Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144110.roa
File:                     AS144110.roa (raw, json)
Hash identifier:          JNjzoA9VzIyy60C9UYRgPJ8BTsOdjUhyu9sFayeU32M=
Subject key identifier:   42:26:2E:53:9D:A5:70:D0:3F:0C:17:6D:33:28:CF:F0:DC:94:22:27
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       34167CD93F41448338642CA230DBBAC3821B8988
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144110.roa
Signing time:             Wed 04 Mar 2026 06:13:53 +0000
ROA not before:           Wed 04 Mar 2026 06:08:53 +0000
ROA not after:            Wed 03 Mar 2027 06:13:53 +0000
asID:                     144110
IP address blocks:        240a:a5b4::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:16:7c:d9:3f:41:44:83:38:64:2c:a2:30:db:ba:c3:82:1b:89:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:08:53 2026 GMT
            Not After : Mar  3 06:13:53 2027 GMT
        Subject: CN=42262E539DA570D03F0C176D3328CFF0DC942227
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:11:13:02:af:f6:6b:5d:91:22:54:d0:6e:ed:
                    9a:00:0a:99:43:ad:9c:0a:f9:bc:5f:55:ba:3e:1f:
                    ed:a5:fa:5c:a1:59:89:00:67:65:03:72:9e:85:91:
                    4b:9e:77:0e:dc:8c:14:a8:cc:8d:15:a3:fd:34:55:
                    89:24:55:45:3c:53:38:f7:d4:fd:4f:e9:9e:1c:57:
                    9a:af:14:d1:c9:7d:3e:3e:55:77:e4:0b:8a:e2:41:
                    9e:6d:bb:f8:10:12:58:f6:40:08:1c:0d:cf:44:b0:
                    13:7d:ca:32:fc:42:91:97:e9:c3:2d:88:cc:b1:dc:
                    5e:47:20:ff:03:4b:a8:8a:bb:a5:ea:27:0e:84:43:
                    43:e4:b0:79:7e:68:9d:69:25:93:0d:00:a5:b6:46:
                    8b:7e:4f:1f:35:c4:cf:fb:55:27:06:63:0b:33:23:
                    ba:fd:1f:c2:55:4b:21:c5:7c:ed:34:d4:b5:54:77:
                    86:db:43:e5:85:b1:74:10:3f:7f:b3:3d:a1:d3:db:
                    40:e5:be:bd:24:d5:05:b7:fa:c4:f8:b1:3a:ce:70:
                    00:78:c2:64:b2:14:1a:f3:81:a6:b6:fb:00:3b:c8:
                    f3:b6:d2:6a:07:7c:c1:10:11:98:46:eb:a0:e6:26:
                    ae:dd:e1:c4:39:84:23:7e:bc:ac:b3:a0:bb:6e:99:
                    f7:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:26:2E:53:9D:A5:70:D0:3F:0C:17:6D:33:28:CF:F0:DC:94:22:27
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144110.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a5b4::/32

    Signature Algorithm: sha256WithRSAEncryption
         b6:98:7c:c3:17:d4:f4:68:9a:85:a6:47:2d:68:94:ae:f8:94:
         e6:1e:92:c7:b0:c4:8e:4f:f0:ce:2a:dc:4f:01:08:c4:68:b8:
         d0:90:24:a7:ef:4b:6a:5c:cc:69:6a:c7:68:af:93:ba:bf:c2:
         27:cc:dc:4e:ba:c6:c7:a2:ba:33:57:82:e8:c7:02:84:e6:4d:
         40:4b:7e:e7:94:62:0e:23:9f:86:ab:3e:dd:12:49:68:cc:18:
         14:03:6b:32:b1:ea:7f:e9:34:d3:5e:27:67:84:67:90:61:c2:
         a4:0a:e5:46:f8:9d:db:7a:69:db:00:c9:2e:e1:9e:70:6d:54:
         9c:ef:5b:d5:87:85:14:28:0c:ca:ce:d8:e7:f2:db:07:29:1b:
         ba:63:9e:47:b4:e3:d6:fb:f9:82:61:69:e9:a9:03:3f:5d:2c:
         0e:e2:a4:12:25:4b:d8:c2:7e:1b:60:90:6f:48:39:26:2a:83:
         3e:15:48:87:dd:ca:5d:7b:e0:bd:3a:d1:88:49:9f:4f:37:14:
         d7:75:e3:87:e3:f6:4f:0d:4c:b4:ed:45:cc:53:ff:4c:3e:18:
         c4:e7:ec:e5:8b:a4:c1:82:4a:82:a3:ab:ab:11:fa:ad:07:9f:
         a2:93:1e:08:d3:49:20:5c:ca:f2:ce:d1:fa:1b:80:da:de:56:
         93:27:d8:fb
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUNBZ82T9BRIM4ZCyiMNu6w4IbiYgwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDg1M1oX
DTI3MDMwMzA2MTM1M1owMzExMC8GA1UEAxMoNDIyNjJFNTM5REE1NzBEMDNGMEMx
NzZEMzMyOENGRjBEQzk0MjIyNzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJwREwKv9mtdkSJU0G7tmgAKmUOtnAr5vF9Vuj4f7aX6XKFZiQBnZQNynoWR
S553DtyMFKjMjRWj/TRViSRVRTxTOPfU/U/pnhxXmq8U0cl9Pj5Vd+QLiuJBnm27
+BASWPZACBwNz0SwE33KMvxCkZfpwy2IzLHcXkcg/wNLqIq7peonDoRDQ+SweX5o
nWklkw0ApbZGi35PHzXEz/tVJwZjCzMjuv0fwlVLIcV87TTUtVR3httD5YWxdBA/
f7M9odPbQOW+vSTVBbf6xPixOs5wAHjCZLIUGvOBprb7ADvI87bSagd8wRARmEbr
oOYmrt3hxDmEI368rLOgu26Z9/cCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBRCJi5T
naVw0D8MF20zKM/w3JQiJzAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDExMC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
pbQwDQYJKoZIhvcNAQELBQADggEBALaYfMMX1PRomoWmRy1olK74lOYeksewxI5P
8M4q3E8BCMRouNCQJKfvS2pczGlqx2ivk7q/wifM3E66xseiujNXgujHAoTmTUBL
fueUYg4jn4arPt0SSWjMGBQDazKx6n/pNNNeJ2eEZ5BhwqQK5Ub4ndt6adsAyS7h
nnBtVJzvW9WHhRQoDMrO2Ofy2wcpG7pjnke049b7+YJhaempAz9dLA7ipBIlS9jC
fhtgkG9IOSYqgz4VSIfdyl174L060YhJn083FNd144fj9k8NTLTtRcxT/0w+GMTn
7OWLpMGCSoKjq6sR+q0Hn6KTHgjTSSBcyvLO0fobgNreVpMn2Ps=
-----END CERTIFICATE-----