Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144113.roa
File:                     AS144113.roa (raw, json)
Hash identifier:          ib5Ev9yQjKCykipri2RSCxis6ykZrCppQ6rCkH/vaNo=
Subject key identifier:   25:46:73:DA:C4:90:7B:48:1A:07:86:EF:C4:F3:3D:9C:8E:7F:B3:39
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       67521DED54E7DD1458113B259F42EF8CA7186E2B
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144113.roa
Signing time:             Wed 04 Mar 2026 06:13:29 +0000
ROA not before:           Wed 04 Mar 2026 06:08:29 +0000
ROA not after:            Wed 03 Mar 2027 06:13:29 +0000
asID:                     144113
IP address blocks:        240a:a5b7::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            67:52:1d:ed:54:e7:dd:14:58:11:3b:25:9f:42:ef:8c:a7:18:6e:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:08:29 2026 GMT
            Not After : Mar  3 06:13:29 2027 GMT
        Subject: CN=254673DAC4907B481A0786EFC4F33D9C8E7FB339
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:83:d3:87:b9:5b:29:aa:ae:2f:3c:a3:6b:62:
                    93:42:d8:09:41:c0:33:f6:00:40:9d:09:23:13:6a:
                    63:ac:30:c5:64:f3:63:39:cf:c5:98:c0:39:0a:e9:
                    22:64:79:d5:20:88:4c:0a:3d:92:29:18:14:e5:7b:
                    f9:dc:a8:f0:7c:01:35:69:83:18:38:cf:b6:be:99:
                    23:41:9b:fc:d2:19:58:91:36:21:e7:dd:72:4d:8a:
                    3a:fc:9e:91:bc:4c:bd:ac:65:67:37:5f:0a:bf:73:
                    b4:4a:f6:64:38:e0:52:e0:0e:70:92:a1:e6:dc:eb:
                    49:17:47:df:01:72:14:a3:15:e6:7c:ab:09:a0:b6:
                    90:02:72:48:d0:e9:07:44:74:40:01:22:bb:13:12:
                    e8:24:d6:4a:fc:81:24:64:8a:9a:27:fa:fc:db:92:
                    14:9f:59:f1:ab:5e:eb:32:3f:86:64:48:53:b1:6f:
                    73:1a:78:7a:82:bf:bb:0a:9d:33:9a:5e:85:6c:d3:
                    0b:02:bb:7b:3b:93:d8:bc:66:c0:a4:77:9c:df:00:
                    10:d3:96:62:f5:e1:4a:54:c6:d9:02:72:2c:d0:ac:
                    3e:ec:79:07:5c:82:88:33:9b:e5:82:e5:31:00:0a:
                    8d:f4:19:f4:43:09:27:71:27:71:2b:9b:c7:b0:5a:
                    32:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:46:73:DA:C4:90:7B:48:1A:07:86:EF:C4:F3:3D:9C:8E:7F:B3:39
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144113.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a5b7::/32

    Signature Algorithm: sha256WithRSAEncryption
         50:8d:a3:6d:93:85:50:86:bc:8e:2e:1d:7b:f1:69:47:ce:e3:
         f5:e1:f3:80:78:f8:13:37:1f:6d:4c:a3:07:21:d1:27:ef:7d:
         f6:cb:4b:71:e7:7a:81:54:21:2a:c9:76:42:24:27:0e:05:9a:
         17:05:8a:63:ba:bc:74:5c:9d:32:aa:1c:f7:ae:3a:f0:22:14:
         b3:10:37:0d:02:ed:e5:ff:69:0e:b8:6a:6a:fa:52:7b:a4:99:
         65:b1:d3:99:54:14:9a:01:aa:35:ba:d0:97:29:70:21:6b:38:
         9b:19:0d:cf:51:0e:b9:3d:34:f5:14:ec:f6:ac:81:12:36:73:
         c1:20:3e:1b:09:02:42:4a:a4:9b:42:f2:15:7f:86:db:7c:83:
         5e:0c:74:de:38:84:7a:9a:3b:98:fb:e2:16:d2:fe:5b:c3:28:
         a7:98:29:73:a9:42:70:59:14:2d:f5:a3:fe:30:fa:d4:13:f1:
         5d:38:ad:34:2c:23:e1:f6:c8:19:31:27:f0:0e:cb:7b:be:ed:
         4e:7a:15:70:1a:e5:9c:e0:ac:45:1b:a6:57:02:3e:82:21:6d:
         48:53:90:87:c6:af:6e:13:ec:17:1f:04:5d:50:55:a4:d8:e6:
         16:88:75:26:b1:ca:34:f8:f5:5a:de:54:d6:93:32:e2:66:7c:
         99:31:2e:d9
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUZ1Id7VTn3RRYETsln0LvjKcYbiswDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDgyOVoX
DTI3MDMwMzA2MTMyOVowMzExMC8GA1UEAxMoMjU0NjczREFDNDkwN0I0ODFBMDc4
NkVGQzRGMzNEOUM4RTdGQjMzOTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK2D04e5Wymqri88o2tik0LYCUHAM/YAQJ0JIxNqY6wwxWTzYznPxZjAOQrp
ImR51SCITAo9kikYFOV7+dyo8HwBNWmDGDjPtr6ZI0Gb/NIZWJE2Iefdck2KOvye
kbxMvaxlZzdfCr9ztEr2ZDjgUuAOcJKh5tzrSRdH3wFyFKMV5nyrCaC2kAJySNDp
B0R0QAEiuxMS6CTWSvyBJGSKmif6/NuSFJ9Z8ate6zI/hmRIU7Fvcxp4eoK/uwqd
M5pehWzTCwK7ezuT2LxmwKR3nN8AENOWYvXhSlTG2QJyLNCsPux5B1yCiDOb5YLl
MQAKjfQZ9EMJJ3EncSubx7BaMiUCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQlRnPa
xJB7SBoHhu/E8z2cjn+zOTAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDExMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
pbcwDQYJKoZIhvcNAQELBQADggEBAFCNo22ThVCGvI4uHXvxaUfO4/Xh84B4+BM3
H21Mowch0SfvffbLS3HneoFUISrJdkIkJw4FmhcFimO6vHRcnTKqHPeuOvAiFLMQ
Nw0C7eX/aQ64amr6UnukmWWx05lUFJoBqjW60JcpcCFrOJsZDc9RDrk9NPUU7Pas
gRI2c8EgPhsJAkJKpJtC8hV/htt8g14MdN44hHqaO5j74hbS/lvDKKeYKXOpQnBZ
FC31o/4w+tQT8V04rTQsI+H2yBkxJ/AOy3u+7U56FXAa5ZzgrEUbplcCPoIhbUhT
kIfGr24T7BcfBF1QVaTY5haIdSaxyjT49VreVNaTMuJmfJkxLtk=
-----END CERTIFICATE-----