Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144207.roa
File:                     AS144207.roa (raw, json)
Hash identifier:          4cJP3DB0CutAehpvfHzLvNqM+4EUN6T0uEm089YdxSE=
Subject key identifier:   81:8E:CA:6A:EB:BC:A6:66:07:3B:EE:E1:6B:41:93:F6:E4:FC:72:2B
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       1CF6EE78B5A687088095037E824F785849E3F2DB
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144207.roa
Signing time:             Wed 04 Mar 2026 06:15:11 +0000
ROA not before:           Wed 04 Mar 2026 06:10:11 +0000
ROA not after:            Wed 03 Mar 2027 06:15:11 +0000
asID:                     144207
IP address blocks:        240a:a615::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1c:f6:ee:78:b5:a6:87:08:80:95:03:7e:82:4f:78:58:49:e3:f2:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:10:11 2026 GMT
            Not After : Mar  3 06:15:11 2027 GMT
        Subject: CN=818ECA6AEBBCA666073BEEE16B4193F6E4FC722B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:5b:e8:d8:0b:22:52:90:27:5b:62:a1:6f:d1:
                    c6:9f:77:27:62:54:49:4a:b8:20:47:fc:6a:48:11:
                    73:18:56:4a:64:2a:fd:eb:20:f6:73:d5:ff:a6:1d:
                    20:14:f5:13:0a:73:a1:b2:42:97:dc:61:d6:d9:f3:
                    c8:35:85:c8:e5:22:21:65:ce:00:d7:63:ab:4d:31:
                    81:d2:13:a3:dc:9c:6e:d1:47:f5:f8:72:69:fe:ef:
                    d3:de:f9:86:d4:a4:3b:71:70:7b:9c:18:9c:a1:e3:
                    07:21:6e:2c:f0:cf:64:d5:62:07:71:0e:8f:9d:33:
                    db:5b:2c:58:f4:1b:37:f0:ea:50:a9:bd:6a:4c:c4:
                    9e:07:51:ea:8d:d2:90:99:32:59:9b:15:8b:43:56:
                    a3:06:6f:ec:d2:38:47:f3:2a:dc:50:3a:a6:e9:c3:
                    03:c6:3b:06:6d:e9:46:9e:0e:a2:52:93:56:58:f6:
                    ad:54:f0:29:af:af:59:ee:22:e0:bb:72:50:15:81:
                    05:c5:54:b1:3d:e3:b2:ec:40:b9:7d:00:0b:75:ad:
                    7d:4d:e3:fa:f4:eb:80:94:30:29:c8:5b:d1:b4:55:
                    d8:1c:a3:ab:2f:70:68:16:0a:4b:75:e6:ad:d6:94:
                    da:64:31:b3:50:71:da:c5:f5:02:6a:28:b0:45:c3:
                    0e:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:8E:CA:6A:EB:BC:A6:66:07:3B:EE:E1:6B:41:93:F6:E4:FC:72:2B
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144207.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a615::/32

    Signature Algorithm: sha256WithRSAEncryption
         b7:7d:21:3f:06:c6:9e:c3:e0:a4:ad:4c:0a:5b:3b:c2:60:1d:
         e8:c5:98:26:65:28:b5:82:a5:f7:2c:fe:51:b6:41:2f:7a:ed:
         98:ff:6a:03:f5:eb:23:d2:8a:ae:d6:21:e3:8e:43:74:85:57:
         a6:d7:a6:6f:d1:19:a1:e5:2b:b0:24:f0:6f:18:e4:61:06:7c:
         ba:25:0c:27:75:c0:63:9e:26:53:5b:2c:c2:c8:5e:28:b3:00:
         69:20:d9:a4:e1:fd:01:65:77:02:62:d2:bc:de:23:e5:0e:f1:
         8d:b6:8b:19:45:d7:f6:ac:3b:34:9b:ad:1f:86:61:d4:21:e8:
         f4:0d:5f:8f:32:ce:e8:93:90:00:fb:92:38:b2:0c:c7:42:22:
         05:fc:9d:04:5e:74:54:92:85:12:bd:a1:09:3e:df:4f:cb:b2:
         d3:c6:60:99:60:e9:5b:17:39:56:e3:01:d1:1f:2f:86:5c:89:
         f3:cb:f3:c6:38:5d:8a:c8:d4:b7:1c:50:ee:f5:15:60:e2:e7:
         42:32:81:c7:d8:f4:ae:19:37:c7:df:23:76:8d:05:a4:5c:1e:
         86:23:1c:c2:1c:11:4e:eb:a5:88:bd:4c:1d:62:bc:79:15:8c:
         7d:f1:6b:2e:a7:c0:fd:b5:42:1b:2b:1b:ce:3a:b0:2b:cd:ea:
         e4:3d:f2:65
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUHPbueLWmhwiAlQN+gk94WEnj8tswDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTAxMVoX
DTI3MDMwMzA2MTUxMVowMzExMC8GA1UEAxMoODE4RUNBNkFFQkJDQTY2NjA3M0JF
RUUxNkI0MTkzRjZFNEZDNzIyQjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMNb6NgLIlKQJ1tioW/Rxp93J2JUSUq4IEf8akgRcxhWSmQq/esg9nPV/6Yd
IBT1EwpzobJCl9xh1tnzyDWFyOUiIWXOANdjq00xgdITo9ycbtFH9fhyaf7v0975
htSkO3Fwe5wYnKHjByFuLPDPZNViB3EOj50z21ssWPQbN/DqUKm9akzEngdR6o3S
kJkyWZsVi0NWowZv7NI4R/Mq3FA6punDA8Y7Bm3pRp4OolKTVlj2rVTwKa+vWe4i
4LtyUBWBBcVUsT3jsuxAuX0AC3WtfU3j+vTrgJQwKchb0bRV2Byjqy9waBYKS3Xm
rdaU2mQxs1Bx2sX1AmoosEXDDnUCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBSBjspq
67ymZgc77uFrQZP25PxyKzAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDIwNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
phUwDQYJKoZIhvcNAQELBQADggEBALd9IT8Gxp7D4KStTApbO8JgHejFmCZlKLWC
pfcs/lG2QS967Zj/agP16yPSiq7WIeOOQ3SFV6bXpm/RGaHlK7Ak8G8Y5GEGfLol
DCd1wGOeJlNbLMLIXiizAGkg2aTh/QFldwJi0rzeI+UO8Y22ixlF1/asOzSbrR+G
YdQh6PQNX48yzuiTkAD7kjiyDMdCIgX8nQRedFSShRK9oQk+30/LstPGYJlg6VsX
OVbjAdEfL4ZcifPL88Y4XYrI1LccUO71FWDi50IygcfY9K4ZN8ffI3aNBaRcHoYj
HMIcEU7rpYi9TB1ivHkVjH3xay6nwP21QhsrG846sCvN6uQ98mU=
-----END CERTIFICATE-----