:c6:
                    67:7b:bc:9c:68:7d:8d:7f:69:9f:69:3d:06:2b:50:
                    fc:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:24:28:AC:CF:CC:68:7B:53:AF:9A:FF:4E:C2:5B:52:6F:06:63:E4
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS142991.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a155::/32

    Signature Algorithm: sha256WithRSAEncryption
         c0:df:09:dc:32:06:56:bc:a8:a0:e5:b3:97:fe:68:0d:9a:b9:
         e3:e9:b3:08:1a:f4:95:17:96:f3:bb:bd:a0:08:72:df:44:9a:
         18:3d:a8:d1:da:ab:f9:4e:51:21:0d:a2:7a:5e:02:0b:74:cf:
         8f:6c:80:e9:b4:35:04:8d:b9:dc:ce:7e:76:6a:46:24:33:30:
         86:24:7d:ee:de:27:b5:37:63:4e:2b:7a:74:9e:32:e7:1f:7a:
         eb:0b:6e:9d:c7:66:d2:56:54:84:35:b8:13:61:30:7e:28:7d:
         a3:cd:b7:86:22:4f:1e:68:94:6e:20:1c:71:f3:f1:e6:7e:95:
         29:1e:ab:f9:d6:b7:d9:3d:8b:10:85:59:e1:55:7f:62:49:d7:
         ca:45:b2:65:c5:c5:84:30:28:1d:3f:bf:4e:13:bc:57:af:ec:
         cc:78:42:f6:66:81:53:5b:75:9f:c1:44:12:c0:df:3b:aa:dc:
         9e:dc:72:33:7b:43:98:69:59:f5:b6:00:37:5f:fc:9a:4a:07:
         9d:8f:83:26:8f:14:ae:9b:36:49:dd:d4:d4:e2:aa:5d:60:72:
         35:dd:86:79:31:37:fe:ac:51:31:62:07:79:bf:ee:17:aa:db:
         e3:9b:b9:4d:a9:4e:21:16:2d:4e:f0:80:a8:12:ae:c6:60:0c:
         35:3b:47:8b
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUEtqVvw2m0/gInxV2JEITw+Kl1sAwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDAxNVoX
DTI3MDMwMzA2MDUxNVowMzExMC8GA1UEAxMoQUEyNDI4QUNDRkNDNjg3QjUzQUY5
QUZGNEVDMjVCNTI2RjA2NjNFNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMQqcAm33uw70vpdAVfjOTQVoKQJWZx81yPWJdfdmGNZcOTSAJXZqxKNHdLU
pcgX4Xf7gLMQ1Vzdy2Vaia5WLzYTIWlOEffU29/wvFYqd5LT9XiyIvi3Mo3p5ECH
2S3cXFJ0qEW4aea5YRgUhFFuZTfDeQr8NWKshA6IcrStol2mm71IbddHtgzqdES/
zqG/uHc4pnVvcv0s4fMntlbBFbHT+Nsxw8VwLBI4VrdoSeU9iAjjNdCFLofdzBrz
0MALOriOtSarWk8PgfqBGxTg3b/QAsp6VZr+w9oRP75XYB7k8Lyawux6ulxysCc/
Qo3GZ3u8nGh9jX9pn2k9BitQ/LsCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBSqJCis
z8xoe1Ovmv9OwltSbwZj5DAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0Mjk5MS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
oVUwDQYJKoZIhvcNAQELBQADggEBAMDfCdwyBla8qKDls5f+aA2auePpswga9JUX
lvO7vaAIct9Emhg9qNHaq/lOUSENonpeAgt0z49sgOm0NQSNudzOfnZqRiQzMIYk
fe7eJ7U3Y04renSeMucfeusLbp3HZtJWVIQ1uBNhMH4ofaPNt4YiTx5olG4gHHHz
8eZ+lSkeq/nWt9k9ixCFWeFVf2JJ18pFsmXFxYQwKB0/v04TvFev7Mx4QvZmgVNb
dZ/BRBLA3zuq3J7ccjN7Q5hpWfW2ADdf/JpKB52PgyaPFK6bNknd1NTiql1gcjXd
hnkxN/6sUTFiB3m/7heq2+ObuU2pTiEWLU7wgKgSrsZgDDU7R4s=
-----END CERTIFICATE-----