Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144024.roa
File:                     AS144024.roa (raw, json)
Hash identifier:          akO5Lq/YAeChp5AoNgRQNziVfJ8kfBqgqS8En22iZrM=
Subject key identifier:   5C:79:75:28:60:F7:B7:B1:38:31:70:81:61:91:32:85:5F:20:59:45
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       130205EB3FB349A956C2224E09C421CA4C776B4C
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144024.roa
Signing time:             Wed 04 Mar 2026 06:15:41 +0000
ROA not before:           Wed 04 Mar 2026 06:10:41 +0000
ROA not after:            Wed 03 Mar 2027 06:15:41 +0000
asID:                     144024
IP address blocks:        240a:a55e::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:02:05:eb:3f:b3:49:a9:56:c2:22:4e:09:c4:21:ca:4c:77:6b:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:10:41 2026 GMT
            Not After : Mar  3 06:15:41 2027 GMT
        Subject: CN=5C79752860F7B7B138317081619132855F205945
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:e9:1b:7b:2d:ad:e2:3c:64:ab:e4:c1:8a:1b:
                    6a:af:ff:99:ce:a5:04:0c:92:a6:14:95:5d:54:83:
                    9e:bc:7b:a0:ec:e7:a1:18:07:01:46:98:66:e8:49:
                    54:98:38:6c:aa:e2:a5:a6:68:8d:ba:89:e5:51:2f:
                    27:69:af:cf:60:d9:69:f1:dc:4f:2b:d5:ce:31:a1:
                    a3:16:da:66:10:e2:b0:51:63:55:f9:1c:40:dc:27:
                    03:2e:03:6c:a1:16:68:81:3f:ca:b7:b5:ed:0d:7f:
                    11:d1:ef:7e:95:d6:49:42:a9:65:a5:13:4a:a7:98:
                    7f:0d:7b:da:4a:25:23:0f:7c:55:d2:a7:4d:6d:1a:
                    6e:ba:f7:4a:07:24:57:4b:d8:58:ef:36:e5:77:5b:
                    d3:b4:e5:f2:72:0b:ef:de:ee:37:56:fb:7a:ac:f1:
                    13:32:ab:56:4b:54:f2:58:77:be:8c:37:9d:e3:bb:
                    e4:a5:be:a2:9b:73:07:1f:da:ab:00:d0:ce:5f:d0:
                    a1:f3:87:c3:2e:a4:0d:dd:a7:82:64:a7:5b:02:37:
                    05:de:c8:74:f5:c1:e2:ad:9a:f9:7b:c3:b2:5a:b1:
                    56:28:81:c6:6b:ac:e5:f9:68:fc:65:5c:88:e4:1d:
                    96:27:62:59:f7:ca:20:31:db:d7:cc:27:93:e6:9d:
                    d5:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:79:75:28:60:F7:B7:B1:38:31:70:81:61:91:32:85:5F:20:59:45
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144024.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a55e::/32

    Signature Algorithm: sha256WithRSAEncryption
         35:e8:ce:dc:35:01:b8:d0:f6:32:25:d8:10:56:64:a6:cd:07:
         ce:e0:23:6c:09:7f:74:c6:fc:81:29:ba:3e:6a:c5:f1:05:0b:
         2a:b4:33:cf:7e:b7:39:14:c6:4a:ba:9f:9b:fa:40:95:66:1a:
         2b:53:9b:cb:89:ec:25:cd:5e:d9:34:78:a0:6e:b0:0f:72:87:
         a8:4c:76:85:48:dd:ef:f0:47:c5:3b:70:ea:c0:5c:31:33:97:
         14:02:46:2f:3f:8e:77:4d:e0:0d:ea:89:84:c0:82:72:c8:f6:
         e7:b7:3e:70:95:5a:8a:96:2a:2e:ab:4a:e9:fc:69:0f:d1:7d:
         30:90:1f:15:09:72:de:0f:c0:a8:bb:99:52:d7:4e:5e:99:1f:
         37:6d:ed:49:bf:24:6f:43:59:71:ee:5b:51:67:f0:ca:fd:5c:
         3b:fa:fe:31:f4:3a:1a:b4:67:ba:21:4e:c3:13:22:e7:9c:32:
         80:94:45:f3:95:1e:77:12:3d:a4:8a:79:15:6f:f3:e3:80:b2:
         3a:b9:b2:72:f4:de:cf:69:18:0e:54:b6:09:60:53:5e:d2:f4:
         ef:eb:27:e7:ca:72:30:93:d3:93:a1:6d:a3:29:63:47:db:12:
         cf:5d:8e:fe:31:b7:f4:17:f6:fd:dc:2a:1e:9f:a1:19:c7:b8:
         de:9d:ba:23
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUEwIF6z+zSalWwiJOCcQhykx3a0wwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTA0MVoX
DTI3MDMwMzA2MTU0MVowMzExMC8GA1UEAxMoNUM3OTc1Mjg2MEY3QjdCMTM4MzE3
MDgxNjE5MTMyODU1RjIwNTk0NTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKLpG3streI8ZKvkwYobaq//mc6lBAySphSVXVSDnrx7oOznoRgHAUaYZuhJ
VJg4bKripaZojbqJ5VEvJ2mvz2DZafHcTyvVzjGhoxbaZhDisFFjVfkcQNwnAy4D
bKEWaIE/yre17Q1/EdHvfpXWSUKpZaUTSqeYfw172kolIw98VdKnTW0abrr3Sgck
V0vYWO825Xdb07Tl8nIL797uN1b7eqzxEzKrVktU8lh3vow3neO75KW+optzBx/a
qwDQzl/QofOHwy6kDd2ngmSnWwI3Bd7IdPXB4q2a+XvDslqxViiBxmus5flo/GVc
iOQdlidiWffKIDHb18wnk+ad1XUCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBRceXUo
YPe3sTgxcIFhkTKFXyBZRTAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDAyNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
pV4wDQYJKoZIhvcNAQELBQADggEBADXoztw1AbjQ9jIl2BBWZKbNB87gI2wJf3TG
/IEpuj5qxfEFCyq0M89+tzkUxkq6n5v6QJVmGitTm8uJ7CXNXtk0eKBusA9yh6hM
doVI3e/wR8U7cOrAXDEzlxQCRi8/jndN4A3qiYTAgnLI9ue3PnCVWoqWKi6rSun8
aQ/RfTCQHxUJct4PwKi7mVLXTl6ZHzdt7Um/JG9DWXHuW1Fn8Mr9XDv6/jH0Ohq0
Z7ohTsMTIuecMoCURfOVHncSPaSKeRVv8+OAsjq5snL03s9pGA5UtglgU17S9O/r
J+fKcjCT05OhbaMpY0fbEs9djv4xt/QX9v3cKh6foRnHuN6duiM=
-----END CERTIFICATE-----