Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144055.roa
File:                     AS144055.roa (raw, json)
Hash identifier:          CLaGhGqYDRict6Kjej2fOUy5f/ZgRhCBFMl1iesikIQ=
Subject key identifier:   28:DE:9B:4A:DC:E0:4F:49:7B:1A:6A:70:59:7F:F7:C0:22:EC:B2:66
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       37667D77C1212E1E6F9321024825545ED217ECA8
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144055.roa
Signing time:             Wed 04 Mar 2026 06:14:38 +0000
ROA not before:           Wed 04 Mar 2026 06:09:38 +0000
ROA not after:            Wed 03 Mar 2027 06:14:38 +0000
asID:                     144055
IP address blocks:        240a:a57d::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:66:7d:77:c1:21:2e:1e:6f:93:21:02:48:25:54:5e:d2:17:ec:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:09:38 2026 GMT
            Not After : Mar  3 06:14:38 2027 GMT
        Subject: CN=28DE9B4ADCE04F497B1A6A70597FF7C022ECB266
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:3e:8d:e1:1d:8e:c3:bb:55:ad:9c:20:9f:14:
                    9e:d1:de:80:28:2f:ad:79:91:e2:ac:07:60:93:73:
                    71:79:56:a9:23:8c:9e:aa:e1:ab:b6:ed:24:23:08:
                    84:22:53:fe:84:56:fc:60:af:1d:75:60:5c:5d:d8:
                    bf:1e:77:0d:e7:29:b7:bb:73:53:2b:a1:de:bc:a8:
                    eb:88:97:37:97:cd:0c:73:dc:e7:ba:e0:33:0b:2c:
                    69:17:97:3a:4b:4c:10:d6:a3:b4:97:be:2e:fb:98:
                    22:57:9e:15:5b:3f:30:55:fe:05:fa:e3:85:09:5d:
                    c1:f9:8a:5e:5d:26:c0:7f:15:0a:94:fd:e3:c2:01:
                    43:dd:b4:32:f8:45:65:69:cb:94:e6:81:01:8d:21:
                    8f:f6:6e:7e:c7:fe:8a:d7:da:c9:3a:5c:79:fa:74:
                    1e:cb:d0:a6:8f:ac:7f:ee:e3:b4:66:13:72:5e:e6:
                    82:61:bf:5a:ab:d9:20:99:33:88:a4:f4:a5:64:9b:
                    ed:15:c4:57:91:16:47:1c:41:f9:5d:85:ce:f0:c5:
                    9e:5a:a8:66:3a:41:2c:84:ee:4b:68:20:38:11:cc:
                    cf:d4:49:7c:ee:63:68:57:c2:92:e2:89:d0:cc:3b:
                    20:67:bf:75:06:99:7e:14:c7:7b:e0:5e:72:ee:a5:
                    ec:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:DE:9B:4A:DC:E0:4F:49:7B:1A:6A:70:59:7F:F7:C0:22:EC:B2:66
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144055.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a57d::/32

    Signature Algorithm: sha256WithRSAEncryption
         5e:fb:c3:6f:60:55:69:03:03:e0:11:cc:92:6c:e8:9f:78:7e:
         3a:31:f0:88:88:21:2a:a3:e4:31:7f:d1:3d:ff:2d:91:9f:f4:
         cd:1b:6a:93:8f:2f:8f:12:aa:3c:95:58:26:74:a2:ec:2b:54:
         05:d3:60:41:0e:7f:9a:b8:a4:97:90:a2:03:bf:73:d5:b0:7c:
         16:39:b2:42:33:e8:ba:5b:29:39:c8:c1:22:1c:6f:24:0d:7a:
         f2:31:15:b5:49:4b:3f:51:ce:19:06:9a:de:64:36:81:d9:67:
         6c:af:73:88:61:db:0a:3e:d5:6c:aa:85:67:36:98:b1:35:a2:
         5d:4b:de:ac:34:a0:de:f5:f5:5f:92:2c:ba:8f:ea:a5:20:f1:
         b3:27:ca:d7:9c:a2:84:68:80:29:e1:0c:25:1c:4c:58:84:84:
         16:63:35:91:5f:5c:cd:07:92:d3:63:3a:29:82:bb:64:12:6e:
         e6:62:c9:bd:3f:37:c1:b0:b4:2b:06:49:e7:43:76:e8:9c:b8:
         4a:9b:0a:b2:79:9b:2d:85:4c:f0:3f:de:e5:a5:79:a1:ef:c9:
         c6:21:dc:4a:7d:ce:6b:2e:7b:2c:86:bc:5c:0b:f7:9a:82:e6:
         27:d6:02:82:cf:92:0b:25:65:e5:d8:62:d2:57:93:5b:79:84:
         a5:a5:22:05
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUN2Z9d8EhLh5vkyECSCVUXtIX7KgwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDkzOFoX
DTI3MDMwMzA2MTQzOFowMzExMC8GA1UEAxMoMjhERTlCNEFEQ0UwNEY0OTdCMUE2
QTcwNTk3RkY3QzAyMkVDQjI2NjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMk+jeEdjsO7Va2cIJ8UntHegCgvrXmR4qwHYJNzcXlWqSOMnqrhq7btJCMI
hCJT/oRW/GCvHXVgXF3Yvx53Decpt7tzUyuh3ryo64iXN5fNDHPc57rgMwssaReX
OktMENajtJe+LvuYIleeFVs/MFX+BfrjhQldwfmKXl0mwH8VCpT948IBQ920MvhF
ZWnLlOaBAY0hj/Zufsf+itfayTpcefp0HsvQpo+sf+7jtGYTcl7mgmG/WqvZIJkz
iKT0pWSb7RXEV5EWRxxB+V2FzvDFnlqoZjpBLITuS2ggOBHMz9RJfO5jaFfCkuKJ
0Mw7IGe/dQaZfhTHe+Becu6l7JsCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQo3ptK
3OBPSXsaanBZf/fAIuyyZjAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDA1NS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
pX0wDQYJKoZIhvcNAQELBQADggEBAF77w29gVWkDA+ARzJJs6J94fjox8IiIISqj
5DF/0T3/LZGf9M0bapOPL48SqjyVWCZ0ouwrVAXTYEEOf5q4pJeQogO/c9WwfBY5
skIz6LpbKTnIwSIcbyQNevIxFbVJSz9RzhkGmt5kNoHZZ2yvc4hh2wo+1WyqhWc2
mLE1ol1L3qw0oN719V+SLLqP6qUg8bMnytecooRogCnhDCUcTFiEhBZjNZFfXM0H
ktNjOimCu2QSbuZiyb0/N8GwtCsGSedDduicuEqbCrJ5my2FTPA/3uWleaHvycYh
3Ep9zmsueyyGvFwL95qC5ifWAoLPkgslZeXYYtJXk1t5hKWlIgU=
-----END CERTIFICATE-----