Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144031.roa
File:                     AS144031.roa (raw, json)
Hash identifier:          TTJH4oFzai/EwvQWeFLiDstYVRqSXh+7F1Jmgy6N/ao=
Subject key identifier:   24:8C:3B:43:55:8D:C8:AF:AF:02:F0:50:98:9F:E5:65:58:D5:B0:FE
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       19A67A99ED3DAE41D6AD10299A3DABBC430066E4
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144031.roa
Signing time:             Wed 04 Mar 2026 06:13:35 +0000
ROA not before:           Wed 04 Mar 2026 06:08:35 +0000
ROA not after:            Wed 03 Mar 2027 06:13:35 +0000
asID:                     144031
IP address blocks:        240a:a565::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            19:a6:7a:99:ed:3d:ae:41:d6:ad:10:29:9a:3d:ab:bc:43:00:66:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:08:35 2026 GMT
            Not After : Mar  3 06:13:35 2027 GMT
        Subject: CN=248C3B43558DC8AFAF02F050989FE56558D5B0FE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:fa:f7:69:d6:f2:c6:de:eb:d5:d9:ba:8c:7e:
                    7b:f0:dd:55:85:7c:fc:3a:06:d9:8d:8c:c1:59:ab:
                    9a:24:f5:65:f3:37:ec:5e:fd:a3:8f:f7:c0:62:ec:
                    8e:32:a0:b5:6f:02:31:43:05:ee:91:8c:a8:3f:be:
                    fd:1f:e6:cd:7f:fc:1e:b5:f0:7b:98:ed:01:d2:ba:
                    b6:02:82:5e:e4:79:b3:7d:a0:e2:1d:8d:e4:c1:8b:
                    1c:1f:47:fc:08:32:30:fe:53:e4:f3:5a:27:b9:27:
                    73:37:57:5a:fd:3d:9c:62:07:3d:7d:4c:8b:7e:35:
                    64:bc:e5:ec:1e:96:b3:3b:1f:98:fc:15:d7:3b:4d:
                    8c:82:f3:92:d3:ea:03:65:58:07:ac:e6:dc:35:a0:
                    8f:86:40:be:cc:48:d4:88:f6:5b:ac:69:5e:39:b8:
                    90:4b:67:07:4d:67:2d:0f:61:78:1b:29:c6:6c:cf:
                    eb:3a:97:29:46:fb:07:a3:2a:2c:78:45:f6:86:b8:
                    cd:3b:51:2b:b3:fc:07:7a:0a:75:c6:27:52:a8:88:
                    5c:6d:7a:60:a1:1a:dd:9a:5f:73:c9:30:6e:7b:63:
                    a0:b1:b9:7b:99:c9:b7:1d:d6:b7:34:cd:e4:ce:7d:
                    dd:5a:24:79:69:46:11:8f:b0:c4:c1:99:a7:76:b3:
                    99:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:8C:3B:43:55:8D:C8:AF:AF:02:F0:50:98:9F:E5:65:58:D5:B0:FE
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144031.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a565::/32

    Signature Algorithm: sha256WithRSAEncryption
         67:1c:be:45:e0:ad:2d:5e:3c:f3:a0:02:ee:d2:31:d0:dc:3d:
         b7:2b:8e:15:a7:26:1d:bd:36:24:b5:f9:ab:c1:7e:6d:77:85:
         6c:fb:ca:3e:d2:5a:73:d2:74:34:33:33:7c:66:f8:19:87:19:
         eb:6f:76:77:c7:f7:f7:cb:78:39:37:9d:d9:91:a7:d1:c8:a7:
         8c:b2:fe:fd:a0:d9:40:7d:d3:ce:33:75:c8:37:5c:10:dd:20:
         08:47:b7:9f:11:f1:42:fe:96:9a:c3:6e:e3:26:61:47:ae:b7:
         b3:88:23:88:70:9d:11:49:84:b9:8e:0a:06:97:07:8a:93:b6:
         ef:4a:19:40:ab:31:db:39:87:9c:02:c1:09:58:ed:f7:92:02:
         ac:75:98:18:11:b6:e6:23:1e:2f:fb:cb:32:da:a4:81:6e:15:
         22:c8:fb:13:a6:bf:53:62:28:95:9b:ac:b8:e8:53:a8:e1:43:
         bc:b1:7d:a7:0b:68:25:83:a9:83:1e:e2:db:e8:0a:da:94:f4:
         e1:1b:8f:aa:d9:4d:25:79:93:fa:22:c3:49:a5:98:32:3f:01:
         46:c5:1f:17:bf:13:2e:6a:69:62:63:97:36:04:60:fb:f5:19:
         e8:41:7a:c0:17:b0:76:87:94:0a:24:4b:8d:6a:4f:86:32:23:
         d2:d2:71:5f
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUGaZ6me09rkHWrRApmj2rvEMAZuQwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDgzNVoX
DTI3MDMwMzA2MTMzNVowMzExMC8GA1UEAxMoMjQ4QzNCNDM1NThEQzhBRkFGMDJG
MDUwOTg5RkU1NjU1OEQ1QjBGRTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOP692nW8sbe69XZuox+e/DdVYV8/DoG2Y2MwVmrmiT1ZfM37F79o4/3wGLs
jjKgtW8CMUMF7pGMqD++/R/mzX/8HrXwe5jtAdK6tgKCXuR5s32g4h2N5MGLHB9H
/AgyMP5T5PNaJ7knczdXWv09nGIHPX1Mi341ZLzl7B6WszsfmPwV1ztNjILzktPq
A2VYB6zm3DWgj4ZAvsxI1Ij2W6xpXjm4kEtnB01nLQ9heBspxmzP6zqXKUb7B6Mq
LHhF9oa4zTtRK7P8B3oKdcYnUqiIXG16YKEa3Zpfc8kwbntjoLG5e5nJtx3WtzTN
5M593VokeWlGEY+wxMGZp3azmX0CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQkjDtD
VY3Ir68C8FCYn+VlWNWw/jAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDAzMS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
pWUwDQYJKoZIhvcNAQELBQADggEBAGccvkXgrS1ePPOgAu7SMdDcPbcrjhWnJh29
NiS1+avBfm13hWz7yj7SWnPSdDQzM3xm+BmHGetvdnfH9/fLeDk3ndmRp9HIp4yy
/v2g2UB9084zdcg3XBDdIAhHt58R8UL+lprDbuMmYUeut7OII4hwnRFJhLmOCgaX
B4qTtu9KGUCrMds5h5wCwQlY7feSAqx1mBgRtuYjHi/7yzLapIFuFSLI+xOmv1Ni
KJWbrLjoU6jhQ7yxfacLaCWDqYMe4tvoCtqU9OEbj6rZTSV5k/oiw0mlmDI/AUbF
Hxe/Ey5qaWJjlzYEYPv1GehBesAXsHaHlAokS41qT4YyI9LScV8=
-----END CERTIFICATE-----