Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144028.roa
File:                     AS144028.roa (raw, json)
Hash identifier:          LK2pg3YPDswlrQMAVMZNL/cVQdKJeJ7k+eM2CJtHqKw=
Subject key identifier:   26:76:BB:27:83:E2:F7:DC:DC:A4:D8:17:A6:3F:F1:71:E4:4E:A9:20
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       1EE9E954589A5D517A6E4AF3B3B1559601D3BBE4
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144028.roa
Signing time:             Wed 04 Mar 2026 06:12:49 +0000
ROA not before:           Wed 04 Mar 2026 06:07:49 +0000
ROA not after:            Wed 03 Mar 2027 06:12:49 +0000
asID:                     144028
IP address blocks:        240a:a562::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:e9:e9:54:58:9a:5d:51:7a:6e:4a:f3:b3:b1:55:96:01:d3:bb:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:07:49 2026 GMT
            Not After : Mar  3 06:12:49 2027 GMT
        Subject: CN=2676BB2783E2F7DCDCA4D817A63FF171E44EA920
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:25:39:2f:a1:77:34:fe:89:b8:4b:75:01:cf:
                    60:68:05:28:21:d6:fc:ea:9e:c8:61:e9:82:fa:de:
                    79:85:fa:0f:fc:29:ee:35:21:4a:24:c5:71:a7:54:
                    d4:03:4b:0c:62:58:10:3f:3d:61:ff:8d:f0:89:e3:
                    a8:39:3c:28:9a:ff:77:92:8b:f5:de:8e:7a:60:12:
                    81:88:c1:18:d3:28:d2:63:fd:c7:16:a1:60:36:82:
                    b5:3f:67:eb:c1:fb:78:9f:33:b3:74:9c:81:6b:b6:
                    72:79:fa:35:77:78:b0:c1:33:f0:36:50:3d:7f:be:
                    7c:ec:3b:3d:63:e6:b1:be:60:8f:c8:1b:9f:ef:f6:
                    73:71:ac:99:3f:64:e3:b5:fb:57:1c:72:f6:c9:87:
                    e9:e5:67:3f:a1:5a:0b:7e:5e:8a:47:0b:cb:b2:32:
                    f5:e8:9f:b3:05:e9:28:76:a6:a0:1c:fa:cc:44:66:
                    60:87:9f:9a:64:66:d0:b9:f0:5c:c1:af:84:89:47:
                    e6:0a:07:99:32:49:46:04:50:e4:b4:ca:5f:16:45:
                    c1:97:17:ad:c7:8b:c1:1b:ed:73:46:1f:fc:7a:17:
                    a7:0c:31:ab:fc:49:f3:44:fe:df:e9:5e:d3:04:62:
                    0c:e3:f9:1d:ce:c9:cb:0f:d5:76:ef:ea:54:0c:45:
                    e9:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:76:BB:27:83:E2:F7:DC:DC:A4:D8:17:A6:3F:F1:71:E4:4E:A9:20
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144028.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a562::/32

    Signature Algorithm: sha256WithRSAEncryption
         1a:80:b8:a8:36:55:3e:b3:f2:80:48:3f:b5:7b:20:68:12:f1:
         ca:51:c0:b7:37:3d:00:7d:e4:5d:bb:16:88:21:f0:9d:6a:bf:
         19:f3:ff:73:b9:72:64:df:13:77:6f:79:6b:63:fd:32:d2:36:
         56:88:c5:3e:74:5f:7c:30:31:27:c6:e1:33:bc:ff:2b:51:d9:
         e5:5b:7b:e2:8a:2e:58:51:1c:a1:27:3c:8e:54:72:8c:a9:f9:
         cd:6b:fb:8e:24:0a:bc:a6:14:95:e1:f1:b0:aa:5c:0b:d2:a5:
         8c:ef:c4:d0:2d:02:9d:01:06:6d:01:3f:86:ab:fc:27:59:72:
         d8:bf:86:27:a0:3c:ae:22:52:0d:de:59:bc:32:e6:ee:81:7a:
         da:0a:cc:54:1a:7e:2b:53:5e:89:de:f8:ea:21:8a:bc:c8:1a:
         96:84:2c:2c:ba:7e:53:57:1e:80:54:dc:49:a9:d4:95:29:83:
         b5:53:1c:5b:70:aa:59:8f:83:53:95:67:2e:cd:7c:52:07:87:
         e0:6d:89:89:90:49:18:46:35:c5:20:e6:aa:1e:e8:65:d1:ff:
         18:f3:da:32:6d:5b:23:4a:8a:ff:56:4b:ee:25:55:b8:f0:e7:
         75:6b:65:78:bc:ac:87:ef:da:2b:9f:1a:52:54:e4:54:16:42:
         22:90:3a:e9
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUHunpVFiaXVF6bkrzs7FVlgHTu+QwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDc0OVoX
DTI3MDMwMzA2MTI0OVowMzExMC8GA1UEAxMoMjY3NkJCMjc4M0UyRjdEQ0RDQTRE
ODE3QTYzRkYxNzFFNDRFQTkyMDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKolOS+hdzT+ibhLdQHPYGgFKCHW/OqeyGHpgvreeYX6D/wp7jUhSiTFcadU
1ANLDGJYED89Yf+N8InjqDk8KJr/d5KL9d6OemASgYjBGNMo0mP9xxahYDaCtT9n
68H7eJ8zs3ScgWu2cnn6NXd4sMEz8DZQPX++fOw7PWPmsb5gj8gbn+/2c3GsmT9k
47X7Vxxy9smH6eVnP6FaC35eikcLy7Iy9eifswXpKHamoBz6zERmYIefmmRm0Lnw
XMGvhIlH5goHmTJJRgRQ5LTKXxZFwZcXrceLwRvtc0Yf/HoXpwwxq/xJ80T+3+le
0wRiDOP5Hc7Jyw/Vdu/qVAxF6d0CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQmdrsn
g+L33Nyk2BemP/Fx5E6pIDAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDAyOC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
pWIwDQYJKoZIhvcNAQELBQADggEBABqAuKg2VT6z8oBIP7V7IGgS8cpRwLc3PQB9
5F27Fogh8J1qvxnz/3O5cmTfE3dveWtj/TLSNlaIxT50X3wwMSfG4TO8/ytR2eVb
e+KKLlhRHKEnPI5Ucoyp+c1r+44kCrymFJXh8bCqXAvSpYzvxNAtAp0BBm0BP4ar
/CdZcti/hiegPK4iUg3eWbwy5u6BetoKzFQafitTXone+OohirzIGpaELCy6flNX
HoBU3Emp1JUpg7VTHFtwqlmPg1OVZy7NfFIHh+BtiYmQSRhGNcUg5qoe6GXR/xjz
2jJtWyNKiv9WS+4lVbjw53VrZXi8rIfv2iufGlJU5FQWQiKQOuk=
-----END CERTIFICATE-----