Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144250.roa
File:                     AS144250.roa (raw, json)
Hash identifier:          pb6nQk9SEFXMsDbJMpO/QTcTCjkFI7OpNaWgUqAvbeE=
Subject key identifier:   41:A3:30:26:AE:91:3D:C4:88:9A:96:22:A1:F7:2A:C0:83:5C:21:F1
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       48F1A82975F4FBCC4C532EF3C9A9B22F1EDE2CF8
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144250.roa
Signing time:             Wed 04 Mar 2026 06:12:59 +0000
ROA not before:           Wed 04 Mar 2026 06:07:59 +0000
ROA not after:            Wed 03 Mar 2027 06:12:59 +0000
asID:                     144250
IP address blocks:        240a:a640::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            48:f1:a8:29:75:f4:fb:cc:4c:53:2e:f3:c9:a9:b2:2f:1e:de:2c:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:07:59 2026 GMT
            Not After : Mar  3 06:12:59 2027 GMT
        Subject: CN=41A33026AE913DC4889A9622A1F72AC0835C21F1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:e1:9b:f1:0e:d4:dd:64:1f:d1:98:df:22:7a:
                    f0:63:49:c4:b3:88:d6:d2:be:a2:68:97:ac:3d:77:
                    cf:e2:48:89:e5:d7:30:0c:e5:c1:72:05:db:1c:2a:
                    6d:b9:9a:98:51:cf:e3:09:77:d9:2b:eb:ba:e5:e3:
                    75:67:3e:b1:c0:26:86:1c:d1:15:80:0e:1d:f1:fc:
                    b4:a5:9f:25:24:f7:3b:88:de:c5:a4:5e:92:67:13:
                    1d:9d:93:c8:34:ef:03:b7:37:70:56:a5:b2:98:23:
                    13:09:99:c3:79:1a:6d:ae:89:94:50:55:79:a3:cf:
                    b8:bd:b1:99:4a:94:d5:54:91:82:c7:6b:d9:43:45:
                    25:7a:cf:ea:99:3f:49:6d:6f:4c:de:52:a4:ca:d6:
                    3a:98:aa:6b:06:bf:71:86:11:b4:71:44:3d:db:0b:
                    e1:2e:07:9a:3b:e7:78:4f:eb:68:c7:86:06:90:81:
                    a6:bb:24:96:51:6f:55:34:38:de:87:01:cb:32:bd:
                    6b:b3:74:79:3f:32:26:a3:31:e5:80:82:10:21:cb:
                    e4:ef:6c:72:76:91:a9:9a:3f:6c:e6:f8:b9:cb:0c:
                    f7:80:1b:ee:25:4c:d6:a2:e9:73:91:16:75:42:2d:
                    09:c0:2b:fb:8d:d0:ac:6c:5b:06:95:aa:02:44:64:
                    cf:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:A3:30:26:AE:91:3D:C4:88:9A:96:22:A1:F7:2A:C0:83:5C:21:F1
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144250.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a640::/32

    Signature Algorithm: sha256WithRSAEncryption
         0e:b6:fb:96:d3:f6:1d:08:1a:b6:e3:a4:cc:ae:b8:f8:4b:e7:
         04:27:96:a8:4b:fe:a2:8b:a1:13:e3:86:dc:1c:49:96:b1:34:
         df:99:1f:de:78:27:2c:c9:0c:78:74:99:ac:46:1d:e9:fe:6e:
         08:1e:45:56:1d:07:ac:37:3c:89:6b:ec:64:98:5c:36:52:2f:
         c2:9c:6b:cd:d5:b3:79:9b:1e:87:e3:07:26:70:37:da:3b:01:
         d5:70:fe:40:5c:f0:3f:47:97:2c:b6:d6:0c:58:6f:49:a6:cb:
         65:3a:d7:02:1e:49:a7:63:7d:e0:3a:57:fb:9b:3d:23:b2:82:
         46:21:64:3f:61:e9:5f:a8:4f:b9:b8:1d:74:28:c9:a6:19:33:
         bc:d6:16:c8:c3:f8:2d:e2:dc:ab:b6:70:52:eb:00:84:79:cf:
         8e:bd:af:be:81:9f:34:28:d8:45:c9:51:e8:74:eb:e8:0b:d0:
         9d:16:81:f9:dc:3f:36:3c:44:11:7f:fc:4b:c6:f2:8e:84:16:
         0a:7b:b7:ef:67:b0:9f:4d:d4:e0:5d:e5:1d:6b:60:2a:e2:2d:
         0c:91:c7:51:eb:8b:42:26:74:7d:f4:96:de:0a:19:c9:85:d6:
         96:d7:23:6a:a7:16:93:77:75:d0:b5:74:51:34:c7:df:8b:b3:
         31:85:df:2f
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUSPGoKXX0+8xMUy7zyamyLx7eLPgwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDc1OVoX
DTI3MDMwMzA2MTI1OVowMzExMC8GA1UEAxMoNDFBMzMwMjZBRTkxM0RDNDg4OUE5
NjIyQTFGNzJBQzA4MzVDMjFGMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKbhm/EO1N1kH9GY3yJ68GNJxLOI1tK+omiXrD13z+JIieXXMAzlwXIF2xwq
bbmamFHP4wl32SvruuXjdWc+scAmhhzRFYAOHfH8tKWfJST3O4jexaRekmcTHZ2T
yDTvA7c3cFalspgjEwmZw3kaba6JlFBVeaPPuL2xmUqU1VSRgsdr2UNFJXrP6pk/
SW1vTN5SpMrWOpiqawa/cYYRtHFEPdsL4S4HmjvneE/raMeGBpCBprskllFvVTQ4
3ocByzK9a7N0eT8yJqMx5YCCECHL5O9scnaRqZo/bOb4ucsM94Ab7iVM1qLpc5EW
dUItCcAr+43QrGxbBpWqAkRkz88CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBRBozAm
rpE9xIialiKh9yrAg1wh8TAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDI1MC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
pkAwDQYJKoZIhvcNAQELBQADggEBAA62+5bT9h0IGrbjpMyuuPhL5wQnlqhL/qKL
oRPjhtwcSZaxNN+ZH954JyzJDHh0maxGHen+bggeRVYdB6w3PIlr7GSYXDZSL8Kc
a83Vs3mbHofjByZwN9o7AdVw/kBc8D9Hlyy21gxYb0mmy2U61wIeSadjfeA6V/ub
PSOygkYhZD9h6V+oT7m4HXQoyaYZM7zWFsjD+C3i3Ku2cFLrAIR5z469r76BnzQo
2EXJUeh06+gL0J0WgfncPzY8RBF//EvG8o6EFgp7t+9nsJ9N1OBd5R1rYCriLQyR
x1Hri0ImdH30lt4KGcmF1pbXI2qnFpN3ddC1dFE0x9+LszGF3y8=
-----END CERTIFICATE-----