Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144232.roa
File:                     AS144232.roa (raw, json)
Hash identifier:          X/Xk7JPDi2gMCybjrW1SyzY2XM3eXxIhOjjvdce+nAQ=
Subject key identifier:   99:E5:75:5D:0C:D5:C8:55:B5:4A:75:AE:6E:11:A8:5C:52:BE:BA:81
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       3FA34112DA92FBA3B192EF8F420823EFB3B3ABA8
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144232.roa
Signing time:             Wed 04 Mar 2026 06:14:11 +0000
ROA not before:           Wed 04 Mar 2026 06:09:11 +0000
ROA not after:            Wed 03 Mar 2027 06:14:11 +0000
asID:                     144232
IP address blocks:        240a:a62e::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3f:a3:41:12:da:92:fb:a3:b1:92:ef:8f:42:08:23:ef:b3:b3:ab:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:09:11 2026 GMT
            Not After : Mar  3 06:14:11 2027 GMT
        Subject: CN=99E5755D0CD5C855B54A75AE6E11A85C52BEBA81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:f7:73:96:ac:66:2e:0a:bf:86:b7:24:da:78:
                    21:49:01:29:65:0b:1e:9c:01:45:98:f1:63:26:cb:
                    40:d0:91:f9:a0:44:2c:f7:0d:b2:dc:04:d5:ee:be:
                    93:e5:cc:4d:32:dd:cd:16:05:bc:64:ee:8a:dd:5c:
                    99:21:20:dd:1c:77:1d:14:7d:0a:bf:80:ac:f8:9e:
                    30:c7:c9:36:bf:6f:6f:fb:9d:b8:7f:59:2f:d7:0b:
                    c6:1f:e6:72:07:3b:76:b0:87:f7:d2:e7:e8:3b:10:
                    e1:6e:6a:63:92:91:b5:aa:6f:90:c4:dc:ba:44:4a:
                    1c:c9:fe:ff:63:af:64:6c:6f:fc:83:41:a7:38:76:
                    63:45:13:cd:8d:78:36:dd:85:ee:85:fa:fa:86:04:
                    b3:5c:70:88:f5:2f:18:22:bd:9c:1e:b2:eb:20:a3:
                    cc:82:31:8f:aa:df:79:62:d5:f4:84:9f:d7:9c:5b:
                    10:87:a7:b0:49:42:0c:93:f6:d3:5b:ec:95:08:1d:
                    91:8a:41:5c:85:9f:9b:54:4b:f0:15:c9:d1:d0:d6:
                    d7:83:2a:47:48:90:db:27:33:b5:6b:58:31:69:1f:
                    84:2c:de:76:ea:df:e3:9e:4b:2a:7f:c8:77:35:d8:
                    88:72:fa:4b:20:dd:27:74:a0:35:d6:6c:25:47:20:
                    33:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:E5:75:5D:0C:D5:C8:55:B5:4A:75:AE:6E:11:A8:5C:52:BE:BA:81
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144232.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a62e::/32

    Signature Algorithm: sha256WithRSAEncryption
         85:28:e2:55:0b:29:c1:76:a5:75:7e:8b:46:4b:43:6e:06:dd:
         3a:f5:4b:a1:6e:a9:cf:c2:87:a7:fc:d6:fb:fe:12:92:11:ec:
         cf:8c:e4:f7:28:35:ab:4f:c0:5c:0b:a5:de:cc:d2:e8:04:6a:
         3f:69:b8:7c:aa:d6:f2:43:b2:47:8d:00:83:0d:d1:0c:28:08:
         4f:af:52:d8:57:41:7f:49:c7:39:9d:20:d7:d9:95:f8:94:cb:
         9e:88:e1:32:94:8d:16:09:05:93:7a:b1:58:2e:2d:8a:b0:fa:
         84:ae:ae:cc:c6:fc:03:c2:19:14:42:7b:9e:dd:d5:7f:ed:73:
         4d:eb:5c:96:41:57:42:0f:fe:f6:cb:12:99:6b:9c:2e:e7:c1:
         6a:02:54:71:b0:8a:fc:0a:a9:56:42:7c:2f:8d:73:5b:f1:4f:
         7d:f4:a9:f1:b8:30:74:04:a9:7a:eb:32:46:1a:e1:24:a7:6a:
         39:d2:f9:66:a6:d7:92:72:8b:72:ea:58:7f:cd:88:d5:4f:44:
         99:98:ea:09:36:fd:a2:9c:55:25:39:b4:da:99:bb:3b:a4:9e:
         b9:da:f3:bb:20:01:d1:ba:6f:43:45:5c:73:53:c2:00:c4:35:
         b3:6e:d3:ba:34:ff:1e:64:19:54:63:98:39:eb:46:22:79:e6:
         67:de:50:be
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUP6NBEtqS+6Oxku+PQggj77Ozq6gwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDkxMVoX
DTI3MDMwMzA2MTQxMVowMzExMC8GA1UEAxMoOTlFNTc1NUQwQ0Q1Qzg1NUI1NEE3
NUFFNkUxMUE4NUM1MkJFQkE4MTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANX3c5asZi4Kv4a3JNp4IUkBKWULHpwBRZjxYybLQNCR+aBELPcNstwE1e6+
k+XMTTLdzRYFvGTuit1cmSEg3Rx3HRR9Cr+ArPieMMfJNr9vb/uduH9ZL9cLxh/m
cgc7drCH99Ln6DsQ4W5qY5KRtapvkMTcukRKHMn+/2OvZGxv/INBpzh2Y0UTzY14
Nt2F7oX6+oYEs1xwiPUvGCK9nB6y6yCjzIIxj6rfeWLV9ISf15xbEIensElCDJP2
01vslQgdkYpBXIWfm1RL8BXJ0dDW14MqR0iQ2ycztWtYMWkfhCzedurf455LKn/I
dzXYiHL6SyDdJ3SgNdZsJUcgM00CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBSZ5XVd
DNXIVbVKda5uEahcUr66gTAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDIzMi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
pi4wDQYJKoZIhvcNAQELBQADggEBAIUo4lULKcF2pXV+i0ZLQ24G3Tr1S6Fuqc/C
h6f81vv+EpIR7M+M5PcoNatPwFwLpd7M0ugEaj9puHyq1vJDskeNAIMN0QwoCE+v
UthXQX9JxzmdINfZlfiUy56I4TKUjRYJBZN6sVguLYqw+oSurszG/APCGRRCe57d
1X/tc03rXJZBV0IP/vbLEplrnC7nwWoCVHGwivwKqVZCfC+Nc1vxT330qfG4MHQE
qXrrMkYa4SSnajnS+Wam15Jyi3LqWH/NiNVPRJmY6gk2/aKcVSU5tNqZuzuknrna
87sgAdG6b0NFXHNTwgDENbNu07o0/x5kGVRjmDnrRiJ55mfeUL4=
-----END CERTIFICATE-----