Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144093.roa
File:                     AS144093.roa (raw, json)
Hash identifier:          c4vdWLBdoo/R9Ji1bcYEG7spASW/ARG363yn0jU78IU=
Subject key identifier:   F7:56:BE:F9:25:37:6A:A6:C2:F1:D1:97:F2:B6:DC:AC:DA:1C:95:33
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       161BBD1941731DF0392882B9674A95310BAD2EE5
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144093.roa
Signing time:             Wed 04 Mar 2026 06:15:09 +0000
ROA not before:           Wed 04 Mar 2026 06:10:09 +0000
ROA not after:            Wed 03 Mar 2027 06:15:09 +0000
asID:                     144093
IP address blocks:        240a:a5a3::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            16:1b:bd:19:41:73:1d:f0:39:28:82:b9:67:4a:95:31:0b:ad:2e:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:10:09 2026 GMT
            Not After : Mar  3 06:15:09 2027 GMT
        Subject: CN=F756BEF925376AA6C2F1D197F2B6DCACDA1C9533
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:48:2a:39:81:00:70:8e:87:65:f8:35:e9:04:
                    65:74:f9:07:78:7a:b4:96:dc:59:bf:5a:a8:68:dc:
                    0a:ba:fa:5f:f7:c0:c9:5b:27:23:04:a3:37:67:52:
                    6b:39:f3:c6:58:1d:0f:91:a6:a5:3f:6e:34:e7:b3:
                    56:f3:80:38:b1:7a:88:15:8d:ce:13:7b:ad:56:f1:
                    08:eb:4b:2f:41:c6:cf:45:6c:93:35:9e:eb:49:07:
                    49:96:a9:4d:88:b6:56:f5:69:ec:ee:c7:95:62:1c:
                    50:c2:35:21:bd:62:26:c7:bc:7c:27:1b:bf:46:e0:
                    f5:d7:9a:63:ce:d9:2a:09:51:94:23:81:8d:c9:14:
                    db:db:c8:ad:7d:a9:5d:c5:02:3c:fc:90:f4:d5:0b:
                    bc:7b:63:fe:75:70:6c:c7:21:8a:a9:03:1d:e2:f9:
                    be:62:ca:34:02:f8:d9:2e:d2:9e:9d:0f:9b:6a:97:
                    25:82:57:0d:47:1c:ca:02:de:a9:c4:6e:a5:11:1f:
                    c7:86:0b:f7:92:46:1c:5e:3b:c0:4d:da:2b:f3:23:
                    30:03:ef:37:59:57:19:d8:8c:8d:95:24:e5:78:fd:
                    d7:80:0b:c0:d4:99:f6:1a:07:5f:8e:0e:34:51:3e:
                    74:16:15:a4:04:52:12:7e:70:37:8f:63:56:46:94:
                    75:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:56:BE:F9:25:37:6A:A6:C2:F1:D1:97:F2:B6:DC:AC:DA:1C:95:33
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144093.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a5a3::/32

    Signature Algorithm: sha256WithRSAEncryption
         c6:71:4b:dc:9e:72:d8:d8:6f:ad:a0:46:4e:f1:e7:ba:72:a4:
         ca:c0:30:74:fd:26:3d:67:75:ea:69:aa:7b:b7:82:63:58:4a:
         86:1e:7b:c5:bd:e4:74:77:0d:db:91:68:30:af:7d:f8:cc:68:
         5f:20:fe:b9:ae:24:d2:2c:ce:b5:fe:ff:ee:20:29:e2:ee:46:
         19:de:d0:b3:4d:f4:eb:f4:8a:9f:c0:0a:9b:db:c1:f0:92:2c:
         f6:92:be:c5:83:6c:7d:5c:b8:f3:e4:7f:61:f2:7e:8c:57:e6:
         a8:be:d2:b6:67:83:d3:fa:84:b2:2d:fc:cf:9c:fd:cc:1b:c6:
         4b:0d:e1:b2:f4:bf:7e:04:ed:ac:ff:73:03:59:27:8e:95:fa:
         71:cc:c6:9e:c8:91:fb:8a:a1:8c:36:d6:d1:32:db:fe:68:04:
         eb:bf:5b:c9:d5:7d:c5:f9:ba:04:0f:11:7d:9b:53:b0:3e:9a:
         d5:03:a9:30:0d:90:17:29:e4:b1:ca:43:0e:e4:2b:f0:f2:44:
         4c:bc:7a:2e:b9:43:51:8f:5e:87:cc:88:93:a4:70:db:05:1e:
         78:0b:3a:05:da:43:0d:00:0a:f9:dc:aa:ac:d2:c0:e6:a8:f0:
         b7:95:ed:0a:8c:cd:78:e2:55:18:f6:d9:6b:dc:6c:3e:fb:1c:
         ee:97:d4:46
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUFhu9GUFzHfA5KIK5Z0qVMQutLuUwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTAwOVoX
DTI3MDMwMzA2MTUwOVowMzExMC8GA1UEAxMoRjc1NkJFRjkyNTM3NkFBNkMyRjFE
MTk3RjJCNkRDQUNEQTFDOTUzMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOVIKjmBAHCOh2X4NekEZXT5B3h6tJbcWb9aqGjcCrr6X/fAyVsnIwSjN2dS
aznzxlgdD5GmpT9uNOezVvOAOLF6iBWNzhN7rVbxCOtLL0HGz0VskzWe60kHSZap
TYi2VvVp7O7HlWIcUMI1Ib1iJse8fCcbv0bg9deaY87ZKglRlCOBjckU29vIrX2p
XcUCPPyQ9NULvHtj/nVwbMchiqkDHeL5vmLKNAL42S7Snp0Pm2qXJYJXDUccygLe
qcRupREfx4YL95JGHF47wE3aK/MjMAPvN1lXGdiMjZUk5Xj914ALwNSZ9hoHX44O
NFE+dBYVpARSEn5wN49jVkaUdTcCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBT3Vr75
JTdqpsLx0Zfyttys2hyVMzAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDA5My5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
paMwDQYJKoZIhvcNAQELBQADggEBAMZxS9yectjYb62gRk7x57pypMrAMHT9Jj1n
deppqnu3gmNYSoYee8W95HR3DduRaDCvffjMaF8g/rmuJNIszrX+/+4gKeLuRhne
0LNN9Ov0ip/ACpvbwfCSLPaSvsWDbH1cuPPkf2HyfoxX5qi+0rZng9P6hLIt/M+c
/cwbxksN4bL0v34E7az/cwNZJ46V+nHMxp7IkfuKoYw21tEy2/5oBOu/W8nVfcX5
ugQPEX2bU7A+mtUDqTANkBcp5LHKQw7kK/DyREy8ei65Q1GPXofMiJOkcNsFHngL
OgXaQw0ACvncqqzSwOao8LeV7QqMzXjiVRj22WvcbD77HO6X1EY=
-----END CERTIFICATE-----