Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144027.roa
File:                     AS144027.roa (raw, json)
Hash identifier:          eztNtCu3cz2MRnxoDNYcWg0177HoxjlUWg8dMA8MbQk=
Subject key identifier:   7B:9A:FD:81:45:63:68:0F:C2:2A:ED:1E:76:F1:81:47:EC:4D:9D:EC
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       1774C70D38976E92A855CAE7FA52B9132DF57E3E
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144027.roa
Signing time:             Wed 04 Mar 2026 06:12:36 +0000
ROA not before:           Wed 04 Mar 2026 06:07:36 +0000
ROA not after:            Wed 03 Mar 2027 06:12:36 +0000
asID:                     144027
IP address blocks:        240a:a561::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:74:c7:0d:38:97:6e:92:a8:55:ca:e7:fa:52:b9:13:2d:f5:7e:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:07:36 2026 GMT
            Not After : Mar  3 06:12:36 2027 GMT
        Subject: CN=7B9AFD814563680FC22AED1E76F18147EC4D9DEC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:c2:ce:74:32:fb:71:79:f9:a0:0e:81:60:f2:
                    fa:dc:c4:60:39:ed:c0:bd:a3:fa:8b:17:b1:14:25:
                    db:cb:dc:60:88:0d:bc:24:88:ca:50:b4:ca:24:3d:
                    a0:27:cb:9d:1b:ce:36:fe:0e:eb:f5:8f:97:d5:de:
                    80:94:0d:85:d7:8d:24:21:f0:e9:a2:a0:9e:93:3f:
                    b9:bb:31:28:dd:b9:b4:dc:6f:23:e2:92:0d:eb:4f:
                    39:46:ee:d3:73:f0:d0:67:4c:ed:a4:f5:8b:4b:f8:
                    9b:0b:2d:ce:1f:e0:52:dc:15:18:dc:51:db:f7:83:
                    ca:4a:1a:f3:63:66:f4:f8:3c:9c:6c:c0:3a:c1:a9:
                    2f:e6:3d:c0:53:37:bf:8c:89:33:5d:9c:d9:9d:47:
                    31:a7:0c:6f:29:ee:89:a5:2d:94:39:7d:f3:38:d8:
                    ac:e7:a4:24:07:e0:a5:e6:79:ed:30:af:5d:6d:54:
                    48:7c:c8:87:cb:84:61:b7:30:83:5b:1e:72:84:be:
                    ed:55:97:09:0d:9d:e4:08:db:f8:0d:80:70:6d:8a:
                    fa:9b:29:3b:69:6d:f9:0c:26:3e:1d:6c:14:4c:e0:
                    f1:f4:1f:5d:92:8a:d7:2f:c0:44:2e:d8:25:03:31:
                    14:fe:aa:82:c0:71:07:dd:ad:a2:6b:c8:02:d7:07:
                    a3:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:9A:FD:81:45:63:68:0F:C2:2A:ED:1E:76:F1:81:47:EC:4D:9D:EC
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144027.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a561::/32

    Signature Algorithm: sha256WithRSAEncryption
         7f:88:0e:e3:1f:c7:79:ed:55:52:5b:aa:77:83:36:0d:6a:7c:
         4b:cd:82:bc:c6:98:98:b2:ae:c9:dd:16:82:7b:e1:27:fc:22:
         ed:b7:bf:cc:55:df:a4:ab:ed:bc:1b:8b:37:63:6d:fb:79:a5:
         83:e6:15:58:20:c1:f7:52:a1:97:d1:19:8c:ed:37:29:08:49:
         c8:1b:27:81:b2:45:36:5b:cc:ce:06:8a:dd:c6:29:a1:35:ea:
         58:df:d7:a2:6a:af:e4:6b:04:6d:a4:7b:3f:93:39:62:4d:9d:
         82:ab:31:b8:fb:88:36:a2:80:36:27:51:2b:b2:ed:3a:ab:dd:
         ae:61:d3:f2:52:9f:bd:51:66:7a:57:f1:ef:f0:5e:f4:78:94:
         0c:aa:b0:55:e4:3a:f3:5f:06:3c:16:c0:91:a6:94:10:b5:22:
         67:d4:59:00:5f:74:ab:c1:34:98:62:5f:66:ae:3e:19:7c:e1:
         49:06:bf:30:1b:fb:9b:66:76:9f:f7:0a:e5:44:f1:2c:28:33:
         52:66:cc:08:80:96:25:71:1a:c3:e5:eb:64:03:4e:60:79:b7:
         8e:27:b4:ec:bb:3f:53:6b:f5:09:69:c8:c8:b7:28:e5:d1:4c:
         4d:c3:75:e2:70:87:e3:66:1e:49:1f:35:a6:1d:ed:95:a0:7e:
         41:ca:48:ff
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUF3THDTiXbpKoVcrn+lK5Ey31fj4wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDczNloX
DTI3MDMwMzA2MTIzNlowMzExMC8GA1UEAxMoN0I5QUZEODE0NTYzNjgwRkMyMkFF
RDFFNzZGMTgxNDdFQzREOURFQzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALXCznQy+3F5+aAOgWDy+tzEYDntwL2j+osXsRQl28vcYIgNvCSIylC0yiQ9
oCfLnRvONv4O6/WPl9XegJQNhdeNJCHw6aKgnpM/ubsxKN25tNxvI+KSDetPOUbu
03Pw0GdM7aT1i0v4mwstzh/gUtwVGNxR2/eDykoa82Nm9Pg8nGzAOsGpL+Y9wFM3
v4yJM12c2Z1HMacMbynuiaUtlDl98zjYrOekJAfgpeZ57TCvXW1USHzIh8uEYbcw
g1secoS+7VWXCQ2d5Ajb+A2AcG2K+pspO2lt+QwmPh1sFEzg8fQfXZKK1y/ARC7Y
JQMxFP6qgsBxB92tomvIAtcHo+0CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBR7mv2B
RWNoD8Iq7R528YFH7E2d7DAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDAyNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
pWEwDQYJKoZIhvcNAQELBQADggEBAH+IDuMfx3ntVVJbqneDNg1qfEvNgrzGmJiy
rsndFoJ74Sf8Iu23v8xV36Sr7bwbizdjbft5pYPmFVggwfdSoZfRGYztNykIScgb
J4GyRTZbzM4Git3GKaE16ljf16Jqr+RrBG2kez+TOWJNnYKrMbj7iDaigDYnUSuy
7Tqr3a5h0/JSn71RZnpX8e/wXvR4lAyqsFXkOvNfBjwWwJGmlBC1ImfUWQBfdKvB
NJhiX2auPhl84UkGvzAb+5tmdp/3CuVE8SwoM1JmzAiAliVxGsPl62QDTmB5t44n
tOy7P1Nr9QlpyMi3KOXRTE3DdeJwh+NmHkkfNaYd7ZWgfkHKSP8=
-----END CERTIFICATE-----