Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144085.roa
File:                     AS144085.roa (raw, json)
Hash identifier:          0T25RLF6aNWx8x0xZ+cHJxrrub69/qt+TDL6Za6JAyA=
Subject key identifier:   87:5E:CE:9D:C1:CE:66:94:45:D7:66:BD:EC:0B:2C:3D:F3:A9:C1:D5
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       371E6ED6F5EF110DA6163CC60D69A596E0D94B0C
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144085.roa
Signing time:             Wed 04 Mar 2026 06:12:58 +0000
ROA not before:           Wed 04 Mar 2026 06:07:58 +0000
ROA not after:            Wed 03 Mar 2027 06:12:58 +0000
asID:                     144085
IP address blocks:        240a:a59b::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:1e:6e:d6:f5:ef:11:0d:a6:16:3c:c6:0d:69:a5:96:e0:d9:4b:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:07:58 2026 GMT
            Not After : Mar  3 06:12:58 2027 GMT
        Subject: CN=875ECE9DC1CE669445D766BDEC0B2C3DF3A9C1D5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:36:03:3f:dc:a6:ec:cb:15:8e:2f:7f:ef:92:
                    1c:e6:66:bc:04:d1:63:29:ef:71:17:dd:f4:f1:6e:
                    4c:5b:2d:68:4f:1a:51:9d:0b:31:ae:0a:49:a7:77:
                    1e:c1:4a:13:7a:8d:a8:77:53:db:a3:a5:98:9e:1b:
                    12:a9:0f:b9:87:4e:50:42:64:ef:6e:26:05:1b:c0:
                    ca:54:4b:18:90:61:b9:eb:05:5d:31:8b:77:10:ce:
                    e9:39:24:d4:5d:2e:0e:90:8a:f9:9f:62:ff:1f:8f:
                    24:15:49:1a:dd:52:18:9f:cb:e4:20:ff:09:02:4f:
                    cd:ec:89:d8:a1:6b:99:59:02:ed:04:b6:dd:bd:96:
                    a2:31:ba:a5:22:f9:a7:17:2a:9b:31:71:0b:c4:ae:
                    c4:7b:c2:6a:7c:f9:7a:ca:8e:89:10:3c:1f:8e:52:
                    d5:b2:59:05:1a:65:54:71:08:8c:11:1e:cc:73:b2:
                    14:75:df:a1:a9:4f:1c:70:19:42:5e:06:7d:25:64:
                    12:9d:e1:45:68:87:8d:0f:ce:11:dc:3f:70:13:3c:
                    48:c9:87:f8:89:dd:88:9b:fc:01:56:98:54:e5:3d:
                    78:ca:19:60:0f:dc:f1:b2:d3:70:4a:4c:6f:04:65:
                    5a:97:08:d3:17:5e:d5:8c:99:b7:87:86:4f:49:9b:
                    75:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:5E:CE:9D:C1:CE:66:94:45:D7:66:BD:EC:0B:2C:3D:F3:A9:C1:D5
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144085.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a59b::/32

    Signature Algorithm: sha256WithRSAEncryption
         0b:b5:6e:85:c3:a0:8b:44:f6:4d:5e:3d:d7:cc:9b:f4:36:6b:
         5b:b1:9c:c9:45:a7:8e:e8:89:b0:bf:5a:e6:48:09:dc:e0:fb:
         5b:90:c9:ad:72:35:4c:b3:91:f2:6f:cb:99:5b:f5:48:b0:70:
         4f:88:ef:a0:ec:e0:46:6c:18:67:c6:56:e4:12:82:ae:e4:0d:
         00:a1:4f:5b:86:1f:0d:aa:ec:56:6c:51:ed:b1:1e:e7:24:2f:
         ff:3e:70:00:02:44:29:eb:ca:5b:a3:e1:6d:b7:41:8c:d3:f8:
         fd:ee:be:c4:f2:cb:cd:d5:09:95:8f:a1:58:0e:8e:41:d8:4c:
         83:81:fc:c2:c2:c7:3e:81:c2:23:74:5f:3b:43:c2:1c:e6:6d:
         c6:be:75:dc:52:e0:1b:8c:a6:0c:50:43:c9:2e:04:eb:7f:d1:
         af:d7:40:04:9a:d7:d9:ce:59:ac:55:df:26:60:fa:56:0f:36:
         44:c1:dc:18:90:fb:1d:e2:9b:d2:a8:72:80:80:37:69:08:cf:
         21:9e:97:36:ad:7d:d0:fb:90:65:4f:7b:86:eb:fa:c0:b5:ce:
         fe:c6:b9:43:e1:ea:71:52:d8:49:f6:36:bc:c6:21:cf:f0:bf:
         b2:72:58:a3:22:0d:2d:20:46:bb:a1:52:c0:75:4c:c1:af:09:
         76:3e:68:a5
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUNx5u1vXvEQ2mFjzGDWmlluDZSwwwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDc1OFoX
DTI3MDMwMzA2MTI1OFowMzExMC8GA1UEAxMoODc1RUNFOURDMUNFNjY5NDQ1RDc2
NkJERUMwQjJDM0RGM0E5QzFENTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOI2Az/cpuzLFY4vf++SHOZmvATRYynvcRfd9PFuTFstaE8aUZ0LMa4KSad3
HsFKE3qNqHdT26OlmJ4bEqkPuYdOUEJk724mBRvAylRLGJBhuesFXTGLdxDO6Tkk
1F0uDpCK+Z9i/x+PJBVJGt1SGJ/L5CD/CQJPzeyJ2KFrmVkC7QS23b2WojG6pSL5
pxcqmzFxC8SuxHvCanz5esqOiRA8H45S1bJZBRplVHEIjBEezHOyFHXfoalPHHAZ
Ql4GfSVkEp3hRWiHjQ/OEdw/cBM8SMmH+IndiJv8AVaYVOU9eMoZYA/c8bLTcEpM
bwRlWpcI0xde1YyZt4eGT0mbdYcCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBSHXs6d
wc5mlEXXZr3sCyw986nB1TAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDA4NS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
pZswDQYJKoZIhvcNAQELBQADggEBAAu1boXDoItE9k1ePdfMm/Q2a1uxnMlFp47o
ibC/WuZICdzg+1uQya1yNUyzkfJvy5lb9UiwcE+I76Ds4EZsGGfGVuQSgq7kDQCh
T1uGHw2q7FZsUe2xHuckL/8+cAACRCnryluj4W23QYzT+P3uvsTyy83VCZWPoVgO
jkHYTIOB/MLCxz6BwiN0XztDwhzmbca+ddxS4BuMpgxQQ8kuBOt/0a/XQASa19nO
WaxV3yZg+lYPNkTB3BiQ+x3im9KocoCAN2kIzyGelzatfdD7kGVPe4br+sC1zv7G
uUPh6nFS2En2NrzGIc/wv7JyWKMiDS0gRruhUsB1TMGvCXY+aKU=
-----END CERTIFICATE-----