Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144135.roa
File:                     AS144135.roa (raw, json)
Hash identifier:          6GKMecDyFsubVW8+ATgl3lHkZ5hSFSK0G1w4zkfcEN0=
Subject key identifier:   1D:1F:85:E1:F0:14:50:D3:67:9E:BD:F0:54:F8:FD:D9:19:AB:76:DB
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       5917E45A27619A13EE10F8A72D89E145728A40DD
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144135.roa
Signing time:             Wed 04 Mar 2026 06:12:38 +0000
ROA not before:           Wed 04 Mar 2026 06:07:38 +0000
ROA not after:            Wed 03 Mar 2027 06:12:38 +0000
asID:                     144135
IP address blocks:        240a:a5cd::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            59:17:e4:5a:27:61:9a:13:ee:10:f8:a7:2d:89:e1:45:72:8a:40:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:07:38 2026 GMT
            Not After : Mar  3 06:12:38 2027 GMT
        Subject: CN=1D1F85E1F01450D3679EBDF054F8FDD919AB76DB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:1f:08:3a:93:0f:fa:b9:f5:c7:67:27:29:42:
                    9b:c7:76:0b:3a:16:9c:1d:cb:19:49:20:ff:05:16:
                    ce:0f:00:7f:8e:ee:61:32:08:f9:f4:29:3a:2c:54:
                    dd:7b:fc:c6:1f:33:50:0d:73:1e:3a:92:10:58:de:
                    9a:0c:6b:53:51:ad:ef:7e:94:db:ba:9f:f9:26:11:
                    50:ed:c5:a7:ac:5b:8a:1a:6d:af:85:e2:39:65:e5:
                    95:e2:2a:46:24:1e:b8:f4:be:d1:a7:da:c6:f3:3c:
                    e4:99:a8:b0:4c:10:5e:de:72:b5:1a:c4:9a:af:da:
                    09:20:eb:f9:26:a6:4d:0f:e2:7c:fe:0b:35:e5:d7:
                    8c:58:1b:f2:f3:ac:93:27:a4:74:58:34:46:0d:d7:
                    96:b0:85:2a:53:70:3f:74:a9:34:34:15:f3:f4:25:
                    73:ce:b8:ae:1a:fe:db:b9:eb:d8:78:2c:36:51:c3:
                    15:59:07:9d:23:76:17:c2:30:1d:05:c3:5b:87:02:
                    3e:d7:ab:2a:be:65:34:83:7b:26:62:c6:bc:81:4a:
                    29:66:7b:84:eb:90:cb:69:3f:45:e6:52:fd:79:a8:
                    5a:75:2f:02:b8:8c:50:82:c8:7d:39:93:68:3b:57:
                    37:5a:d6:3b:5a:2f:f7:2e:d3:6b:79:27:9d:f7:f7:
                    6d:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:1F:85:E1:F0:14:50:D3:67:9E:BD:F0:54:F8:FD:D9:19:AB:76:DB
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144135.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a5cd::/32

    Signature Algorithm: sha256WithRSAEncryption
         c0:cf:03:a3:14:2f:44:86:5b:fd:ec:58:4e:63:63:ae:29:1d:
         ae:c8:df:68:1c:ba:aa:b8:34:3f:cb:92:80:e3:73:c5:2f:fb:
         dc:a7:99:60:90:59:20:11:c9:9e:82:fd:cb:ef:f2:4b:b6:15:
         eb:66:aa:54:b0:3b:99:20:ee:04:30:89:85:7b:7d:52:27:16:
         5b:29:2e:f7:28:40:e3:ea:80:7a:57:28:ae:1a:bd:0d:2c:1b:
         1b:61:57:21:5b:ef:66:ae:99:65:23:64:0c:1b:ef:69:a1:37:
         1a:4b:48:7f:47:f4:ec:af:d9:8d:60:fd:5e:3c:df:9e:7e:63:
         b0:5e:5c:a6:e6:78:c8:7f:08:b8:21:6d:b3:a6:19:18:d3:0f:
         0c:9a:f0:cd:e1:b8:e3:ed:f0:06:20:7f:ba:32:bf:34:e6:c5:
         26:81:61:bc:1e:d4:b7:aa:68:2f:88:ad:3e:b6:33:90:5f:08:
         eb:d6:a7:81:e7:eb:18:ce:6a:50:58:f3:35:a3:69:d6:75:66:
         4b:a6:d6:38:75:69:ed:1a:fd:35:ea:43:89:93:e8:1d:dd:07:
         16:06:ec:87:49:d5:a8:be:3b:8c:30:e4:9c:dd:d5:1a:00:46:
         0d:df:e3:8c:29:75:d3:52:5d:4c:71:a9:a2:69:b4:7d:35:b2:
         0c:28:2e:92
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUWRfkWidhmhPuEPinLYnhRXKKQN0wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDczOFoX
DTI3MDMwMzA2MTIzOFowMzExMC8GA1UEAxMoMUQxRjg1RTFGMDE0NTBEMzY3OUVC
REYwNTRGOEZERDkxOUFCNzZEQjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKofCDqTD/q59cdnJylCm8d2CzoWnB3LGUkg/wUWzg8Af47uYTII+fQpOixU
3Xv8xh8zUA1zHjqSEFjemgxrU1Gt736U27qf+SYRUO3Fp6xbihptr4XiOWXlleIq
RiQeuPS+0afaxvM85JmosEwQXt5ytRrEmq/aCSDr+SamTQ/ifP4LNeXXjFgb8vOs
kyekdFg0Rg3XlrCFKlNwP3SpNDQV8/Qlc864rhr+27nr2HgsNlHDFVkHnSN2F8Iw
HQXDW4cCPterKr5lNIN7JmLGvIFKKWZ7hOuQy2k/ReZS/XmoWnUvAriMUILIfTmT
aDtXN1rWO1ov9y7Ta3knnff3bWsCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQdH4Xh
8BRQ02eevfBU+P3ZGat22zAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDEzNS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
pc0wDQYJKoZIhvcNAQELBQADggEBAMDPA6MUL0SGW/3sWE5jY64pHa7I32gcuqq4
ND/LkoDjc8Uv+9ynmWCQWSARyZ6C/cvv8ku2FetmqlSwO5kg7gQwiYV7fVInFlsp
LvcoQOPqgHpXKK4avQ0sGxthVyFb72aumWUjZAwb72mhNxpLSH9H9Oyv2Y1g/V48
355+Y7BeXKbmeMh/CLghbbOmGRjTDwya8M3huOPt8AYgf7oyvzTmxSaBYbwe1Leq
aC+IrT62M5BfCOvWp4Hn6xjOalBY8zWjadZ1Zkum1jh1ae0a/TXqQ4mT6B3dBxYG
7IdJ1ai+O4ww5Jzd1RoARg3f44wpddNSXUxxqaJptH01sgwoLpI=
-----END CERTIFICATE-----