Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144226.roa
File:                     AS144226.roa (raw, json)
Hash identifier:          6DXieYBPC+/FNQTPMcl9/k67/SRijWXCePvMWkEIypg=
Subject key identifier:   13:75:35:3B:AF:9F:EA:2E:65:A4:F0:C7:5E:49:E8:8F:E4:60:CD:CE
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       58358005D6E3179E72D2F0AD9E3257047B278C4C
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144226.roa
Signing time:             Wed 04 Mar 2026 06:12:41 +0000
ROA not before:           Wed 04 Mar 2026 06:07:41 +0000
ROA not after:            Wed 03 Mar 2027 06:12:41 +0000
asID:                     144226
IP address blocks:        240a:a628::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:35:80:05:d6:e3:17:9e:72:d2:f0:ad:9e:32:57:04:7b:27:8c:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:07:41 2026 GMT
            Not After : Mar  3 06:12:41 2027 GMT
        Subject: CN=1375353BAF9FEA2E65A4F0C75E49E88FE460CDCE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:ad:68:77:85:1f:3c:9e:e7:93:1d:b2:bc:6e:
                    40:97:d1:5d:e7:79:f0:7b:78:bb:4d:63:85:4f:64:
                    57:7a:71:5e:52:f4:9d:90:83:35:f7:49:16:4e:20:
                    19:f9:3d:00:02:34:54:e3:76:c4:05:fd:48:50:e9:
                    12:4c:e8:ea:51:82:81:eb:89:dd:42:9e:fd:18:e0:
                    8a:17:0b:ef:aa:33:d9:bf:e7:7d:46:89:36:eb:18:
                    2e:f3:c3:32:8d:e5:53:49:8a:b5:4a:0c:68:dd:ea:
                    ce:af:9f:6d:72:23:24:c4:e4:c0:53:e6:3a:08:b1:
                    cc:3f:8e:d4:ec:92:63:4e:80:04:a1:44:a5:c3:09:
                    10:f4:a5:12:89:9d:cf:be:ac:a6:80:88:af:f4:50:
                    fe:07:6c:9b:cc:f9:05:cf:3e:10:2b:d9:51:c4:5b:
                    c6:8d:86:1f:fd:12:57:94:73:01:4f:b4:1e:0f:16:
                    17:60:62:36:9a:b1:9e:cc:eb:15:2b:aa:ef:14:0b:
                    89:c4:bd:cf:e3:94:28:78:ea:22:3d:10:57:a1:d0:
                    16:57:6d:bc:fa:40:e8:10:f4:b1:4a:b8:68:2a:1c:
                    04:b5:ef:5b:be:f9:a2:7d:c4:6a:d6:5e:93:b8:73:
                    f2:71:78:e6:0c:4b:2b:04:99:6b:35:44:6b:15:3c:
                    6d:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:75:35:3B:AF:9F:EA:2E:65:A4:F0:C7:5E:49:E8:8F:E4:60:CD:CE
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144226.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a628::/32

    Signature Algorithm: sha256WithRSAEncryption
         02:6e:65:d8:15:9d:58:d7:ad:38:8a:03:b0:a6:56:27:eb:d6:
         4d:97:d3:ac:73:68:9d:2e:fc:e0:2b:e7:4b:d1:2a:ef:dc:51:
         fc:d2:fb:10:c1:8f:c0:78:82:3e:66:b1:09:79:98:62:46:71:
         ca:68:79:b4:2f:5c:3f:5a:ca:b8:6c:44:d2:e1:a1:36:3f:5a:
         69:fa:a4:9b:ef:dc:3f:b3:26:6e:77:51:ca:92:a0:22:20:e0:
         99:f2:bb:0f:1e:0e:df:58:02:8c:70:ab:af:2c:b8:70:b3:5a:
         ef:da:b9:b1:f3:48:c7:8a:8d:12:92:e8:f3:93:75:ff:82:24:
         58:c4:b4:e7:63:bd:f8:5a:88:ca:ed:4f:86:f1:ef:13:de:14:
         1d:19:58:23:04:c8:89:46:16:45:f5:2e:63:a7:42:4f:dc:8b:
         be:ac:65:d2:24:29:d2:63:d4:79:a4:c9:0a:4c:0e:fe:4e:77:
         ff:1a:e0:44:10:15:69:57:01:45:e6:86:13:84:99:d8:be:81:
         69:58:29:cb:6f:ea:e3:98:e1:a7:4b:5f:fa:23:4f:17:33:29:
         99:2f:53:6d:4d:3b:12:84:2f:9a:fe:44:d7:c9:00:98:03:66:
         bc:d0:bd:b6:29:de:7e:e6:61:2e:48:44:3c:8b:13:43:45:bd:
         c5:3e:01:5a
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUWDWABdbjF55y0vCtnjJXBHsnjEwwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDc0MVoX
DTI3MDMwMzA2MTI0MVowMzExMC8GA1UEAxMoMTM3NTM1M0JBRjlGRUEyRTY1QTRG
MEM3NUU0OUU4OEZFNDYwQ0RDRTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALitaHeFHzye55MdsrxuQJfRXed58Ht4u01jhU9kV3pxXlL0nZCDNfdJFk4g
Gfk9AAI0VON2xAX9SFDpEkzo6lGCgeuJ3UKe/RjgihcL76oz2b/nfUaJNusYLvPD
Mo3lU0mKtUoMaN3qzq+fbXIjJMTkwFPmOgixzD+O1OySY06ABKFEpcMJEPSlEomd
z76spoCIr/RQ/gdsm8z5Bc8+ECvZUcRbxo2GH/0SV5RzAU+0Hg8WF2BiNpqxnszr
FSuq7xQLicS9z+OUKHjqIj0QV6HQFldtvPpA6BD0sUq4aCocBLXvW775on3EatZe
k7hz8nF45gxLKwSZazVEaxU8bV8CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQTdTU7
r5/qLmWk8MdeSeiP5GDNzjAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDIyNi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
pigwDQYJKoZIhvcNAQELBQADggEBAAJuZdgVnVjXrTiKA7CmVifr1k2X06xzaJ0u
/OAr50vRKu/cUfzS+xDBj8B4gj5msQl5mGJGccpoebQvXD9ayrhsRNLhoTY/Wmn6
pJvv3D+zJm53UcqSoCIg4Jnyuw8eDt9YAoxwq68suHCzWu/aubHzSMeKjRKS6POT
df+CJFjEtOdjvfhaiMrtT4bx7xPeFB0ZWCMEyIlGFkX1LmOnQk/ci76sZdIkKdJj
1HmkyQpMDv5Od/8a4EQQFWlXAUXmhhOEmdi+gWlYKctv6uOY4adLX/ojTxczKZkv
U21NOxKEL5r+RNfJAJgDZrzQvbYp3n7mYS5IRDyLE0NFvcU+AVo=
-----END CERTIFICATE-----