Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144081.roa
File:                     AS144081.roa (raw, json)
Hash identifier:          cc1Dp7a2yBQj+DXBB0O383kuzur9XLxOppL83KgFQzw=
Subject key identifier:   68:18:AB:B3:B4:AB:80:E8:A7:E8:76:E0:4D:FC:35:0C:13:DD:7E:B5
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       2644923A42238B44728E49B95EE1444C9AE2352E
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144081.roa
Signing time:             Wed 04 Mar 2026 06:15:09 +0000
ROA not before:           Wed 04 Mar 2026 06:10:09 +0000
ROA not after:            Wed 03 Mar 2027 06:15:09 +0000
asID:                     144081
IP address blocks:        240a:a597::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            26:44:92:3a:42:23:8b:44:72:8e:49:b9:5e:e1:44:4c:9a:e2:35:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:10:09 2026 GMT
            Not After : Mar  3 06:15:09 2027 GMT
        Subject: CN=6818ABB3B4AB80E8A7E876E04DFC350C13DD7EB5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:b8:65:3e:0c:a5:b6:f1:2a:90:d7:03:27:77:
                    f1:f2:78:97:a1:51:29:c2:34:1e:f7:df:de:36:f7:
                    82:70:7b:b8:49:95:7c:d5:30:29:20:37:c9:7e:fd:
                    a9:eb:80:a9:3e:02:6c:21:c1:5b:c3:53:6d:4d:c5:
                    85:4e:28:a0:d2:cc:a2:90:40:5d:e2:37:82:aa:9e:
                    35:9f:2b:0f:dd:2a:28:3c:e6:e4:ff:fb:45:ee:88:
                    6c:08:c2:f0:f1:fc:8f:3b:71:95:21:87:cd:83:9d:
                    96:67:64:70:17:22:06:43:63:9c:63:23:09:6b:f7:
                    5d:8e:91:85:f1:fb:a3:98:6c:2a:ea:a4:4d:5c:58:
                    42:3b:13:26:97:9e:1d:de:e3:52:f5:3b:47:7e:85:
                    70:6a:de:12:d2:b3:be:03:29:68:09:5a:be:ef:09:
                    94:0c:44:0d:ca:00:af:a1:d3:84:a4:fc:a4:dc:e7:
                    70:4b:7b:17:28:8f:fe:68:06:aa:b4:0b:19:cb:45:
                    db:da:f7:60:fc:fe:d4:6b:8f:eb:9e:c5:92:82:4a:
                    0f:c1:8e:0c:d6:75:16:4e:89:1e:a9:63:92:01:f1:
                    38:d9:72:09:15:2c:c6:b7:18:4d:22:ce:ba:8e:9c:
                    f0:88:76:7d:d3:99:75:d0:d3:69:40:37:e9:90:72:
                    d9:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:18:AB:B3:B4:AB:80:E8:A7:E8:76:E0:4D:FC:35:0C:13:DD:7E:B5
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144081.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a597::/32

    Signature Algorithm: sha256WithRSAEncryption
         3d:20:f9:45:0b:cc:27:16:9d:07:ea:ab:62:4b:73:f1:c2:e3:
         86:a0:f6:64:e6:e4:c0:55:cc:ee:94:fb:e3:45:de:38:6b:ae:
         1d:30:36:e5:7d:d4:d8:5e:7b:0a:e3:de:72:c9:bb:4a:32:b6:
         ec:08:b2:18:66:df:a7:89:c2:1d:82:47:36:5e:45:3d:ab:cb:
         42:b9:7e:0d:d4:cf:83:65:6c:6c:86:4d:85:fd:2c:8d:15:5d:
         b0:da:0f:10:9b:09:92:2a:7f:77:71:30:bb:35:cc:e4:34:fc:
         d2:8f:ac:5e:3b:c0:ba:da:c9:33:a6:fb:cb:ad:34:57:67:fa:
         29:42:88:ea:0d:e1:72:b7:12:5f:11:bb:e7:2e:e5:ab:42:5e:
         d4:f9:d5:46:72:c5:32:1b:00:cf:5a:82:e5:6f:d9:fd:27:0a:
         75:b3:d0:2e:66:ab:f3:de:fe:f0:1b:ca:6c:f4:3f:cb:37:ce:
         a9:6e:ac:27:22:22:3a:38:c5:aa:5c:3f:9a:4e:a0:bd:98:4b:
         97:0a:f9:96:0d:87:77:2f:72:20:8d:68:6e:6c:59:09:51:72:
         0d:f7:07:4d:52:d6:f0:35:1f:3e:61:3c:9c:3a:29:0b:c5:02:
         2d:e8:14:25:fe:27:cd:fc:f1:69:33:32:59:4b:a2:97:74:c4:
         2c:2b:78:9e
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUJkSSOkIji0Ryjkm5XuFETJriNS4wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTAwOVoX
DTI3MDMwMzA2MTUwOVowMzExMC8GA1UEAxMoNjgxOEFCQjNCNEFCODBFOEE3RTg3
NkUwNERGQzM1MEMxM0REN0VCNTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAIy4ZT4MpbbxKpDXAyd38fJ4l6FRKcI0Hvff3jb3gnB7uEmVfNUwKSA3yX79
qeuAqT4CbCHBW8NTbU3FhU4ooNLMopBAXeI3gqqeNZ8rD90qKDzm5P/7Re6IbAjC
8PH8jztxlSGHzYOdlmdkcBciBkNjnGMjCWv3XY6RhfH7o5hsKuqkTVxYQjsTJpee
Hd7jUvU7R36FcGreEtKzvgMpaAlavu8JlAxEDcoAr6HThKT8pNzncEt7FyiP/mgG
qrQLGctF29r3YPz+1GuP657FkoJKD8GODNZ1Fk6JHqljkgHxONlyCRUsxrcYTSLO
uo6c8Ih2fdOZddDTaUA36ZBy2bECAwEAAaOCAcUwggHBMB0GA1UdDgQWBBRoGKuz
tKuA6KfoduBN/DUME91+tTAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDA4MS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
pZcwDQYJKoZIhvcNAQELBQADggEBAD0g+UULzCcWnQfqq2JLc/HC44ag9mTm5MBV
zO6U++NF3jhrrh0wNuV91Nheewrj3nLJu0oytuwIshhm36eJwh2CRzZeRT2ry0K5
fg3Uz4NlbGyGTYX9LI0VXbDaDxCbCZIqf3dxMLs1zOQ0/NKPrF47wLrayTOm+8ut
NFdn+ilCiOoN4XK3El8Ru+cu5atCXtT51UZyxTIbAM9aguVv2f0nCnWz0C5mq/Pe
/vAbymz0P8s3zqlurCciIjo4xapcP5pOoL2YS5cK+ZYNh3cvciCNaG5sWQlRcg33
B01S1vA1Hz5hPJw6KQvFAi3oFCX+J8388WkzMllLopd0xCwreJ4=
-----END CERTIFICATE-----