Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144227.roa
File:                     AS144227.roa (raw, json)
Hash identifier:          mNArJ4Fz2l3fn+RxuKizBfhU9ZB/VVOxvFMgNuGj4iQ=
Subject key identifier:   4F:FC:67:6E:6D:5F:C2:B2:EF:9C:3A:BE:09:03:0A:6B:D7:0E:60:08
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       2970B729A0E0DBA223DBCEF459E4460BEB3A235F
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144227.roa
Signing time:             Wed 04 Mar 2026 06:13:54 +0000
ROA not before:           Wed 04 Mar 2026 06:08:54 +0000
ROA not after:            Wed 03 Mar 2027 06:13:54 +0000
asID:                     144227
IP address blocks:        240a:a629::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            29:70:b7:29:a0:e0:db:a2:23:db:ce:f4:59:e4:46:0b:eb:3a:23:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:08:54 2026 GMT
            Not After : Mar  3 06:13:54 2027 GMT
        Subject: CN=4FFC676E6D5FC2B2EF9C3ABE09030A6BD70E6008
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:b4:26:47:5b:1b:51:d8:41:d3:43:bd:b3:30:
                    75:3f:95:9b:27:fb:af:7b:20:46:cb:10:00:72:10:
                    22:67:f7:90:75:0d:28:39:71:11:32:b4:5f:41:43:
                    3b:a6:76:6e:7a:76:49:78:0b:56:ca:60:6f:d7:90:
                    8b:ec:d6:13:96:03:67:fd:57:36:fc:90:5a:89:7b:
                    b2:b3:52:81:9a:64:5b:2d:73:2c:f8:ea:1c:69:bf:
                    b4:83:67:6f:d5:83:d7:0a:e9:b7:1a:6b:65:5e:ec:
                    30:8a:7e:dc:e9:7b:24:15:9d:6e:6a:bb:ef:a7:8a:
                    cb:5e:35:05:8f:6e:bc:40:0f:31:a5:5e:75:01:12:
                    ee:26:48:73:2f:cd:af:62:69:7e:21:c5:81:d4:1e:
                    d1:43:c6:02:c1:29:d5:89:d2:32:54:96:36:b9:7b:
                    d2:89:8a:44:66:9a:6f:53:fe:5e:90:07:c8:67:fa:
                    53:e8:8f:43:dd:aa:66:fb:f0:a4:10:ef:ad:6d:23:
                    20:92:d6:ab:25:ad:12:ec:d2:a6:e3:64:58:8c:25:
                    1d:9c:59:b6:07:29:fe:50:1f:7a:b2:f5:02:35:00:
                    f4:8c:7d:30:d5:15:d0:6e:a2:72:6e:8c:d7:ed:1e:
                    7a:d5:8b:4e:67:e7:89:89:e9:8f:05:8b:3a:24:27:
                    5f:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:FC:67:6E:6D:5F:C2:B2:EF:9C:3A:BE:09:03:0A:6B:D7:0E:60:08
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144227.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a629::/32

    Signature Algorithm: sha256WithRSAEncryption
         31:f1:d4:57:55:8f:75:0b:5c:2e:2b:1f:21:76:0d:e3:a1:8f:
         43:3e:80:9a:2c:bb:e0:f0:d6:c6:23:b4:8a:38:52:9b:d8:b5:
         aa:ec:cc:50:09:9d:11:fb:03:f1:5f:be:90:92:d3:c6:70:54:
         6e:13:a1:f0:c1:35:36:40:d1:64:41:79:02:93:78:4f:d0:a1:
         0f:07:53:80:0f:0b:e9:b2:cc:f0:cf:2a:47:67:2c:f0:65:d9:
         5c:5b:2b:58:98:47:4d:f4:0e:c0:6e:0e:ac:51:de:fe:79:ad:
         0f:55:ce:fd:52:58:51:cf:16:5b:10:fa:9d:be:e0:3d:dc:5b:
         dd:fb:81:47:82:0d:37:bf:41:02:51:54:7a:78:ae:7d:57:f3:
         16:df:8c:ab:cf:a2:59:d2:00:a8:cd:71:83:c4:bc:6a:12:fd:
         16:90:2a:46:05:85:9f:a4:66:24:c9:1c:ba:a1:af:dd:c3:1d:
         4e:a1:79:83:a2:c9:f0:ef:ba:20:6d:13:4d:97:c1:8a:ab:30:
         46:12:47:22:8a:4f:b2:69:3e:1e:9d:0b:4d:79:48:7f:1e:76:
         9b:ec:01:0a:34:76:70:ce:4b:0c:d5:98:b4:f6:d4:80:05:4d:
         f7:5c:36:32:b5:6f:85:2c:d3:7c:b5:b3:28:04:89:69:e5:7f:
         7e:2d:b5:43
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUKXC3KaDg26Ij2870WeRGC+s6I18wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDg1NFoX
DTI3MDMwMzA2MTM1NFowMzExMC8GA1UEAxMoNEZGQzY3NkU2RDVGQzJCMkVGOUMz
QUJFMDkwMzBBNkJENzBFNjAwODCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJ+0JkdbG1HYQdNDvbMwdT+Vmyf7r3sgRssQAHIQImf3kHUNKDlxETK0X0FD
O6Z2bnp2SXgLVspgb9eQi+zWE5YDZ/1XNvyQWol7srNSgZpkWy1zLPjqHGm/tINn
b9WD1wrptxprZV7sMIp+3Ol7JBWdbmq776eKy141BY9uvEAPMaVedQES7iZIcy/N
r2JpfiHFgdQe0UPGAsEp1YnSMlSWNrl70omKRGaab1P+XpAHyGf6U+iPQ92qZvvw
pBDvrW0jIJLWqyWtEuzSpuNkWIwlHZxZtgcp/lAferL1AjUA9Ix9MNUV0G6icm6M
1+0eetWLTmfniYnpjwWLOiQnX80CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBRP/Gdu
bV/Csu+cOr4JAwpr1w5gCDAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDIyNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
pikwDQYJKoZIhvcNAQELBQADggEBADHx1FdVj3ULXC4rHyF2DeOhj0M+gJosu+Dw
1sYjtIo4UpvYtarszFAJnRH7A/FfvpCS08ZwVG4TofDBNTZA0WRBeQKTeE/QoQ8H
U4APC+myzPDPKkdnLPBl2VxbK1iYR030DsBuDqxR3v55rQ9Vzv1SWFHPFlsQ+p2+
4D3cW937gUeCDTe/QQJRVHp4rn1X8xbfjKvPolnSAKjNcYPEvGoS/RaQKkYFhZ+k
ZiTJHLqhr93DHU6heYOiyfDvuiBtE02XwYqrMEYSRyKKT7JpPh6dC015SH8edpvs
AQo0dnDOSwzVmLT21IAFTfdcNjK1b4Us03y1sygEiWnlf34ttUM=
-----END CERTIFICATE-----