Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144090.roa
File:                     AS144090.roa (raw, json)
Hash identifier:          xTjSWYWb893MxWnbP/xg2EA0nDKkBWPUUSw5JTDRGuE=
Subject key identifier:   5E:85:94:FA:3B:36:AC:BD:4E:01:63:15:B8:28:91:CE:DC:66:94:B8
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       264705B5F0342C97BEB639562434DA3134D63F12
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144090.roa
Signing time:             Wed 04 Mar 2026 06:15:50 +0000
ROA not before:           Wed 04 Mar 2026 06:10:50 +0000
ROA not after:            Wed 03 Mar 2027 06:15:50 +0000
asID:                     144090
IP address blocks:        240a:a5a0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            26:47:05:b5:f0:34:2c:97:be:b6:39:56:24:34:da:31:34:d6:3f:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:10:50 2026 GMT
            Not After : Mar  3 06:15:50 2027 GMT
        Subject: CN=5E8594FA3B36ACBD4E016315B82891CEDC6694B8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:27:50:65:8a:9d:09:43:bb:56:65:e4:5b:47:
                    9a:c8:a0:36:90:72:ca:c7:0b:37:12:0f:32:25:c7:
                    3e:54:46:24:3a:a6:0a:7f:b7:bc:86:48:0e:09:fc:
                    74:16:4f:ac:c6:3e:ab:03:f6:e3:2b:a9:02:46:a9:
                    77:4f:cc:42:5b:af:9e:fc:d2:f1:89:49:2d:88:88:
                    a3:7c:0f:bd:3b:b1:4e:55:ac:48:1a:cd:e8:3b:93:
                    10:12:4c:e7:fc:59:ab:32:51:89:27:81:94:1b:2c:
                    d1:32:59:4d:48:f8:f1:18:8d:50:d9:de:f1:cc:c9:
                    e1:9e:84:45:09:77:78:66:fe:52:11:ce:0f:25:4e:
                    63:f0:63:de:0d:75:44:de:f9:a3:e9:77:37:3f:32:
                    41:18:ad:19:84:90:3a:58:8a:15:83:7c:e0:78:fb:
                    14:a7:cb:02:cd:b3:dd:0b:db:ba:42:8f:13:8e:d0:
                    72:e1:20:02:0d:6d:60:29:05:47:d5:14:14:97:1d:
                    5b:4d:a0:ee:f4:85:67:c7:2d:60:a2:17:32:d2:6d:
                    9b:ca:05:c5:03:28:14:e5:12:22:0b:a6:93:1d:5c:
                    09:bd:70:bb:44:6b:b5:98:5a:fa:f3:59:06:44:11:
                    04:3d:fc:ea:a5:09:ba:cf:18:3b:55:df:b1:f6:c4:
                    92:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:85:94:FA:3B:36:AC:BD:4E:01:63:15:B8:28:91:CE:DC:66:94:B8
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144090.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a5a0::/32

    Signature Algorithm: sha256WithRSAEncryption
         c7:7b:cf:ca:43:e3:b8:63:c5:d9:77:09:8c:be:34:2d:9b:3a:
         da:81:81:b3:51:2e:af:f1:37:f9:fe:ac:59:2d:44:25:5a:3c:
         35:23:82:cd:b2:dc:2b:3c:64:ba:fd:3d:e9:16:07:70:2e:f4:
         19:68:3c:e2:41:45:f7:83:49:be:e1:0e:86:ec:d0:7a:b7:14:
         94:07:01:62:38:ed:ff:28:f0:07:26:50:47:cc:41:4d:55:4a:
         b7:3d:9f:e9:59:f6:01:63:de:d2:73:26:93:66:f6:dc:c7:4b:
         56:b1:fa:df:cd:e4:12:40:36:59:77:51:75:60:48:f8:61:1a:
         de:7f:0f:e2:9d:6f:74:c5:7a:24:b8:1f:82:db:97:c9:c1:3f:
         0b:39:fb:3e:02:e7:25:00:7b:91:75:72:2a:72:b0:e7:b8:f0:
         63:27:22:34:10:6e:0b:12:56:32:7c:40:fd:8f:42:59:65:15:
         09:39:64:24:d6:36:46:c7:8d:a0:ed:9f:1c:5a:3b:23:b2:bf:
         94:cf:9a:4c:4f:38:21:11:45:25:30:b0:dd:cd:b3:bf:d2:84:
         90:8c:7e:30:20:a9:06:fc:34:3a:6c:69:fc:c5:76:8b:1f:a7:
         b1:66:60:6a:04:aa:34:ed:b2:6e:a0:86:65:67:ed:d8:e3:2f:
         3e:b9:f9:4e
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUJkcFtfA0LJe+tjlWJDTaMTTWPxIwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTA1MFoX
DTI3MDMwMzA2MTU1MFowMzExMC8GA1UEAxMoNUU4NTk0RkEzQjM2QUNCRDRFMDE2
MzE1QjgyODkxQ0VEQzY2OTRCODCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKMnUGWKnQlDu1Zl5FtHmsigNpByyscLNxIPMiXHPlRGJDqmCn+3vIZIDgn8
dBZPrMY+qwP24yupAkapd0/MQluvnvzS8YlJLYiIo3wPvTuxTlWsSBrN6DuTEBJM
5/xZqzJRiSeBlBss0TJZTUj48RiNUNne8czJ4Z6ERQl3eGb+UhHODyVOY/Bj3g11
RN75o+l3Nz8yQRitGYSQOliKFYN84Hj7FKfLAs2z3QvbukKPE47QcuEgAg1tYCkF
R9UUFJcdW02g7vSFZ8ctYKIXMtJtm8oFxQMoFOUSIgumkx1cCb1wu0RrtZha+vNZ
BkQRBD386qUJus8YO1XfsfbEkqsCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBRehZT6
OzasvU4BYxW4KJHO3GaUuDAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDA5MC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
paAwDQYJKoZIhvcNAQELBQADggEBAMd7z8pD47hjxdl3CYy+NC2bOtqBgbNRLq/x
N/n+rFktRCVaPDUjgs2y3Cs8ZLr9PekWB3Au9BloPOJBRfeDSb7hDobs0Hq3FJQH
AWI47f8o8AcmUEfMQU1VSrc9n+lZ9gFj3tJzJpNm9tzHS1ax+t/N5BJANll3UXVg
SPhhGt5/D+Kdb3TFeiS4H4Lbl8nBPws5+z4C5yUAe5F1cipysOe48GMnIjQQbgsS
VjJ8QP2PQlllFQk5ZCTWNkbHjaDtnxxaOyOyv5TPmkxPOCERRSUwsN3Ns7/ShJCM
fjAgqQb8NDpsafzFdosfp7FmYGoEqjTtsm6ghmVn7djjLz65+U4=
-----END CERTIFICATE-----