Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144107.roa
File:                     AS144107.roa (raw, json)
Hash identifier:          g+ihEQIGflCoZWgoLf95SER0dZzPrkXwuQ4ARWLE1hQ=
Subject key identifier:   56:14:BF:DA:06:03:41:A2:5A:E8:7B:16:6A:4B:FC:85:56:F5:6C:A9
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       14DAFE33C1EE07BDD45289EED49D217A7A75F65E
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144107.roa
Signing time:             Wed 04 Mar 2026 06:15:19 +0000
ROA not before:           Wed 04 Mar 2026 06:10:19 +0000
ROA not after:            Wed 03 Mar 2027 06:15:19 +0000
asID:                     144107
IP address blocks:        240a:a5b1::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            14:da:fe:33:c1:ee:07:bd:d4:52:89:ee:d4:9d:21:7a:7a:75:f6:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:10:19 2026 GMT
            Not After : Mar  3 06:15:19 2027 GMT
        Subject: CN=5614BFDA060341A25AE87B166A4BFC8556F56CA9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:ce:45:93:8d:20:b8:99:4b:2c:8b:2d:e6:33:
                    69:e2:7b:0e:ca:0a:a1:46:f2:36:fd:a0:28:55:db:
                    cb:be:8f:e9:92:06:31:be:52:78:e3:ad:73:db:0d:
                    36:27:1b:41:1c:53:75:31:41:8c:a6:ff:bd:bd:9b:
                    33:ce:ca:69:86:2b:21:4b:60:5e:55:f3:f5:66:3d:
                    c0:18:44:f2:6e:88:0f:13:d2:ea:1f:87:07:a3:2c:
                    98:c3:0d:03:6f:c0:08:0f:c3:6e:6b:c9:6d:a7:94:
                    84:e5:96:47:51:83:12:e3:2e:49:41:31:66:ef:a3:
                    30:b0:4b:ab:31:30:68:c5:e6:4d:7d:ef:88:5d:51:
                    54:63:fb:44:ba:c8:e7:b5:37:88:82:80:1d:54:0e:
                    ac:75:d2:ce:0d:dd:5a:10:77:2f:d0:fc:cc:0b:ad:
                    68:0f:3b:70:dc:53:74:fb:b5:9a:51:1d:ee:f2:24:
                    1c:71:b6:90:60:62:d9:90:08:55:3e:29:3f:e5:38:
                    20:03:af:85:6c:61:6a:6f:42:d0:b9:18:da:30:18:
                    bc:76:05:45:5e:8f:6e:2d:14:be:ca:69:12:f4:43:
                    5f:0e:18:c2:8c:ac:39:fd:9e:d4:3e:49:9c:c6:45:
                    13:3c:8e:9b:ff:49:3c:dc:e6:f2:4f:8b:bb:e6:bd:
                    05:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:14:BF:DA:06:03:41:A2:5A:E8:7B:16:6A:4B:FC:85:56:F5:6C:A9
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144107.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a5b1::/32

    Signature Algorithm: sha256WithRSAEncryption
         6f:0e:96:a6:16:05:26:7d:ef:2b:22:95:b2:63:41:8f:c8:02:
         dd:13:93:9d:2f:f9:3d:15:4d:6a:95:89:5a:c8:88:7f:de:3c:
         57:fd:5f:e9:c0:ba:ed:b6:f1:09:78:1b:fd:26:e7:ee:12:4b:
         1d:bb:66:7a:45:b7:5f:6a:bc:ff:d3:29:a1:aa:dc:84:55:a1:
         77:78:55:d2:2f:37:82:de:be:91:97:92:26:6d:6b:b7:67:c5:
         e1:26:58:ca:d4:21:15:c8:8d:b4:c7:57:cb:4e:98:e5:50:73:
         a7:d8:4e:03:f5:99:b5:0d:b7:a4:69:62:fa:58:f9:7f:8b:89:
         82:7e:1e:5c:a1:33:eb:5f:00:2c:83:ed:9f:83:e1:94:79:b4:
         c4:d2:35:43:91:19:9b:18:de:71:31:37:21:9f:61:df:22:30:
         93:3b:91:f4:55:b5:08:41:d4:fe:e8:0a:36:7d:0c:f6:a5:fb:
         a6:fe:1a:2d:a5:78:a3:49:65:20:2e:ad:f8:4e:49:20:0d:b3:
         14:27:52:1e:8a:c2:42:84:ef:de:5f:bb:0b:ff:7c:15:59:6e:
         6b:02:c6:d6:f9:14:40:c4:0e:91:c8:8f:02:97:56:a3:24:78:
         ce:b7:36:29:08:37:a8:74:ae:a6:7c:9d:52:8b:57:9f:ef:8c:
         f1:3e:85:c7
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUFNr+M8HuB73UUonu1J0henp19l4wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTAxOVoX
DTI3MDMwMzA2MTUxOVowMzExMC8GA1UEAxMoNTYxNEJGREEwNjAzNDFBMjVBRTg3
QjE2NkE0QkZDODU1NkY1NkNBOTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMTORZONILiZSyyLLeYzaeJ7DsoKoUbyNv2gKFXby76P6ZIGMb5SeOOtc9sN
NicbQRxTdTFBjKb/vb2bM87KaYYrIUtgXlXz9WY9wBhE8m6IDxPS6h+HB6MsmMMN
A2/ACA/DbmvJbaeUhOWWR1GDEuMuSUExZu+jMLBLqzEwaMXmTX3viF1RVGP7RLrI
57U3iIKAHVQOrHXSzg3dWhB3L9D8zAutaA87cNxTdPu1mlEd7vIkHHG2kGBi2ZAI
VT4pP+U4IAOvhWxham9C0LkY2jAYvHYFRV6Pbi0UvsppEvRDXw4YwoysOf2e1D5J
nMZFEzyOm/9JPNzm8k+Lu+a9BS0CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBRWFL/a
BgNBolroexZqS/yFVvVsqTAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDEwNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
pbEwDQYJKoZIhvcNAQELBQADggEBAG8OlqYWBSZ97ysilbJjQY/IAt0Tk50v+T0V
TWqViVrIiH/ePFf9X+nAuu228Ql4G/0m5+4SSx27ZnpFt19qvP/TKaGq3IRVoXd4
VdIvN4LevpGXkiZta7dnxeEmWMrUIRXIjbTHV8tOmOVQc6fYTgP1mbUNt6RpYvpY
+X+LiYJ+HlyhM+tfACyD7Z+D4ZR5tMTSNUORGZsY3nExNyGfYd8iMJM7kfRVtQhB
1P7oCjZ9DPal+6b+Gi2leKNJZSAurfhOSSANsxQnUh6KwkKE795fuwv/fBVZbmsC
xtb5FEDEDpHIjwKXVqMkeM63NikIN6h0rqZ8nVKLV5/vjPE+hcc=
-----END CERTIFICATE-----