Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144100.roa
File:                     AS144100.roa (raw, json)
Hash identifier:          QtW70Ie0457UTnKzgRaA/ADKsS4Eebi5Rn367Dq0NdM=
Subject key identifier:   DD:65:DC:28:90:28:60:19:FC:39:60:B9:51:10:0C:E0:19:7F:4E:0B
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       715F103D2DC13497B21D545AF66E9E516ADE4022
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144100.roa
Signing time:             Wed 04 Mar 2026 06:13:47 +0000
ROA not before:           Wed 04 Mar 2026 06:08:47 +0000
ROA not after:            Wed 03 Mar 2027 06:13:47 +0000
asID:                     144100
IP address blocks:        240a:a5aa::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            71:5f:10:3d:2d:c1:34:97:b2:1d:54:5a:f6:6e:9e:51:6a:de:40:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:08:47 2026 GMT
            Not After : Mar  3 06:13:47 2027 GMT
        Subject: CN=DD65DC2890286019FC3960B951100CE0197F4E0B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:ca:36:47:5a:7e:f2:1a:02:5a:15:39:95:98:
                    94:91:10:11:29:b8:f0:e8:87:4f:8a:4e:9a:cd:aa:
                    f1:c8:db:7f:86:9d:92:98:ef:d8:b4:bd:48:39:12:
                    98:c0:b8:ac:d3:0a:a0:70:5d:d6:f4:e1:e1:87:1d:
                    c8:26:a8:57:88:8a:8f:a1:9f:b9:d5:d1:00:b2:aa:
                    0f:07:a1:f9:5a:f0:bf:dd:a8:99:d1:a5:ff:8e:1f:
                    0d:1e:ce:95:71:ac:70:38:50:6b:aa:46:31:b9:38:
                    63:b5:5c:b7:90:67:6a:2c:8a:cd:d3:3a:f3:9f:42:
                    48:da:c7:d4:46:a4:4c:56:8e:ae:3d:47:75:12:48:
                    42:ea:b8:0c:b2:84:79:8f:7e:7c:18:45:ff:58:23:
                    78:52:b0:f6:e6:c8:6c:76:e4:cf:1e:c5:ca:42:9b:
                    6b:b8:61:64:1a:4e:c5:56:73:20:95:3a:4c:41:f2:
                    8c:8e:c0:82:9b:8c:7a:26:73:81:d2:79:65:92:d3:
                    34:72:e5:2c:69:10:21:e5:45:b4:9b:be:be:7d:93:
                    89:0c:0c:c2:41:71:c9:9b:38:bd:15:d5:d9:17:91:
                    1b:f4:95:73:c3:b0:ab:ef:c2:51:b9:b5:03:54:14:
                    3f:b5:9d:e5:ed:82:1b:73:64:f8:85:86:a1:71:72:
                    4e:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:65:DC:28:90:28:60:19:FC:39:60:B9:51:10:0C:E0:19:7F:4E:0B
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144100.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a5aa::/32

    Signature Algorithm: sha256WithRSAEncryption
         7e:1c:d0:dc:0c:1d:38:58:39:8f:6e:9d:5d:a5:1e:8e:03:00:
         ce:53:de:6c:04:10:9c:27:84:6c:33:5a:31:8e:08:a8:10:8c:
         f0:b3:30:c4:76:d6:be:cb:99:02:54:0a:70:a2:06:51:98:41:
         db:b4:d2:1d:f2:3d:f1:8f:0f:12:34:c6:86:30:b7:02:ba:47:
         e0:c1:fe:ba:91:34:d5:10:35:5e:7a:67:dc:22:4e:b9:16:c9:
         95:45:bc:64:e2:04:17:5a:fb:2f:99:20:4b:cd:4f:17:9a:9e:
         2c:6e:a8:a7:fd:ff:2e:7f:d0:12:c9:aa:21:71:c9:2a:2d:3c:
         73:87:54:2d:4a:f5:c3:0b:a7:af:5f:b6:91:26:c7:77:bb:65:
         20:fe:66:37:f3:d6:03:ee:de:86:6d:08:c7:10:6c:c6:2e:b8:
         b5:e3:2d:92:21:3e:df:f9:5d:4a:1c:d9:7e:d4:da:d7:56:34:
         a6:44:3d:d4:ce:4b:ad:bb:0d:ae:e1:09:25:63:9e:8b:ba:dc:
         a7:7c:3b:39:a7:48:12:c4:00:20:5f:05:c9:cb:e2:cf:ca:c6:
         e7:88:46:33:1f:e4:8b:64:76:20:48:f3:3e:fb:c4:97:fc:fd:
         43:48:82:54:18:f3:76:54:2c:f8:d7:5c:dd:f8:75:51:38:84:
         c6:cc:3a:bc
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUcV8QPS3BNJeyHVRa9m6eUWreQCIwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDg0N1oX
DTI3MDMwMzA2MTM0N1owMzExMC8GA1UEAxMoREQ2NURDMjg5MDI4NjAxOUZDMzk2
MEI5NTExMDBDRTAxOTdGNEUwQjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK3KNkdafvIaAloVOZWYlJEQESm48OiHT4pOms2q8cjbf4adkpjv2LS9SDkS
mMC4rNMKoHBd1vTh4YcdyCaoV4iKj6GfudXRALKqDweh+Vrwv92omdGl/44fDR7O
lXGscDhQa6pGMbk4Y7Vct5BnaiyKzdM6859CSNrH1EakTFaOrj1HdRJIQuq4DLKE
eY9+fBhF/1gjeFKw9ubIbHbkzx7FykKba7hhZBpOxVZzIJU6TEHyjI7AgpuMeiZz
gdJ5ZZLTNHLlLGkQIeVFtJu+vn2TiQwMwkFxyZs4vRXV2ReRG/SVc8Owq+/CUbm1
A1QUP7Wd5e2CG3Nk+IWGoXFyTp0CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBTdZdwo
kChgGfw5YLlREAzgGX9OCzAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDEwMC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
paowDQYJKoZIhvcNAQELBQADggEBAH4c0NwMHThYOY9unV2lHo4DAM5T3mwEEJwn
hGwzWjGOCKgQjPCzMMR21r7LmQJUCnCiBlGYQdu00h3yPfGPDxI0xoYwtwK6R+DB
/rqRNNUQNV56Z9wiTrkWyZVFvGTiBBda+y+ZIEvNTxeanixuqKf9/y5/0BLJqiFx
ySotPHOHVC1K9cMLp69ftpEmx3e7ZSD+Zjfz1gPu3oZtCMcQbMYuuLXjLZIhPt/5
XUoc2X7U2tdWNKZEPdTOS627Da7hCSVjnou63Kd8OzmnSBLEACBfBcnL4s/KxueI
RjMf5ItkdiBI8z77xJf8/UNIglQY83ZULPjXXN34dVE4hMbMOrw=
-----END CERTIFICATE-----