Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144030.roa
File:                     AS144030.roa (raw, json)
Hash identifier:          NE1qIHM0IEZUqOK6roWa8Zzp0BenxRcV8rWPfkS+jF8=
Subject key identifier:   88:E6:C1:AC:1A:6E:7A:DD:26:41:DC:A0:F5:8E:FF:71:F1:56:E5:35
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       46D7DB80198924C73736A16E49F01E75036F6CF7
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144030.roa
Signing time:             Wed 04 Mar 2026 06:13:00 +0000
ROA not before:           Wed 04 Mar 2026 06:08:00 +0000
ROA not after:            Wed 03 Mar 2027 06:13:00 +0000
asID:                     144030
IP address blocks:        240a:a564::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:d7:db:80:19:89:24:c7:37:36:a1:6e:49:f0:1e:75:03:6f:6c:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:08:00 2026 GMT
            Not After : Mar  3 06:13:00 2027 GMT
        Subject: CN=88E6C1AC1A6E7ADD2641DCA0F58EFF71F156E535
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:f3:1d:95:ad:d0:86:b1:63:76:89:5c:99:c5:
                    5c:92:f5:79:fe:98:04:d7:ee:95:1a:40:d7:3e:e4:
                    3b:c7:40:a0:43:b2:c5:1d:a4:57:d6:26:02:f8:39:
                    96:e1:74:88:e7:a3:43:cf:2f:e9:df:95:42:4b:61:
                    cc:46:ca:7e:0e:d5:d7:00:d3:aa:f3:a7:94:1e:32:
                    bf:e9:8d:d4:41:72:a3:e9:b4:97:cd:62:ec:cf:6d:
                    78:cd:3a:3c:a4:f4:de:7e:4b:0b:b8:7c:46:59:a5:
                    53:0f:d6:e2:47:19:d4:46:a4:db:56:56:a9:29:d1:
                    aa:1c:d1:d7:49:37:4a:67:87:43:ca:01:db:5a:15:
                    80:35:c7:17:c9:d4:5a:61:9c:f1:e0:a0:f1:e6:b6:
                    ef:fa:62:82:b5:d9:8b:16:8b:ad:1a:aa:ee:95:b4:
                    e5:60:29:d1:34:84:29:b1:35:db:45:1f:c9:41:dd:
                    30:eb:e4:f5:b5:bd:4f:59:9f:5b:ba:e0:75:e9:e0:
                    bf:66:31:d6:9d:2e:a8:b0:04:df:1e:eb:20:82:aa:
                    6b:ce:fc:55:b0:af:11:36:a4:17:7a:2a:05:33:79:
                    91:96:81:9e:bf:75:d0:59:e5:70:69:fa:7e:f2:80:
                    62:fe:52:cd:26:c1:8d:73:87:18:c4:5e:4f:77:e6:
                    ea:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:E6:C1:AC:1A:6E:7A:DD:26:41:DC:A0:F5:8E:FF:71:F1:56:E5:35
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144030.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a564::/32

    Signature Algorithm: sha256WithRSAEncryption
         b1:cd:8a:de:e8:e9:de:22:7b:54:0c:a8:28:df:49:09:62:3d:
         39:e5:9e:95:d8:21:d7:89:fe:20:91:3b:15:bb:0b:f7:cb:56:
         48:00:3b:39:0a:fa:69:78:ac:d4:ac:40:23:1d:d5:1c:16:9d:
         54:8e:e0:62:2e:6b:c7:86:81:96:64:61:03:1e:b8:3e:9d:c5:
         f9:72:8a:d6:b0:fe:ff:76:01:64:92:29:9a:4a:d3:c9:a1:39:
         e2:83:98:70:2a:ec:1c:e7:11:8d:bc:b2:7c:5a:80:8f:90:99:
         f9:2e:ab:a4:14:3b:a8:d0:e0:ce:a4:79:b7:e3:6f:db:b1:b9:
         17:0b:2d:89:cc:7f:76:a9:fc:26:a1:22:73:9a:a6:1e:89:27:
         b9:67:63:0e:40:28:f4:23:c2:c0:57:a1:e7:4e:82:bb:7c:09:
         c3:86:ac:f3:31:bd:76:28:ef:5d:f8:93:62:90:bc:61:8f:e5:
         2d:45:3b:b8:47:a2:56:d4:db:c2:ec:57:26:ea:dd:a6:d5:cf:
         bb:a2:c4:c1:df:a8:28:5c:d9:1b:59:66:dd:1d:cf:a6:0c:a3:
         b2:ab:4b:d3:6a:1c:43:9c:0d:5f:97:80:6a:63:ed:d3:4f:4a:
         26:d3:b1:e2:7d:22:5c:9d:c5:fa:a9:36:09:fe:a1:f3:0c:c2:
         c3:ef:40:23
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIURtfbgBmJJMc3NqFuSfAedQNvbPcwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDgwMFoX
DTI3MDMwMzA2MTMwMFowMzExMC8GA1UEAxMoODhFNkMxQUMxQTZFN0FERDI2NDFE
Q0EwRjU4RUZGNzFGMTU2RTUzNTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOvzHZWt0IaxY3aJXJnFXJL1ef6YBNfulRpA1z7kO8dAoEOyxR2kV9YmAvg5
luF0iOejQ88v6d+VQkthzEbKfg7V1wDTqvOnlB4yv+mN1EFyo+m0l81i7M9teM06
PKT03n5LC7h8RlmlUw/W4kcZ1Eak21ZWqSnRqhzR10k3SmeHQ8oB21oVgDXHF8nU
WmGc8eCg8ea27/pigrXZixaLrRqq7pW05WAp0TSEKbE120UfyUHdMOvk9bW9T1mf
W7rgdengv2Yx1p0uqLAE3x7rIIKqa878VbCvETakF3oqBTN5kZaBnr910FnlcGn6
fvKAYv5SzSbBjXOHGMReT3fm6s0CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBSI5sGs
Gm563SZB3KD1jv9x8VblNTAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDAzMC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
pWQwDQYJKoZIhvcNAQELBQADggEBALHNit7o6d4ie1QMqCjfSQliPTnlnpXYIdeJ
/iCROxW7C/fLVkgAOzkK+ml4rNSsQCMd1RwWnVSO4GIua8eGgZZkYQMeuD6dxfly
itaw/v92AWSSKZpK08mhOeKDmHAq7BznEY28snxagI+Qmfkuq6QUO6jQ4M6kebfj
b9uxuRcLLYnMf3ap/CahInOaph6JJ7lnYw5AKPQjwsBXoedOgrt8CcOGrPMxvXYo
7134k2KQvGGP5S1FO7hHolbU28LsVybq3abVz7uixMHfqChc2RtZZt0dz6YMo7Kr
S9NqHEOcDV+XgGpj7dNPSibTseJ9IlydxfqpNgn+ofMMwsPvQCM=
-----END CERTIFICATE-----