Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144070.roa
File:                     AS144070.roa (raw, json)
Hash identifier:          QhpSICCy1gTuTvoUVVjyG/lIaJtjcC8Jip/OLwPwZZc=
Subject key identifier:   00:6C:4A:8F:62:41:EC:32:40:10:F2:B6:28:DD:B9:6A:DA:45:F3:B2
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       7E3D27370017D15D7A7F0B623440EDE15293BE17
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144070.roa
Signing time:             Wed 04 Mar 2026 06:12:43 +0000
ROA not before:           Wed 04 Mar 2026 06:07:43 +0000
ROA not after:            Wed 03 Mar 2027 06:12:43 +0000
asID:                     144070
IP address blocks:        240a:a58c::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7e:3d:27:37:00:17:d1:5d:7a:7f:0b:62:34:40:ed:e1:52:93:be:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:07:43 2026 GMT
            Not After : Mar  3 06:12:43 2027 GMT
        Subject: CN=006C4A8F6241EC324010F2B628DDB96ADA45F3B2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:82:0f:a5:92:15:c5:7f:ef:9d:af:5a:2d:ec:
                    12:a8:f5:dd:85:83:13:a5:a9:53:ce:cf:93:c4:54:
                    80:f4:f6:32:e6:41:42:92:6c:a1:13:83:a2:49:4a:
                    21:d7:4d:9e:86:34:46:8a:f9:c4:6e:32:e7:26:50:
                    07:b7:82:82:84:1e:32:6c:2d:42:f0:6d:9f:d7:03:
                    37:fd:d2:9f:eb:15:ce:20:f2:42:d1:09:8e:b7:9e:
                    3c:33:95:b3:06:be:65:5f:53:30:a9:e3:7f:c3:72:
                    e3:85:03:b2:e4:51:ed:4f:42:c6:cc:98:4c:60:32:
                    fc:fe:41:fb:0f:9a:7f:d5:27:c1:25:c5:2c:de:62:
                    84:1e:52:fe:3a:58:be:a6:6e:5e:f2:93:d1:49:46:
                    1c:88:03:3a:4f:f3:bf:d6:66:9f:12:32:71:bd:7e:
                    4f:88:41:f3:5f:1d:30:92:05:ef:d6:d9:c5:76:5e:
                    1d:3e:bd:4b:ed:e3:99:ba:9c:e9:22:6a:37:f4:cf:
                    ec:da:e8:15:46:60:df:c5:e3:c8:ef:8c:68:ee:09:
                    4b:7a:7b:7e:04:09:31:bd:3e:19:51:9f:32:cc:21:
                    d2:70:c4:c9:b1:12:fa:80:8a:48:5c:78:55:73:73:
                    fd:ed:6f:6b:b5:c8:c3:e2:39:1f:d1:00:3d:ab:8e:
                    c6:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:6C:4A:8F:62:41:EC:32:40:10:F2:B6:28:DD:B9:6A:DA:45:F3:B2
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144070.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a58c::/32

    Signature Algorithm: sha256WithRSAEncryption
         04:da:a5:01:74:18:12:67:30:b2:49:54:ec:22:6d:ee:8e:79:
         f7:74:9f:a0:9b:cc:49:3c:c1:f4:27:5a:e1:65:64:9b:82:23:
         cc:b4:1b:94:e0:f7:ef:d8:1b:f9:38:14:47:b6:39:02:18:e1:
         c8:83:5f:77:98:b3:ad:c2:04:4a:fe:4f:ba:f0:13:0d:ec:61:
         ed:65:3e:1c:e8:a2:ee:d2:7c:45:86:12:ca:9d:ab:6b:8e:a0:
         77:df:07:61:55:b2:55:39:10:34:2b:f3:33:e5:2f:24:ae:a1:
         5f:2c:cb:34:12:b6:5d:a8:52:57:9e:70:01:43:e1:b4:b4:e6:
         8a:75:e7:1a:6c:6e:86:69:71:2f:ea:82:d0:32:02:5d:bc:c7:
         fb:ed:18:5d:d9:57:b9:ef:09:ec:66:71:ed:3c:ac:bd:ca:c2:
         6f:d4:61:6d:56:3d:bb:eb:a9:03:00:9a:75:6f:52:62:eb:01:
         b5:51:5b:41:e3:ee:59:44:31:ea:1e:bb:80:6e:96:5c:29:42:
         e9:b3:ce:cd:6f:d0:12:40:e3:81:7b:e0:9a:4f:ca:ed:64:d3:
         3d:fe:be:7d:63:91:ae:06:96:92:ff:9f:71:d7:99:19:48:c9:
         46:75:ef:8e:d2:cc:66:c4:94:a9:d3:ad:77:b8:20:13:0b:b4:
         71:ed:17:4a
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUfj0nNwAX0V16fwtiNEDt4VKTvhcwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDc0M1oX
DTI3MDMwMzA2MTI0M1owMzExMC8GA1UEAxMoMDA2QzRBOEY2MjQxRUMzMjQwMTBG
MkI2MjhEREI5NkFEQTQ1RjNCMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMmCD6WSFcV/752vWi3sEqj13YWDE6WpU87Pk8RUgPT2MuZBQpJsoRODoklK
IddNnoY0Ror5xG4y5yZQB7eCgoQeMmwtQvBtn9cDN/3Sn+sVziDyQtEJjreePDOV
swa+ZV9TMKnjf8Ny44UDsuRR7U9CxsyYTGAy/P5B+w+af9UnwSXFLN5ihB5S/jpY
vqZuXvKT0UlGHIgDOk/zv9ZmnxIycb1+T4hB818dMJIF79bZxXZeHT69S+3jmbqc
6SJqN/TP7NroFUZg38XjyO+MaO4JS3p7fgQJMb0+GVGfMswh0nDEybES+oCKSFx4
VXNz/e1va7XIw+I5H9EAPauOxgcCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQAbEqP
YkHsMkAQ8rYo3blq2kXzsjAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDA3MC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
pYwwDQYJKoZIhvcNAQELBQADggEBAATapQF0GBJnMLJJVOwibe6Oefd0n6CbzEk8
wfQnWuFlZJuCI8y0G5Tg9+/YG/k4FEe2OQIY4ciDX3eYs63CBEr+T7rwEw3sYe1l
Phzoou7SfEWGEsqdq2uOoHffB2FVslU5EDQr8zPlLySuoV8syzQStl2oUleecAFD
4bS05op15xpsboZpcS/qgtAyAl28x/vtGF3ZV7nvCexmce08rL3Kwm/UYW1WPbvr
qQMAmnVvUmLrAbVRW0Hj7llEMeoeu4BullwpQumzzs1v0BJA44F74JpPyu1k0z3+
vn1jka4GlpL/n3HXmRlIyUZ1747SzGbElKnTrXe4IBMLtHHtF0o=
-----END CERTIFICATE-----