Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144190.roa
File:                     AS144190.roa (raw, json)
Hash identifier:          bvorkHuLieEXXKJSJhLcBdvQ2cLQsgetohsb8L2kaGw=
Subject key identifier:   CF:0C:D0:95:FF:EA:B8:7A:C2:61:D6:F6:A6:8A:0A:25:27:99:0A:F9
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       46AF07C5A49BC5FAA4CC1B1475F9B63F7135316E
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144190.roa
Signing time:             Wed 04 Mar 2026 06:14:20 +0000
ROA not before:           Wed 04 Mar 2026 06:09:20 +0000
ROA not after:            Wed 03 Mar 2027 06:14:20 +0000
asID:                     144190
IP address blocks:        240a:a604::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:af:07:c5:a4:9b:c5:fa:a4:cc:1b:14:75:f9:b6:3f:71:35:31:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:09:20 2026 GMT
            Not After : Mar  3 06:14:20 2027 GMT
        Subject: CN=CF0CD095FFEAB87AC261D6F6A68A0A2527990AF9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:2e:40:22:54:46:df:ae:69:74:0f:0f:74:84:
                    ee:a9:b6:5f:c8:aa:62:30:7a:b8:13:44:87:c5:97:
                    0f:aa:f5:86:a5:00:2e:21:5d:48:05:7c:aa:ac:fc:
                    21:9d:cc:89:cb:62:5a:f0:6a:e7:09:20:e0:8e:68:
                    61:95:9f:16:db:66:c2:17:4c:1d:48:fb:90:f2:e4:
                    6c:a0:ec:37:c8:fb:40:0e:68:58:3b:41:e7:6a:2e:
                    f8:97:09:e9:72:5d:f7:73:75:a2:66:04:c9:77:bb:
                    29:52:3a:19:09:18:78:c9:73:d9:14:a8:03:14:ae:
                    8b:32:92:0c:4d:d8:9a:85:db:68:1f:09:1e:3c:4c:
                    47:6d:85:f4:f9:46:8e:68:8d:31:85:95:c5:67:2a:
                    26:32:86:a5:26:69:23:52:ef:95:44:59:3d:5a:60:
                    6d:a4:88:5b:2b:ba:27:91:98:75:f8:f7:da:0e:92:
                    a4:1e:e5:8c:57:8d:77:b2:28:b9:8a:87:3a:5b:c4:
                    fe:f8:34:e5:d7:46:bf:3d:69:6b:82:27:85:34:d5:
                    e3:ac:f0:44:9e:3b:b4:2d:bc:d3:9b:8a:de:e3:93:
                    b5:ae:f5:1f:aa:bc:df:91:26:66:61:50:53:35:c4:
                    3a:d4:9a:1b:29:51:62:d3:77:20:f3:20:af:9f:2d:
                    2f:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:0C:D0:95:FF:EA:B8:7A:C2:61:D6:F6:A6:8A:0A:25:27:99:0A:F9
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144190.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a604::/32

    Signature Algorithm: sha256WithRSAEncryption
         c9:91:78:61:25:58:ab:82:69:7c:e6:6c:41:79:b5:6f:ef:73:
         c7:07:86:d3:37:df:3c:6c:30:15:e3:a4:68:71:6b:57:4d:83:
         9e:ca:d2:e7:47:50:34:22:6e:ee:21:c0:7e:81:e0:6c:4e:cd:
         6f:10:cc:c8:1c:34:aa:ad:fc:5b:28:f9:a2:ef:01:1e:b2:f0:
         fb:75:23:43:55:c0:05:1e:38:04:3e:db:47:bb:3f:0b:3e:e5:
         20:c7:27:77:fc:99:96:eb:9b:6b:7a:ab:e2:c0:61:28:19:f0:
         18:84:dd:a3:f8:08:85:28:61:73:91:3f:e7:cb:9f:58:df:2e:
         23:86:15:2c:27:a0:fa:6a:23:cc:99:66:ea:26:6b:4b:99:77:
         01:e6:b7:3e:b3:47:0c:07:39:3d:f5:bc:0b:0d:7b:9b:e2:c2:
         17:6c:b2:1d:1f:96:57:39:0b:db:26:67:8e:93:5f:c2:46:03:
         31:1a:2c:9d:e3:8e:4c:eb:ac:f1:d9:6e:15:a9:2a:04:b0:46:
         31:69:41:f4:40:37:f7:f0:66:d5:3d:32:12:cd:06:f7:5a:5b:
         36:63:15:2a:64:ad:5f:25:fb:f6:83:5f:31:26:fa:2d:f6:d6:
         7e:5d:1f:67:97:98:57:a0:4b:8b:2a:a3:33:25:42:06:b7:89:
         8f:2e:a4:d8
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIURq8HxaSbxfqkzBsUdfm2P3E1MW4wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDkyMFoX
DTI3MDMwMzA2MTQyMFowMzExMC8GA1UEAxMoQ0YwQ0QwOTVGRkVBQjg3QUMyNjFE
NkY2QTY4QTBBMjUyNzk5MEFGOTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOIuQCJURt+uaXQPD3SE7qm2X8iqYjB6uBNEh8WXD6r1hqUALiFdSAV8qqz8
IZ3MictiWvBq5wkg4I5oYZWfFttmwhdMHUj7kPLkbKDsN8j7QA5oWDtB52ou+JcJ
6XJd93N1omYEyXe7KVI6GQkYeMlz2RSoAxSuizKSDE3YmoXbaB8JHjxMR22F9PlG
jmiNMYWVxWcqJjKGpSZpI1LvlURZPVpgbaSIWyu6J5GYdfj32g6SpB7ljFeNd7Io
uYqHOlvE/vg05ddGvz1pa4InhTTV46zwRJ47tC2805uK3uOTta71H6q835EmZmFQ
UzXEOtSaGylRYtN3IPMgr58tL+sCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBTPDNCV
/+q4esJh1vamigolJ5kK+TAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDE5MC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
pgQwDQYJKoZIhvcNAQELBQADggEBAMmReGElWKuCaXzmbEF5tW/vc8cHhtM33zxs
MBXjpGhxa1dNg57K0udHUDQibu4hwH6B4GxOzW8QzMgcNKqt/Fso+aLvAR6y8Pt1
I0NVwAUeOAQ+20e7Pws+5SDHJ3f8mZbrm2t6q+LAYSgZ8BiE3aP4CIUoYXORP+fL
n1jfLiOGFSwnoPpqI8yZZuoma0uZdwHmtz6zRwwHOT31vAsNe5viwhdssh0fllc5
C9smZ46TX8JGAzEaLJ3jjkzrrPHZbhWpKgSwRjFpQfRAN/fwZtU9MhLNBvdaWzZj
FSpkrV8l+/aDXzEm+i321n5dH2eXmFegS4sqozMlQga3iY8upNg=
-----END CERTIFICATE-----