Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144125.roa
File:                     AS144125.roa (raw, json)
Hash identifier:          V+KhqDSARNS7RaE2CmSdMX6mX4xcQCOssuGmD3O3AW0=
Subject key identifier:   00:F7:F1:B9:61:D8:CF:21:FB:A5:A0:0C:2E:D3:1D:53:FE:EB:25:CB
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       32910CA9880874C1C0BA48836CFE3ECA1C3DE208
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144125.roa
Signing time:             Wed 04 Mar 2026 06:13:12 +0000
ROA not before:           Wed 04 Mar 2026 06:08:12 +0000
ROA not after:            Wed 03 Mar 2027 06:13:12 +0000
asID:                     144125
IP address blocks:        240a:a5c3::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:91:0c:a9:88:08:74:c1:c0:ba:48:83:6c:fe:3e:ca:1c:3d:e2:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:08:12 2026 GMT
            Not After : Mar  3 06:13:12 2027 GMT
        Subject: CN=00F7F1B961D8CF21FBA5A00C2ED31D53FEEB25CB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:64:90:58:2f:87:4e:c3:b8:f5:ca:27:cc:e9:
                    f0:9e:fb:9a:fe:23:66:da:84:bd:65:e8:73:14:26:
                    b4:5b:60:15:dc:44:f3:05:ba:69:72:d4:7e:4a:52:
                    ca:33:58:c5:cc:6d:70:5a:a7:05:08:eb:3f:82:22:
                    03:95:da:5f:1b:e8:c1:60:7c:e7:5a:56:53:db:7a:
                    ef:86:56:d1:31:b0:a2:8b:6f:b7:e0:ef:93:4e:dc:
                    06:64:4d:aa:7d:c5:1c:2d:5e:76:f3:a7:de:27:0d:
                    87:9c:4d:35:85:6f:c6:4a:2d:bc:f5:d4:58:04:9b:
                    b8:de:f7:e8:f3:51:99:dc:4b:7e:e4:3a:64:c5:6a:
                    90:fb:06:51:a0:a2:de:f8:3f:8b:f1:90:31:64:10:
                    07:31:3c:84:2f:d8:ba:cd:0f:7e:ba:cb:1f:8c:52:
                    3b:cd:b3:ef:54:c4:0a:d9:26:79:51:93:10:8f:39:
                    16:02:51:ac:3b:51:92:c8:21:01:73:0e:75:35:e6:
                    47:00:44:ef:6a:06:35:00:f0:fe:cf:a0:2c:b2:c9:
                    7a:b6:55:71:4a:72:c0:96:7a:67:69:3e:1e:d4:6c:
                    bd:ab:b5:21:d6:b1:03:5b:54:e5:34:05:6c:3e:d1:
                    3e:d0:24:ed:49:4c:a0:52:f7:05:74:6f:7f:89:7d:
                    a8:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:F7:F1:B9:61:D8:CF:21:FB:A5:A0:0C:2E:D3:1D:53:FE:EB:25:CB
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144125.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a5c3::/32

    Signature Algorithm: sha256WithRSAEncryption
         34:1f:03:cc:4c:41:26:31:b1:62:f7:3a:a0:7f:c0:92:9b:a0:
         eb:f9:75:2a:6f:86:0f:f4:2b:6f:ed:cb:9f:54:cc:1c:b6:a1:
         16:0f:15:01:2c:e5:39:20:9f:62:57:d7:38:90:e0:d4:ab:d2:
         7e:91:24:e5:e2:6f:57:9f:2e:c0:e5:62:b3:ae:d6:36:65:d2:
         4e:3b:2e:3d:0f:66:e1:64:1e:4b:58:dd:e4:b0:d9:03:8a:27:
         57:45:80:f4:89:cc:9c:9c:c4:03:04:3b:e5:5d:55:9b:09:72:
         21:61:b2:f6:ad:25:2c:de:86:c2:b4:32:4a:14:3c:d4:d3:ae:
         c4:38:3f:c6:d0:43:63:c8:8a:9a:f7:fa:0f:59:25:35:64:8f:
         0f:0f:77:6e:14:c0:44:67:03:9d:14:70:68:39:ee:e9:b4:90:
         97:6b:4d:90:f3:40:bc:35:27:7c:1b:cf:9f:55:01:df:5a:d9:
         6b:9a:c9:a5:8d:5e:c8:e8:1c:46:60:b7:3a:61:bf:76:27:c7:
         ad:cf:38:3e:05:3d:a7:5e:7e:71:fa:68:2c:6d:90:37:c2:dd:
         a6:e4:1a:a4:80:3d:38:8f:1c:c5:2f:28:ae:74:66:97:e8:2f:
         a3:75:1e:c7:4f:ba:fc:5c:4b:eb:d5:82:3d:f0:42:c9:f8:74:
         33:2e:24:89
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUMpEMqYgIdMHAukiDbP4+yhw94ggwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDgxMloX
DTI3MDMwMzA2MTMxMlowMzExMC8GA1UEAxMoMDBGN0YxQjk2MUQ4Q0YyMUZCQTVB
MDBDMkVEMzFENTNGRUVCMjVDQjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKpkkFgvh07DuPXKJ8zp8J77mv4jZtqEvWXocxQmtFtgFdxE8wW6aXLUfkpS
yjNYxcxtcFqnBQjrP4IiA5XaXxvowWB851pWU9t674ZW0TGwootvt+Dvk07cBmRN
qn3FHC1edvOn3icNh5xNNYVvxkotvPXUWASbuN736PNRmdxLfuQ6ZMVqkPsGUaCi
3vg/i/GQMWQQBzE8hC/Yus0PfrrLH4xSO82z71TECtkmeVGTEI85FgJRrDtRksgh
AXMOdTXmRwBE72oGNQDw/s+gLLLJerZVcUpywJZ6Z2k+HtRsvau1IdaxA1tU5TQF
bD7RPtAk7UlMoFL3BXRvf4l9qCcCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQA9/G5
YdjPIfuloAwu0x1T/uslyzAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDEyNS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
pcMwDQYJKoZIhvcNAQELBQADggEBADQfA8xMQSYxsWL3OqB/wJKboOv5dSpvhg/0
K2/ty59UzBy2oRYPFQEs5Tkgn2JX1ziQ4NSr0n6RJOXib1efLsDlYrOu1jZl0k47
Lj0PZuFkHktY3eSw2QOKJ1dFgPSJzJycxAMEO+VdVZsJciFhsvatJSzehsK0MkoU
PNTTrsQ4P8bQQ2PIipr3+g9ZJTVkjw8Pd24UwERnA50UcGg57um0kJdrTZDzQLw1
J3wbz59VAd9a2WuayaWNXsjoHEZgtzphv3Ynx63POD4FPadefnH6aCxtkDfC3abk
GqSAPTiPHMUvKK50ZpfoL6N1HsdPuvxcS+vVgj3wQsn4dDMuJIk=
-----END CERTIFICATE-----