Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144017.roa
File:                     AS144017.roa (raw, json)
Hash identifier:          9RX9E/RhI8It5cSG9h+EdBS4150KgsP7R+T575n1qR4=
Subject key identifier:   6B:29:4B:31:4C:C7:70:A0:BA:68:18:97:BC:E1:82:27:35:D0:65:A9
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       080D59664B2C2CBCD66DD4982468CFF3A319623B
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144017.roa
Signing time:             Wed 04 Mar 2026 06:15:01 +0000
ROA not before:           Wed 04 Mar 2026 06:10:01 +0000
ROA not after:            Wed 03 Mar 2027 06:15:01 +0000
asID:                     144017
IP address blocks:        240a:a557::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            08:0d:59:66:4b:2c:2c:bc:d6:6d:d4:98:24:68:cf:f3:a3:19:62:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:10:01 2026 GMT
            Not After : Mar  3 06:15:01 2027 GMT
        Subject: CN=6B294B314CC770A0BA681897BCE1822735D065A9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:51:08:8a:5c:5f:3d:8f:97:21:7f:64:58:6f:
                    60:63:2e:7e:30:26:b0:33:6e:c6:fc:b2:e5:c4:cb:
                    96:02:15:e8:9f:8b:78:43:35:5f:36:a0:62:d0:b0:
                    0b:e3:4c:46:f8:38:09:33:65:96:76:e4:42:8d:0d:
                    b7:81:da:70:ff:47:7d:9e:70:a2:ca:0f:18:5f:c6:
                    a7:4d:98:d8:88:18:35:fd:74:f1:9a:1e:71:2a:37:
                    bf:23:bb:f4:de:0d:13:cb:b0:3c:d6:72:21:95:ea:
                    e1:82:13:ea:82:c7:0a:72:e3:5e:cf:6b:7d:c6:21:
                    3f:fc:e5:08:43:a7:42:65:0f:f2:c1:97:22:80:96:
                    74:21:c0:40:86:72:5b:74:b3:41:86:a7:bc:e4:a4:
                    59:57:53:a0:b6:c3:91:b3:88:fe:04:0e:02:59:84:
                    ce:6a:87:f3:79:32:1c:05:5a:75:f8:72:55:dc:67:
                    06:e0:c2:93:6e:9b:96:7b:16:dd:1c:ab:f8:87:ab:
                    ed:8a:36:65:74:bd:4b:d0:27:aa:16:ea:d6:f2:54:
                    f8:1b:51:a1:98:b9:de:7b:28:fe:3c:9c:c6:99:f9:
                    dd:18:1d:fd:72:df:8a:1c:cd:ac:65:a8:01:71:6b:
                    b1:d4:20:3e:07:df:04:b0:ae:3e:87:88:3d:5b:9d:
                    d2:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:29:4B:31:4C:C7:70:A0:BA:68:18:97:BC:E1:82:27:35:D0:65:A9
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144017.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a557::/32

    Signature Algorithm: sha256WithRSAEncryption
         c6:3d:67:c2:7a:31:6f:29:f1:12:7e:56:20:84:d3:93:6e:6f:
         dd:67:7a:b9:1d:82:df:31:4c:54:68:7c:57:1e:c4:fc:28:36:
         0d:4c:d2:40:32:45:0b:d6:5c:ec:3b:f6:f9:23:36:bf:fe:bb:
         a0:1f:90:4d:a9:48:d2:d3:a5:fc:dc:f2:5e:11:75:bd:08:24:
         7b:a9:f7:ef:be:9d:c6:1e:52:dc:f3:55:18:7d:af:07:13:26:
         68:51:8e:5f:84:3d:e0:52:d8:a9:33:6a:c6:ce:f2:d2:06:7f:
         8a:89:25:9f:3b:98:77:80:32:0b:66:58:58:33:1d:97:3d:0b:
         5f:08:42:07:4c:e2:05:4b:ec:76:f7:8e:d1:d1:0e:ac:e1:f7:
         97:8b:a9:70:a9:5d:3e:6b:39:dc:39:a6:f4:fe:55:f2:8c:cf:
         9b:b3:0e:76:bd:56:fb:96:2d:ea:60:03:f5:9b:7e:21:82:fb:
         fa:29:9c:12:ae:77:c6:ca:9b:e9:99:b2:57:a6:b8:6d:bb:7a:
         b3:06:41:4a:77:8f:18:9d:f1:2e:74:89:fe:80:d3:18:51:67:
         56:3e:4f:85:ec:2b:76:99:18:1a:e9:b7:19:28:e6:30:34:7f:
         09:80:4f:b0:13:45:73:b9:bc:bb:74:a6:a3:55:1f:df:18:82:
         7f:f3:74:9d
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUCA1ZZkssLLzWbdSYJGjP86MZYjswDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTAwMVoX
DTI3MDMwMzA2MTUwMVowMzExMC8GA1UEAxMoNkIyOTRCMzE0Q0M3NzBBMEJBNjgx
ODk3QkNFMTgyMjczNUQwNjVBOTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOVRCIpcXz2PlyF/ZFhvYGMufjAmsDNuxvyy5cTLlgIV6J+LeEM1XzagYtCw
C+NMRvg4CTNllnbkQo0Nt4HacP9HfZ5wosoPGF/Gp02Y2IgYNf108ZoecSo3vyO7
9N4NE8uwPNZyIZXq4YIT6oLHCnLjXs9rfcYhP/zlCEOnQmUP8sGXIoCWdCHAQIZy
W3SzQYanvOSkWVdToLbDkbOI/gQOAlmEzmqH83kyHAVadfhyVdxnBuDCk26blnsW
3Ryr+Ier7Yo2ZXS9S9Anqhbq1vJU+BtRoZi53nso/jycxpn53Rgd/XLfihzNrGWo
AXFrsdQgPgffBLCuPoeIPVud0rUCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBRrKUsx
TMdwoLpoGJe84YInNdBlqTAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDAxNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
pVcwDQYJKoZIhvcNAQELBQADggEBAMY9Z8J6MW8p8RJ+ViCE05Nub91nerkdgt8x
TFRofFcexPwoNg1M0kAyRQvWXOw79vkjNr/+u6AfkE2pSNLTpfzc8l4Rdb0IJHup
9+++ncYeUtzzVRh9rwcTJmhRjl+EPeBS2KkzasbO8tIGf4qJJZ87mHeAMgtmWFgz
HZc9C18IQgdM4gVL7Hb3jtHRDqzh95eLqXCpXT5rOdw5pvT+VfKMz5uzDna9VvuW
LepgA/WbfiGC+/opnBKud8bKm+mZslemuG27erMGQUp3jxid8S50if6A0xhRZ1Y+
T4XsK3aZGBrptxko5jA0fwmAT7ATRXO5vLt0pqNVH98Ygn/zdJ0=
-----END CERTIFICATE-----