Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144071.roa
File:                     AS144071.roa (raw, json)
Hash identifier:          WCzOAIDZcLVdRahOZD4A557MOgXQVuo9rH5qyXNTEcg=
Subject key identifier:   B7:38:BB:28:F6:87:70:BD:C7:A7:C5:15:73:F4:56:07:A9:9B:87:F9
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       2EC8C66F113DCC9775E2983485ADE325153909EF
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144071.roa
Signing time:             Wed 04 Mar 2026 06:12:49 +0000
ROA not before:           Wed 04 Mar 2026 06:07:49 +0000
ROA not after:            Wed 03 Mar 2027 06:12:49 +0000
asID:                     144071
IP address blocks:        240a:a58d::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2e:c8:c6:6f:11:3d:cc:97:75:e2:98:34:85:ad:e3:25:15:39:09:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:07:49 2026 GMT
            Not After : Mar  3 06:12:49 2027 GMT
        Subject: CN=B738BB28F68770BDC7A7C51573F45607A99B87F9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:bb:bc:02:7d:20:1e:dd:ab:12:c0:62:ef:38:
                    3c:fe:08:5a:5d:24:ee:e1:ca:01:79:40:0b:50:30:
                    9f:75:d7:11:9c:6e:63:61:3b:0a:bd:12:27:d5:f3:
                    0b:c8:7d:54:1d:a6:56:c8:32:9b:9d:63:ff:61:40:
                    77:c5:a9:f9:ad:c7:bc:8b:3f:fa:af:80:f5:d6:7f:
                    89:b8:ae:f8:7f:8a:6a:44:de:20:23:85:bb:5c:a0:
                    4b:7a:1a:4e:25:cc:22:d8:7c:86:49:48:70:65:f3:
                    07:8d:b0:0b:8f:8c:48:39:3d:14:92:fb:ab:02:57:
                    b0:f6:fc:51:c3:44:2d:1c:99:10:1c:8c:20:4d:1b:
                    ca:58:7c:dc:47:45:20:61:22:49:24:96:17:77:96:
                    15:f1:4b:d0:4a:42:de:d5:91:4f:4a:b4:1f:ae:82:
                    bb:3c:36:21:96:71:dd:e3:e3:c1:40:a2:4c:0d:55:
                    67:2e:78:02:16:d9:fa:c0:32:24:05:78:57:b9:9a:
                    18:28:f6:4d:d3:b0:98:e1:42:96:7c:b6:ad:38:f9:
                    ef:d7:a2:32:c1:ca:d0:96:b3:8b:7d:33:30:a8:a9:
                    a0:bd:65:e3:a2:1e:96:9b:aa:50:f3:e2:a4:32:4b:
                    47:45:80:68:92:bc:c2:bc:b1:2d:00:f6:c7:3d:67:
                    3a:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:38:BB:28:F6:87:70:BD:C7:A7:C5:15:73:F4:56:07:A9:9B:87:F9
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144071.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a58d::/32

    Signature Algorithm: sha256WithRSAEncryption
         47:5a:eb:ae:aa:1f:9d:72:79:77:0e:f3:e0:21:d9:74:eb:a8:
         7d:62:4f:e5:d2:90:90:a3:9c:1e:9d:fa:9a:eb:7c:b6:79:e1:
         9f:dd:4f:12:bf:e4:1d:68:4e:eb:58:89:a2:1f:d4:f7:18:00:
         e5:6e:04:19:d0:90:11:5d:5d:d2:40:0c:f5:9d:86:4c:df:66:
         07:d3:4b:7e:29:61:eb:9e:5f:8b:b5:b2:ea:88:09:de:ec:2c:
         cb:d7:9b:04:f3:a3:74:05:72:e1:6a:6b:25:fb:82:27:02:27:
         da:79:1d:87:10:95:bc:e2:34:01:4e:c5:78:2d:c7:5a:e6:63:
         b7:23:8a:bb:0d:1c:50:36:88:60:f6:13:de:9c:29:db:a3:e2:
         35:b3:e0:96:2e:b6:88:dd:52:41:0c:10:09:d5:2b:24:a8:0f:
         09:fa:7b:fa:36:67:35:1a:d1:7d:cb:55:2b:03:47:2f:20:9d:
         35:43:3c:ed:2b:51:e4:ed:29:27:12:d8:24:01:c6:bb:59:92:
         5e:a2:d6:e6:bf:05:10:58:15:29:96:f4:37:51:2a:f6:87:a0:
         a3:ce:09:3f:b9:72:7a:b0:ac:2b:c4:fd:4a:ef:6a:f4:f6:91:
         09:11:11:1c:f4:89:5f:e8:3b:50:c9:60:a8:80:ed:fb:cb:1f:
         e6:3b:90:4a
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIULsjGbxE9zJd14pg0ha3jJRU5Ce8wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDc0OVoX
DTI3MDMwMzA2MTI0OVowMzExMC8GA1UEAxMoQjczOEJCMjhGNjg3NzBCREM3QTdD
NTE1NzNGNDU2MDdBOTlCODdGOTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALy7vAJ9IB7dqxLAYu84PP4IWl0k7uHKAXlAC1Awn3XXEZxuY2E7Cr0SJ9Xz
C8h9VB2mVsgym51j/2FAd8Wp+a3HvIs/+q+A9dZ/ibiu+H+KakTeICOFu1ygS3oa
TiXMIth8hklIcGXzB42wC4+MSDk9FJL7qwJXsPb8UcNELRyZEByMIE0bylh83EdF
IGEiSSSWF3eWFfFL0EpC3tWRT0q0H66Cuzw2IZZx3ePjwUCiTA1VZy54AhbZ+sAy
JAV4V7maGCj2TdOwmOFClny2rTj579eiMsHK0Jazi30zMKipoL1l46IelpuqUPPi
pDJLR0WAaJK8wryxLQD2xz1nOtsCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBS3OLso
9odwvcenxRVz9FYHqZuH+TAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDA3MS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
pY0wDQYJKoZIhvcNAQELBQADggEBAEda666qH51yeXcO8+Ah2XTrqH1iT+XSkJCj
nB6d+prrfLZ54Z/dTxK/5B1oTutYiaIf1PcYAOVuBBnQkBFdXdJADPWdhkzfZgfT
S34pYeueX4u1suqICd7sLMvXmwTzo3QFcuFqayX7gicCJ9p5HYcQlbziNAFOxXgt
x1rmY7cjirsNHFA2iGD2E96cKduj4jWz4JYutojdUkEMEAnVKySoDwn6e/o2ZzUa
0X3LVSsDRy8gnTVDPO0rUeTtKScS2CQBxrtZkl6i1ua/BRBYFSmW9DdRKvaHoKPO
CT+5cnqwrCvE/UrvavT2kQkRERz0iV/oO1DJYKiA7fvLH+Y7kEo=
-----END CERTIFICATE-----