Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144041.roa
File:                     AS144041.roa (raw, json)
Hash identifier:          ZdH7qy+pykoKXUyaGA8v6hHaPEasIhf58yOhPnQdKfA=
Subject key identifier:   1F:FF:5E:FD:4A:43:7D:16:CE:BB:0E:09:03:89:D0:6D:3D:70:DB:0A
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       6D5F629325D184C2BA124AAFF38D6D975C9DE144
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144041.roa
Signing time:             Wed 04 Mar 2026 06:12:45 +0000
ROA not before:           Wed 04 Mar 2026 06:07:45 +0000
ROA not after:            Wed 03 Mar 2027 06:12:45 +0000
asID:                     144041
IP address blocks:        240a:a56f::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6d:5f:62:93:25:d1:84:c2:ba:12:4a:af:f3:8d:6d:97:5c:9d:e1:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:07:45 2026 GMT
            Not After : Mar  3 06:12:45 2027 GMT
        Subject: CN=1FFF5EFD4A437D16CEBB0E090389D06D3D70DB0A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:c1:33:6f:88:69:f1:bf:1f:a4:2e:f1:af:ef:
                    c4:eb:ba:1f:81:48:b7:97:31:12:d9:d1:25:b8:2c:
                    5a:20:28:3e:59:d2:ed:f8:52:97:04:c8:75:d9:99:
                    e8:18:46:3d:73:41:a0:7c:e1:d3:a1:91:d5:63:31:
                    25:cb:68:1c:70:08:82:a1:f9:0c:43:25:65:29:ae:
                    30:25:f7:6a:72:3b:f1:a0:76:7f:5e:17:23:47:3b:
                    1b:72:06:28:e8:72:8a:df:76:ae:03:a5:c9:3e:a1:
                    0f:34:30:71:74:45:f1:15:09:45:51:81:46:f9:ca:
                    c9:d8:1b:99:c8:51:66:d3:8c:8d:24:cd:8c:a9:33:
                    24:25:0a:2a:41:77:75:33:e0:e2:b6:5a:b5:0c:b6:
                    c0:78:51:b3:78:aa:c7:7c:96:ce:25:1d:0e:8c:26:
                    15:f0:0d:f0:bc:75:28:4d:71:2b:67:23:5d:67:12:
                    16:cc:e3:22:45:c3:9a:91:59:69:bf:df:7d:0b:d6:
                    92:49:a8:81:32:b5:e4:10:a6:f4:a2:5a:92:d5:a0:
                    1e:1b:9e:9a:86:b3:62:bb:1a:f1:44:af:c6:46:76:
                    62:ee:63:37:94:f9:02:f9:82:e3:c4:23:37:cd:0d:
                    cc:67:ff:3a:80:cf:ac:87:36:93:d3:85:f4:e3:6a:
                    91:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:FF:5E:FD:4A:43:7D:16:CE:BB:0E:09:03:89:D0:6D:3D:70:DB:0A
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144041.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a56f::/32

    Signature Algorithm: sha256WithRSAEncryption
         96:51:5a:75:c1:e0:1a:45:47:44:7c:c4:ac:60:52:83:02:22:
         0c:eb:06:e1:bc:6f:c5:a1:d4:f8:2f:4b:26:50:ed:99:a4:a0:
         d9:f2:46:5e:d9:4a:c8:ae:da:e4:79:7b:74:5d:a6:b9:99:1b:
         b9:ea:e7:27:d8:34:34:48:df:7c:ac:14:4b:53:87:3a:0d:c7:
         de:c1:bd:9c:76:71:63:05:ef:69:2b:6e:be:01:b9:ec:4f:04:
         30:bc:8b:41:b4:9f:13:dc:18:0c:f1:3f:d2:a2:98:cf:41:3d:
         0c:0b:01:d6:15:95:23:67:6d:e5:74:a1:6d:6d:2d:16:67:d5:
         55:27:03:63:0b:e1:de:a8:eb:d3:c8:86:3e:41:79:d1:ae:1e:
         8e:9b:62:55:96:50:1d:08:68:7f:88:da:1b:91:90:23:8a:af:
         61:50:40:3f:c2:40:24:ce:32:d3:b5:0e:f2:43:ff:14:94:d3:
         dd:08:b1:cf:c3:88:8e:dc:5c:f5:1a:a2:f4:01:83:81:2a:96:
         bf:e9:b5:80:a7:af:11:5e:4a:a2:4f:b9:b4:48:9d:b8:05:59:
         aa:85:c9:89:05:85:d9:31:85:e8:de:d0:a6:cf:05:2a:63:f1:
         98:7d:ee:39:86:6a:5d:69:59:e3:37:25:28:66:96:a3:c2:a4:
         30:fe:c5:02
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUbV9ikyXRhMK6Ekqv841tl1yd4UQwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDc0NVoX
DTI3MDMwMzA2MTI0NVowMzExMC8GA1UEAxMoMUZGRjVFRkQ0QTQzN0QxNkNFQkIw
RTA5MDM4OUQwNkQzRDcwREIwQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJvBM2+IafG/H6Qu8a/vxOu6H4FIt5cxEtnRJbgsWiAoPlnS7fhSlwTIddmZ
6BhGPXNBoHzh06GR1WMxJctoHHAIgqH5DEMlZSmuMCX3anI78aB2f14XI0c7G3IG
KOhyit92rgOlyT6hDzQwcXRF8RUJRVGBRvnKydgbmchRZtOMjSTNjKkzJCUKKkF3
dTPg4rZatQy2wHhRs3iqx3yWziUdDowmFfAN8Lx1KE1xK2cjXWcSFszjIkXDmpFZ
ab/ffQvWkkmogTK15BCm9KJaktWgHhuemoazYrsa8USvxkZ2Yu5jN5T5AvmC48Qj
N80NzGf/OoDPrIc2k9OF9ONqkTcCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQf/179
SkN9Fs67DgkDidBtPXDbCjAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDA0MS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
pW8wDQYJKoZIhvcNAQELBQADggEBAJZRWnXB4BpFR0R8xKxgUoMCIgzrBuG8b8Wh
1PgvSyZQ7ZmkoNnyRl7ZSsiu2uR5e3RdprmZG7nq5yfYNDRI33ysFEtThzoNx97B
vZx2cWMF72krbr4BuexPBDC8i0G0nxPcGAzxP9KimM9BPQwLAdYVlSNnbeV0oW1t
LRZn1VUnA2ML4d6o69PIhj5BedGuHo6bYlWWUB0IaH+I2huRkCOKr2FQQD/CQCTO
MtO1DvJD/xSU090Isc/DiI7cXPUaovQBg4Eqlr/ptYCnrxFeSqJPubRInbgFWaqF
yYkFhdkxheje0KbPBSpj8Zh97jmGal1pWeM3JShmlqPCpDD+xQI=
-----END CERTIFICATE-----