Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144216.roa
File:                     AS144216.roa (raw, json)
Hash identifier:          eE0p10pTSKR45a0ssOXPaZgp91+zUfY609yT6sUwq80=
Subject key identifier:   FF:1B:A7:59:A7:1F:88:DD:32:68:0D:66:9B:8E:6E:81:21:2C:AD:7A
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       628C626B488F3A09A17D73897BA2165D866341AD
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144216.roa
Signing time:             Wed 04 Mar 2026 06:14:15 +0000
ROA not before:           Wed 04 Mar 2026 06:09:15 +0000
ROA not after:            Wed 03 Mar 2027 06:14:15 +0000
asID:                     144216
IP address blocks:        240a:a61e::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            62:8c:62:6b:48:8f:3a:09:a1:7d:73:89:7b:a2:16:5d:86:63:41:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:09:15 2026 GMT
            Not After : Mar  3 06:14:15 2027 GMT
        Subject: CN=FF1BA759A71F88DD32680D669B8E6E81212CAD7A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:b2:c4:ec:8b:cd:37:0f:bf:9a:82:ca:f8:5a:
                    78:5f:79:a0:84:d5:22:2b:b0:2b:38:35:34:7f:bd:
                    45:37:9e:6c:d4:a0:b9:ed:f5:8c:cf:62:5e:f5:6b:
                    d8:a1:3f:95:b3:3a:ae:37:63:6b:a9:dc:db:51:29:
                    92:ed:b5:a6:6c:21:95:f2:b2:02:1a:b6:38:4a:ac:
                    67:81:1b:b3:68:7f:ca:85:35:23:3c:b5:f3:8f:e7:
                    e8:b2:d1:d9:36:2f:f4:a5:a9:9c:2e:4c:45:73:36:
                    b7:fd:d6:c1:93:da:c4:f8:7e:c8:3c:47:7e:6a:2e:
                    a4:b5:65:f3:b6:7d:f4:29:f2:fb:98:6d:f1:f1:8c:
                    e9:2b:25:0d:38:24:e5:bb:7f:73:4b:9b:39:29:8e:
                    b0:c7:ee:5e:0d:a2:3d:5f:5c:cd:da:90:c5:25:f0:
                    a0:97:8b:6f:a0:51:07:d2:15:2e:e7:0d:2b:61:ce:
                    2b:17:59:bd:ed:e3:ac:29:83:e6:96:cf:1e:e8:f4:
                    70:2a:65:bb:5c:ee:2c:b0:61:4c:c3:57:78:d7:05:
                    b7:3c:65:25:3f:86:54:86:a0:17:71:58:0d:30:e1:
                    af:44:c1:99:76:8a:6e:00:5d:93:17:ea:80:b8:d5:
                    86:ae:6e:c8:c7:a2:52:7b:8c:11:56:0c:66:59:01:
                    0e:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:1B:A7:59:A7:1F:88:DD:32:68:0D:66:9B:8E:6E:81:21:2C:AD:7A
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144216.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a61e::/32

    Signature Algorithm: sha256WithRSAEncryption
         d1:3b:7c:6b:85:70:21:97:ac:66:98:06:c1:67:a4:eb:13:a6:
         0a:29:2d:5f:41:0d:00:04:97:36:46:e2:1a:50:04:47:4f:2c:
         f8:01:61:38:9d:d3:90:b7:4a:65:4b:21:57:a8:fc:01:b0:0d:
         e7:d6:c1:6e:86:ad:47:ad:ca:4e:fa:3d:10:2c:e6:99:43:57:
         8d:9a:a6:32:31:de:88:7a:b6:1c:55:ff:83:6c:48:09:16:20:
         92:02:2a:ee:fd:c2:a5:a6:41:bd:8f:1c:e9:b5:29:b4:79:f7:
         de:cf:41:cb:0d:8a:1d:5b:43:b4:13:d4:a0:0e:00:01:6b:82:
         d9:93:20:76:7a:42:66:18:b4:94:ce:24:92:63:53:44:7e:1a:
         ef:b0:13:43:df:5b:01:02:87:df:c0:1a:03:1c:a8:73:ce:6f:
         b6:46:0b:43:6e:5d:82:9e:84:46:11:58:51:e1:b0:ba:14:7e:
         07:47:15:84:1c:cd:88:9d:8c:23:21:fe:c3:04:8e:7d:eb:f7:
         a6:62:5b:68:9e:f7:f6:cb:62:fa:39:e8:de:26:af:96:87:68:
         de:6e:ac:9e:cf:fd:42:75:3f:dd:ef:fe:3d:f4:a1:bb:b7:90:
         38:c1:f9:25:b4:c8:3a:3b:65:93:71:f7:93:5b:3f:20:d2:ed:
         3e:60:12:71
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUYoxia0iPOgmhfXOJe6IWXYZjQa0wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDkxNVoX
DTI3MDMwMzA2MTQxNVowMzExMC8GA1UEAxMoRkYxQkE3NTlBNzFGODhERDMyNjgw
RDY2OUI4RTZFODEyMTJDQUQ3QTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMayxOyLzTcPv5qCyvhaeF95oITVIiuwKzg1NH+9RTeebNSgue31jM9iXvVr
2KE/lbM6rjdja6nc21Epku21pmwhlfKyAhq2OEqsZ4Ebs2h/yoU1Izy184/n6LLR
2TYv9KWpnC5MRXM2t/3WwZPaxPh+yDxHfmoupLVl87Z99Cny+5ht8fGM6SslDTgk
5bt/c0ubOSmOsMfuXg2iPV9czdqQxSXwoJeLb6BRB9IVLucNK2HOKxdZve3jrCmD
5pbPHuj0cCplu1zuLLBhTMNXeNcFtzxlJT+GVIagF3FYDTDhr0TBmXaKbgBdkxfq
gLjVhq5uyMeiUnuMEVYMZlkBDjECAwEAAaOCAcUwggHBMB0GA1UdDgQWBBT/G6dZ
px+I3TJoDWabjm6BISytejAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDIxNi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
ph4wDQYJKoZIhvcNAQELBQADggEBANE7fGuFcCGXrGaYBsFnpOsTpgopLV9BDQAE
lzZG4hpQBEdPLPgBYTid05C3SmVLIVeo/AGwDefWwW6GrUetyk76PRAs5plDV42a
pjIx3oh6thxV/4NsSAkWIJICKu79wqWmQb2PHOm1KbR5997PQcsNih1bQ7QT1KAO
AAFrgtmTIHZ6QmYYtJTOJJJjU0R+Gu+wE0PfWwECh9/AGgMcqHPOb7ZGC0NuXYKe
hEYRWFHhsLoUfgdHFYQczYidjCMh/sMEjn3r96ZiW2ie9/bLYvo56N4mr5aHaN5u
rJ7P/UJ1P93v/j30obu3kDjB+SW0yDo7ZZNx95NbPyDS7T5gEnE=
-----END CERTIFICATE-----