Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144048.roa
File:                     AS144048.roa (raw, json)
Hash identifier:          AwuvEo7z+DgYLHbcivHCXnZ0DDM9qEetkfA2o3Nq1LM=
Subject key identifier:   7F:A4:B6:07:21:4E:3A:48:EC:28:43:8C:D0:96:C2:9C:4A:E3:87:E2
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       57C1CA5812DDEE204F44BFB7CDAF47D6BA7DEBDE
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144048.roa
Signing time:             Wed 04 Mar 2026 06:14:25 +0000
ROA not before:           Wed 04 Mar 2026 06:09:25 +0000
ROA not after:            Wed 03 Mar 2027 06:14:25 +0000
asID:                     144048
IP address blocks:        240a:a576::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            57:c1:ca:58:12:dd:ee:20:4f:44:bf:b7:cd:af:47:d6:ba:7d:eb:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:09:25 2026 GMT
            Not After : Mar  3 06:14:25 2027 GMT
        Subject: CN=7FA4B607214E3A48EC28438CD096C29C4AE387E2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:80:a7:c0:e9:15:69:e3:f3:12:f3:cc:8a:85:
                    3a:0b:0b:fc:6b:c4:2f:ea:64:25:7d:1b:0c:af:62:
                    53:38:3c:d1:82:cd:c7:7a:84:cd:d7:c4:ae:cc:e2:
                    0f:5d:f6:ec:89:99:02:18:72:f7:23:14:0d:5c:5b:
                    db:79:af:ee:dd:44:08:35:62:50:93:6c:76:48:86:
                    44:47:91:33:e0:02:8f:67:f4:7b:80:d4:06:56:9b:
                    66:2b:37:e6:8b:af:a2:a7:e7:51:04:9b:ea:d5:15:
                    4f:54:29:9c:c3:76:f4:be:0b:d5:1d:f4:38:5b:51:
                    65:ee:a7:4a:f3:8e:4f:ae:7b:74:6c:75:a1:1b:41:
                    2e:cb:f9:73:c4:d5:52:8a:db:05:c5:8b:a2:ca:9f:
                    ea:d3:33:c1:f1:80:e6:54:2a:39:81:58:8f:48:53:
                    13:cb:20:2d:fa:3c:f0:63:ce:ba:49:ee:b5:f9:17:
                    6c:54:0b:7f:9b:17:65:0e:2c:97:b1:18:80:fd:c9:
                    e7:60:c0:80:6c:6c:ee:fe:f9:78:96:52:2e:ae:2c:
                    0f:8a:f2:d7:99:90:e3:a3:c0:95:8a:97:25:15:e6:
                    46:b5:9c:b4:cb:16:98:23:a3:34:14:71:88:ec:b6:
                    0f:2a:27:d9:9b:89:5f:b9:aa:69:bf:c2:05:65:37:
                    f9:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:A4:B6:07:21:4E:3A:48:EC:28:43:8C:D0:96:C2:9C:4A:E3:87:E2
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144048.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a576::/32

    Signature Algorithm: sha256WithRSAEncryption
         56:d0:de:4a:88:3b:26:16:b4:db:e4:e0:57:df:2a:37:85:8b:
         90:07:48:2a:bf:b4:5e:c8:22:c3:8c:4f:7a:cb:67:d7:fb:88:
         9e:84:5f:f2:dd:03:c8:45:ca:bf:c4:09:bb:40:35:7d:d0:4b:
         0c:b3:12:61:ae:6a:ff:ea:8e:66:51:7f:7f:da:80:9e:24:a7:
         e2:bb:e9:29:5c:01:a4:43:ca:fc:61:95:8b:a4:2c:7a:61:7f:
         c6:63:24:8f:af:fa:f0:4b:f6:77:0d:2e:81:23:da:6f:0d:77:
         89:3d:a0:9b:96:d6:28:ce:09:56:75:4d:c5:99:43:b4:cb:fa:
         b5:a8:d7:4c:00:d7:17:1c:63:e5:cc:eb:3e:26:f5:1f:f3:e7:
         a9:9b:0f:6c:25:1a:d0:9b:9b:60:20:63:0a:e8:55:2f:d1:4f:
         12:29:42:26:0b:fc:7e:0d:71:00:76:ac:3a:de:ea:f5:04:df:
         20:e3:6e:f5:5c:c4:3b:a5:a6:50:d8:62:62:39:68:3a:ce:48:
         78:a5:af:83:16:40:4d:ef:ad:6a:d9:55:03:98:03:88:39:c2:
         e1:e9:ac:b2:a7:99:c1:6c:72:8e:87:38:e0:79:22:aa:4c:41:
         7c:16:a4:3b:9f:21:e5:02:ad:56:80:04:d0:2b:1c:29:10:4f:
         df:a5:1f:1b
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUV8HKWBLd7iBPRL+3za9H1rp9694wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDkyNVoX
DTI3MDMwMzA2MTQyNVowMzExMC8GA1UEAxMoN0ZBNEI2MDcyMTRFM0E0OEVDMjg0
MzhDRDA5NkMyOUM0QUUzODdFMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK6Ap8DpFWnj8xLzzIqFOgsL/GvEL+pkJX0bDK9iUzg80YLNx3qEzdfErszi
D1327ImZAhhy9yMUDVxb23mv7t1ECDViUJNsdkiGREeRM+ACj2f0e4DUBlabZis3
5ouvoqfnUQSb6tUVT1QpnMN29L4L1R30OFtRZe6nSvOOT657dGx1oRtBLsv5c8TV
UorbBcWLosqf6tMzwfGA5lQqOYFYj0hTE8sgLfo88GPOuknutfkXbFQLf5sXZQ4s
l7EYgP3J52DAgGxs7v75eJZSLq4sD4ry15mQ46PAlYqXJRXmRrWctMsWmCOjNBRx
iOy2Dyon2ZuJX7mqab/CBWU3+SMCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBR/pLYH
IU46SOwoQ4zQlsKcSuOH4jAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDA0OC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
pXYwDQYJKoZIhvcNAQELBQADggEBAFbQ3kqIOyYWtNvk4FffKjeFi5AHSCq/tF7I
IsOMT3rLZ9f7iJ6EX/LdA8hFyr/ECbtANX3QSwyzEmGuav/qjmZRf3/agJ4kp+K7
6SlcAaRDyvxhlYukLHphf8ZjJI+v+vBL9ncNLoEj2m8Nd4k9oJuW1ijOCVZ1TcWZ
Q7TL+rWo10wA1xccY+XM6z4m9R/z56mbD2wlGtCbm2AgYwroVS/RTxIpQiYL/H4N
cQB2rDre6vUE3yDjbvVcxDulplDYYmI5aDrOSHilr4MWQE3vrWrZVQOYA4g5wuHp
rLKnmcFsco6HOOB5IqpMQXwWpDufIeUCrVaABNArHCkQT9+lHxs=
-----END CERTIFICATE-----