Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144221.roa
File:                     AS144221.roa (raw, json)
Hash identifier:          D3C75RAF/ccSOOesL3kMeiFn3kdxIoIsvwaqFwCkJ2o=
Subject key identifier:   67:2A:FE:6B:C6:85:8D:F7:DC:06:A7:09:57:1B:B3:4C:FE:C1:B7:36
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       4785587EF2BB00479F089263F6B18A582C78E9D9
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144221.roa
Signing time:             Wed 04 Mar 2026 06:15:45 +0000
ROA not before:           Wed 04 Mar 2026 06:10:45 +0000
ROA not after:            Wed 03 Mar 2027 06:15:45 +0000
asID:                     144221
IP address blocks:        240a:a623::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:85:58:7e:f2:bb:00:47:9f:08:92:63:f6:b1:8a:58:2c:78:e9:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:10:45 2026 GMT
            Not After : Mar  3 06:15:45 2027 GMT
        Subject: CN=672AFE6BC6858DF7DC06A709571BB34CFEC1B736
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:a7:5e:8f:7f:62:41:8a:c9:25:aa:e2:22:a5:
                    04:d8:89:1a:7c:45:69:e2:91:a8:7f:7a:33:02:5f:
                    f6:0d:c4:4a:d0:87:07:0c:57:b0:6b:00:6c:84:f2:
                    7a:a2:75:c8:0b:18:f2:b3:9c:03:ab:06:ea:f7:bb:
                    c5:70:a7:62:9b:b0:f8:f6:76:69:56:09:fb:9c:6a:
                    cf:7e:78:9e:ef:2d:d3:18:11:6b:90:70:c8:da:be:
                    48:1b:e0:4c:a0:c8:5c:dd:34:8b:a8:0d:b1:19:ed:
                    97:66:22:f3:65:b0:87:2d:b6:6e:0e:7e:ea:8c:51:
                    2a:d5:63:f9:f1:e8:9d:38:68:eb:20:10:59:07:58:
                    a9:85:3b:d2:e5:c4:d6:98:03:51:27:2c:29:85:0d:
                    37:69:5e:be:1e:30:89:30:cb:47:5f:b2:bd:bc:eb:
                    fa:42:3b:46:c3:cf:95:a7:d9:24:28:85:b5:bd:7e:
                    d4:3a:a3:5a:e9:ee:97:9d:d4:a5:3e:6d:9b:e3:db:
                    70:a3:91:97:0c:be:9f:0d:dd:1c:04:c2:bc:fe:a6:
                    4d:21:9b:90:b1:e6:25:30:9c:a8:54:97:8c:5f:ae:
                    6e:17:0a:d3:2f:09:de:50:52:77:b9:3d:2f:c0:7d:
                    02:67:25:96:d5:5e:5f:ca:ae:64:50:fa:43:1e:e4:
                    7f:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:2A:FE:6B:C6:85:8D:F7:DC:06:A7:09:57:1B:B3:4C:FE:C1:B7:36
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144221.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a623::/32

    Signature Algorithm: sha256WithRSAEncryption
         90:3a:4e:f9:df:23:b1:cf:03:5b:f6:6e:0c:a3:ff:40:fd:1d:
         46:c9:af:e3:fc:c9:76:da:34:e8:d0:5c:b9:49:9a:8e:7b:bd:
         f4:ea:23:00:76:21:0b:d1:62:19:7d:9a:52:3f:05:ff:4f:4d:
         e7:a1:f6:85:fd:57:3f:d7:af:3b:8e:a8:89:21:37:26:35:2b:
         3f:eb:57:9f:13:f5:49:4d:1f:13:b9:51:15:c5:c7:db:1c:8f:
         8d:25:8b:e3:78:2c:e1:2f:4a:82:f9:13:64:a8:2a:59:ba:8f:
         98:61:72:bc:95:e8:5d:5a:a6:1e:e1:ca:b6:b4:24:13:11:41:
         0b:9a:eb:f7:3d:ad:17:04:3d:18:28:c0:e2:f2:a2:a4:38:b2:
         42:36:fb:f4:af:c8:87:42:2a:65:3a:5f:48:75:73:49:7e:4e:
         1f:4d:0a:b8:e8:15:7f:12:80:ce:90:6c:f1:05:25:60:d1:5a:
         bf:70:ae:64:77:a3:df:36:e0:af:91:7d:93:4d:a8:66:a5:a3:
         26:9b:b6:45:4a:be:1e:7a:72:8d:43:e3:1c:c6:d6:59:63:a6:
         4a:c5:43:32:0a:05:f3:5f:da:15:54:87:92:3b:cb:18:9e:bf:
         7f:42:ee:3c:54:45:a2:1d:c6:e8:92:7a:c2:6d:bb:02:44:d3:
         9b:4b:3c:80
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUR4VYfvK7AEefCJJj9rGKWCx46dkwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTA0NVoX
DTI3MDMwMzA2MTU0NVowMzExMC8GA1UEAxMoNjcyQUZFNkJDNjg1OERGN0RDMDZB
NzA5NTcxQkIzNENGRUMxQjczNjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALWnXo9/YkGKySWq4iKlBNiJGnxFaeKRqH96MwJf9g3EStCHBwxXsGsAbITy
eqJ1yAsY8rOcA6sG6ve7xXCnYpuw+PZ2aVYJ+5xqz354nu8t0xgRa5BwyNq+SBvg
TKDIXN00i6gNsRntl2Yi82Wwhy22bg5+6oxRKtVj+fHonTho6yAQWQdYqYU70uXE
1pgDUScsKYUNN2levh4wiTDLR1+yvbzr+kI7RsPPlafZJCiFtb1+1DqjWunul53U
pT5tm+PbcKORlwy+nw3dHATCvP6mTSGbkLHmJTCcqFSXjF+ubhcK0y8J3lBSd7k9
L8B9AmclltVeX8quZFD6Qx7kf6kCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBRnKv5r
xoWN99wGpwlXG7NM/sG3NjAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDIyMS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
piMwDQYJKoZIhvcNAQELBQADggEBAJA6TvnfI7HPA1v2bgyj/0D9HUbJr+P8yXba
NOjQXLlJmo57vfTqIwB2IQvRYhl9mlI/Bf9PTeeh9oX9Vz/XrzuOqIkhNyY1Kz/r
V58T9UlNHxO5URXFx9scj40li+N4LOEvSoL5E2SoKlm6j5hhcryV6F1aph7hyra0
JBMRQQua6/c9rRcEPRgowOLyoqQ4skI2+/SvyIdCKmU6X0h1c0l+Th9NCrjoFX8S
gM6QbPEFJWDRWr9wrmR3o9824K+RfZNNqGaloyabtkVKvh56co1D4xzG1lljpkrF
QzIKBfNf2hVUh5I7yxiev39C7jxURaIdxuiSesJtuwJE05tLPIA=
-----END CERTIFICATE-----