Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144170.roa
File:                     AS144170.roa (raw, json)
Hash identifier:          tRVxNpfyGwtBxEPWdc951yB1LvwjzPi67LwXjp0PGBo=
Subject key identifier:   68:5B:68:15:BB:0F:A5:9E:9A:BE:A6:09:9D:01:A2:B9:08:90:20:E4
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       46F769EABEDEAD2FB8B903C1FFDD21620F46695C
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144170.roa
Signing time:             Wed 04 Mar 2026 06:14:49 +0000
ROA not before:           Wed 04 Mar 2026 06:09:49 +0000
ROA not after:            Wed 03 Mar 2027 06:14:49 +0000
asID:                     144170
IP address blocks:        240a:a5f0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:f7:69:ea:be:de:ad:2f:b8:b9:03:c1:ff:dd:21:62:0f:46:69:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:09:49 2026 GMT
            Not After : Mar  3 06:14:49 2027 GMT
        Subject: CN=685B6815BB0FA59E9ABEA6099D01A2B9089020E4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:42:0c:3b:96:e2:ae:2a:f9:95:ed:60:8c:42:
                    c1:b2:30:98:2a:32:83:d1:fb:38:a0:99:83:e6:26:
                    9f:bf:f3:64:8c:87:d4:75:61:74:38:7e:67:59:01:
                    3e:5b:0a:d4:6c:6f:14:0e:de:c8:60:6e:3f:e0:32:
                    14:20:b4:42:0b:fb:7e:99:79:26:e9:f7:0a:08:1b:
                    98:1b:f7:b9:c0:c6:a9:d4:06:45:b8:93:bb:9d:7c:
                    da:c0:c3:22:f8:80:78:b5:cc:35:10:a1:32:81:f2:
                    24:f1:ae:c8:99:96:42:fa:96:c0:28:5b:3e:57:0a:
                    b8:3a:f0:ed:f9:fc:f2:af:32:36:0a:c2:8b:04:7a:
                    7e:97:29:e2:db:a4:99:2b:96:44:45:0e:54:e0:88:
                    63:fd:59:1e:b4:ac:dc:9b:2a:b1:48:93:0f:d6:d1:
                    00:32:ae:f0:b7:11:55:af:6f:fa:3b:5c:68:df:bb:
                    82:d2:9a:32:34:da:3d:d1:56:01:1d:ed:70:47:2c:
                    03:85:eb:e1:af:2c:e7:5d:ea:57:6a:4f:30:b7:a0:
                    05:e4:b2:8e:a8:8c:bc:77:4c:01:ce:0c:09:97:0f:
                    38:88:5e:e8:43:a1:a4:2e:4f:b6:5f:cd:35:a4:1f:
                    59:45:f5:67:c0:b4:92:2b:42:3c:24:7e:24:4a:75:
                    c9:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:5B:68:15:BB:0F:A5:9E:9A:BE:A6:09:9D:01:A2:B9:08:90:20:E4
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144170.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a5f0::/32

    Signature Algorithm: sha256WithRSAEncryption
         94:95:e1:02:c6:b7:08:b0:f5:a2:3e:4d:d8:a5:f0:ed:c2:40:
         54:ad:e1:a0:5e:37:dd:45:b9:c4:87:b7:ae:73:93:2e:c3:0c:
         b4:be:97:22:ac:a5:46:f0:1a:bf:59:6f:04:e3:e6:17:92:3b:
         69:c6:ad:55:ac:58:5a:fa:8c:44:e2:62:42:65:6f:17:49:38:
         9d:f9:32:ff:47:22:12:a3:a0:c4:92:6e:04:2a:7c:f5:81:a8:
         08:b1:18:ba:3c:85:50:ef:3b:23:da:df:09:b7:6a:3b:b7:d1:
         4a:c0:bc:2a:bc:54:24:70:5f:fb:80:96:d2:63:e1:17:7b:a5:
         4c:61:59:ce:26:02:52:34:7a:74:10:39:6b:8d:87:33:8c:e2:
         b9:ef:13:a6:c0:19:d9:94:6d:23:d7:0a:e0:2d:7a:d0:44:e7:
         57:14:5a:92:9b:2b:dd:b3:a4:e3:8c:ae:2e:0c:e5:7a:b7:a5:
         2a:96:ff:75:d2:8d:ee:76:6f:55:b1:f4:0f:cb:ec:ac:d7:35:
         56:79:c7:db:1d:aa:e8:42:2a:23:ff:6b:b0:ce:cf:b3:4f:e1:
         3e:e3:cb:0e:59:91:78:d2:99:a3:1e:11:d2:a3:c6:63:35:9c:
         ec:91:b3:25:46:c7:0f:fe:19:35:a9:e4:24:55:5b:f0:b5:38:
         ba:63:b8:07
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIURvdp6r7erS+4uQPB/90hYg9GaVwwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDk0OVoX
DTI3MDMwMzA2MTQ0OVowMzExMC8GA1UEAxMoNjg1QjY4MTVCQjBGQTU5RTlBQkVB
NjA5OUQwMUEyQjkwODkwMjBFNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAORCDDuW4q4q+ZXtYIxCwbIwmCoyg9H7OKCZg+Ymn7/zZIyH1HVhdDh+Z1kB
PlsK1GxvFA7eyGBuP+AyFCC0Qgv7fpl5Jun3CggbmBv3ucDGqdQGRbiTu5182sDD
IviAeLXMNRChMoHyJPGuyJmWQvqWwChbPlcKuDrw7fn88q8yNgrCiwR6fpcp4tuk
mSuWREUOVOCIY/1ZHrSs3JsqsUiTD9bRADKu8LcRVa9v+jtcaN+7gtKaMjTaPdFW
AR3tcEcsA4Xr4a8s513qV2pPMLegBeSyjqiMvHdMAc4MCZcPOIhe6EOhpC5Ptl/N
NaQfWUX1Z8C0kitCPCR+JEp1yQUCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBRoW2gV
uw+lnpq+pgmdAaK5CJAg5DAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDE3MC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
pfAwDQYJKoZIhvcNAQELBQADggEBAJSV4QLGtwiw9aI+Tdil8O3CQFSt4aBeN91F
ucSHt65zky7DDLS+lyKspUbwGr9ZbwTj5heSO2nGrVWsWFr6jETiYkJlbxdJOJ35
Mv9HIhKjoMSSbgQqfPWBqAixGLo8hVDvOyPa3wm3aju30UrAvCq8VCRwX/uAltJj
4Rd7pUxhWc4mAlI0enQQOWuNhzOM4rnvE6bAGdmUbSPXCuAtetBE51cUWpKbK92z
pOOMri4M5Xq3pSqW/3XSje52b1Wx9A/L7KzXNVZ5x9sdquhCKiP/a7DOz7NP4T7j
yw5ZkXjSmaMeEdKjxmM1nOyRsyVGxw/+GTWp5CRVW/C1OLpjuAc=
-----END CERTIFICATE-----