Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144240.roa
File:                     AS144240.roa (raw, json)
Hash identifier:          xtHVZSWQ0CZSoxMjTl6Q9yMG/ivovja0P4Jk11GJbt8=
Subject key identifier:   B2:F0:1C:72:22:43:79:45:C3:83:FC:BB:66:C4:63:71:28:AA:61:95
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       5D0163C46E1D465439B7BDFF072C41235233190B
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144240.roa
Signing time:             Wed 04 Mar 2026 06:14:48 +0000
ROA not before:           Wed 04 Mar 2026 06:09:48 +0000
ROA not after:            Wed 03 Mar 2027 06:14:48 +0000
asID:                     144240
IP address blocks:        240a:a636::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5d:01:63:c4:6e:1d:46:54:39:b7:bd:ff:07:2c:41:23:52:33:19:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:09:48 2026 GMT
            Not After : Mar  3 06:14:48 2027 GMT
        Subject: CN=B2F01C7222437945C383FCBB66C4637128AA6195
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:21:ea:8c:a7:f0:17:58:a4:47:1b:ab:c1:38:
                    de:86:59:18:69:42:5d:2b:1c:17:8c:7b:74:75:97:
                    39:37:76:c9:f5:7e:a8:90:cb:5d:81:13:9d:34:50:
                    7e:38:aa:1b:95:b9:20:18:40:cd:b5:16:30:b2:67:
                    2b:53:a5:ad:3e:3f:b5:19:f2:59:74:dc:4a:84:36:
                    8c:eb:1d:ae:25:b1:46:c1:0d:91:06:d3:b2:4f:43:
                    d7:30:cf:6c:b9:ba:a7:35:86:84:00:1b:ff:1f:bb:
                    fc:d6:df:ec:68:7a:59:47:16:2a:20:5e:d6:db:46:
                    61:03:94:3b:15:2b:40:bd:e9:09:73:69:65:c3:fe:
                    35:9e:57:7f:69:1a:af:41:06:92:26:07:e5:dc:24:
                    83:a8:93:d1:4e:1d:d0:d5:13:27:25:11:e1:3b:70:
                    25:a4:76:58:34:6e:b6:8e:88:88:70:a2:98:14:ed:
                    f2:76:cb:ce:39:35:59:61:08:5e:44:c9:14:43:bd:
                    5a:cf:b9:65:dc:99:8b:43:00:99:5c:f8:75:69:3d:
                    bf:7c:b9:0e:ed:d4:2a:6d:1c:55:b8:63:58:38:9a:
                    a2:c8:1f:fb:d7:27:63:e0:30:c0:57:f6:aa:cf:a3:
                    ea:95:c0:ed:dc:7d:94:8f:d7:d4:a0:e0:85:bc:40:
                    d2:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:F0:1C:72:22:43:79:45:C3:83:FC:BB:66:C4:63:71:28:AA:61:95
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144240.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a636::/32

    Signature Algorithm: sha256WithRSAEncryption
         43:32:a0:96:ae:c2:98:3c:cd:66:bd:e7:d1:00:6d:6e:d5:9f:
         66:cc:bb:d8:0a:ba:52:5e:72:cf:66:a8:a1:52:a4:ff:f1:47:
         e7:44:b6:53:b4:9e:4d:67:e6:df:87:49:70:56:44:db:d3:1f:
         81:f0:a1:75:ea:a8:ba:5f:d1:ea:1c:bd:0e:fd:98:6b:6b:43:
         30:5e:77:35:a1:9b:1d:1f:e3:c3:c5:46:31:5f:39:47:26:a5:
         b1:6c:40:15:1e:72:a4:13:ca:2b:5b:61:27:c0:3e:8c:ff:a4:
         9d:ef:02:b4:91:37:8e:00:97:7a:6e:c2:7a:29:ed:35:5a:ff:
         8b:e4:df:91:ce:c2:e5:2e:18:fa:07:80:bf:01:5a:18:6d:83:
         08:fa:2b:b3:be:b9:98:16:e6:a9:ef:74:27:b2:04:0b:32:a1:
         95:83:66:94:57:8a:c4:c1:a7:82:75:31:d7:06:ad:c3:9f:b4:
         7d:fd:a4:80:a8:38:b7:6b:a3:d4:c9:4f:72:23:6d:45:39:3f:
         03:e7:00:99:33:05:64:04:d1:31:bc:b5:f3:d4:fd:fe:4c:52:
         9b:84:47:94:a7:cb:5d:0b:fe:e7:03:8f:fb:d0:fc:f1:0f:1e:
         d3:e6:85:e0:6c:db:c5:08:c1:ad:a5:3c:55:cd:00:79:0d:b8:
         8c:04:c0:fd
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUXQFjxG4dRlQ5t73/ByxBI1IzGQswDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDk0OFoX
DTI3MDMwMzA2MTQ0OFowMzExMC8GA1UEAxMoQjJGMDFDNzIyMjQzNzk0NUMzODNG
Q0JCNjZDNDYzNzEyOEFBNjE5NTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOEh6oyn8BdYpEcbq8E43oZZGGlCXSscF4x7dHWXOTd2yfV+qJDLXYETnTRQ
fjiqG5W5IBhAzbUWMLJnK1OlrT4/tRnyWXTcSoQ2jOsdriWxRsENkQbTsk9D1zDP
bLm6pzWGhAAb/x+7/Nbf7Gh6WUcWKiBe1ttGYQOUOxUrQL3pCXNpZcP+NZ5Xf2ka
r0EGkiYH5dwkg6iT0U4d0NUTJyUR4TtwJaR2WDRuto6IiHCimBTt8nbLzjk1WWEI
XkTJFEO9Ws+5ZdyZi0MAmVz4dWk9v3y5Du3UKm0cVbhjWDiaosgf+9cnY+AwwFf2
qs+j6pXA7dx9lI/X1KDghbxA0vECAwEAAaOCAcUwggHBMB0GA1UdDgQWBBSy8Bxy
IkN5RcOD/LtmxGNxKKphlTAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDI0MC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
pjYwDQYJKoZIhvcNAQELBQADggEBAEMyoJauwpg8zWa959EAbW7Vn2bMu9gKulJe
cs9mqKFSpP/xR+dEtlO0nk1n5t+HSXBWRNvTH4HwoXXqqLpf0eocvQ79mGtrQzBe
dzWhmx0f48PFRjFfOUcmpbFsQBUecqQTyitbYSfAPoz/pJ3vArSRN44Al3puwnop
7TVa/4vk35HOwuUuGPoHgL8BWhhtgwj6K7O+uZgW5qnvdCeyBAsyoZWDZpRXisTB
p4J1MdcGrcOftH39pICoOLdro9TJT3IjbUU5PwPnAJkzBWQE0TG8tfPU/f5MUpuE
R5Sny10L/ucDj/vQ/PEPHtPmheBs28UIwa2lPFXNAHkNuIwEwP0=
-----END CERTIFICATE-----