Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144256.roa
File:                     AS144256.roa (raw, json)
Hash identifier:          GURkTOJ9Ez9hFRCMunl/FnWVESiVlTAThPIOW64Hqro=
Subject key identifier:   7D:BF:33:A8:D4:B2:FE:9B:E7:BB:89:4C:C5:A0:76:E4:34:1C:E8:C3
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       257B590F9072C898DF96A82614AFD6AADFC165BD
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144256.roa
Signing time:             Wed 04 Mar 2026 06:13:41 +0000
ROA not before:           Wed 04 Mar 2026 06:08:41 +0000
ROA not after:            Wed 03 Mar 2027 06:13:41 +0000
asID:                     144256
IP address blocks:        240a:a646::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:7b:59:0f:90:72:c8:98:df:96:a8:26:14:af:d6:aa:df:c1:65:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:08:41 2026 GMT
            Not After : Mar  3 06:13:41 2027 GMT
        Subject: CN=7DBF33A8D4B2FE9BE7BB894CC5A076E4341CE8C3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:41:54:eb:72:3a:1c:53:a5:38:44:f3:01:58:
                    5e:a7:66:d9:a9:70:ed:58:09:fa:a0:c4:28:54:fb:
                    a6:b4:b7:48:b7:8a:ff:4a:62:71:60:67:11:5b:c6:
                    48:9b:39:36:7c:a5:1c:16:02:a6:36:15:47:66:b0:
                    e7:28:c2:32:2f:5e:44:9c:f3:6f:32:fa:05:a1:0d:
                    4e:ba:92:13:a6:63:da:c7:59:4e:2a:f5:9f:10:91:
                    da:57:04:f3:8d:70:17:15:23:13:b0:bf:6b:78:9e:
                    25:1d:94:c3:cc:49:67:30:65:24:ce:75:dd:97:e6:
                    f9:9a:c8:14:4c:c0:b5:29:55:7e:c4:b4:03:a2:38:
                    5b:3f:1f:a4:0f:02:fb:3a:89:7a:19:68:72:13:4a:
                    e2:c7:d8:94:a3:45:66:ad:1d:62:b6:8a:4d:0f:75:
                    4a:71:bb:d3:ec:fb:49:21:28:0e:a2:13:ec:39:26:
                    b2:0b:a2:19:1f:90:a4:ca:24:16:a4:4f:4a:6c:af:
                    06:53:1f:28:8f:7b:c7:d4:32:2c:66:3d:53:0c:e0:
                    8d:fc:89:5d:d4:41:8e:f6:f9:2a:e1:ed:ae:cd:35:
                    4e:73:78:77:24:2e:4a:45:e1:9e:3a:11:d1:55:c7:
                    bc:2f:67:35:5c:de:04:df:9d:97:80:22:ad:1a:99:
                    38:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:BF:33:A8:D4:B2:FE:9B:E7:BB:89:4C:C5:A0:76:E4:34:1C:E8:C3
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144256.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a646::/32

    Signature Algorithm: sha256WithRSAEncryption
         b7:52:c2:51:a2:5b:a0:94:d1:dc:36:4a:dc:ff:52:4a:c8:35:
         13:8d:04:91:e2:1c:f1:f8:ba:c3:de:0d:13:21:2b:32:0b:91:
         8c:77:f1:7c:0a:af:4d:93:f8:76:5b:04:f2:b7:36:e7:52:9e:
         38:3f:c2:a9:76:dd:16:d0:d9:f6:44:b0:43:c6:a6:d3:8d:58:
         77:0e:bb:b4:11:7a:5e:30:a8:9f:7b:73:aa:1f:c3:7c:54:35:
         ee:80:7f:fc:42:67:7d:99:72:8d:ce:b0:43:ad:bf:cc:69:ad:
         eb:ed:50:df:3f:45:18:2d:60:49:c3:da:ab:58:c2:0f:a4:e6:
         38:7b:e8:5d:ac:0c:c3:04:b4:e2:9d:8e:a9:55:7c:67:10:55:
         de:f4:38:58:8f:3f:e6:2b:50:99:02:13:86:c5:6e:ad:37:f8:
         c8:95:7d:21:06:56:b2:7c:3e:dc:3a:ee:f3:9a:2f:ab:28:84:
         28:8a:ad:5d:db:56:a0:51:6d:0c:bd:06:05:5d:7b:d6:e5:28:
         4d:e3:3f:e4:28:02:33:e2:6d:84:d6:1e:fd:e6:46:d2:50:b6:
         d0:91:8f:fb:db:c7:2e:ea:2b:21:5e:e0:e1:80:77:1a:12:6a:
         8c:6d:2c:cc:c7:67:5a:e2:cd:ee:57:81:08:55:9c:03:d2:43:
         f8:fd:5a:ca
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUJXtZD5ByyJjflqgmFK/Wqt/BZb0wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDg0MVoX
DTI3MDMwMzA2MTM0MVowMzExMC8GA1UEAxMoN0RCRjMzQThENEIyRkU5QkU3QkI4
OTRDQzVBMDc2RTQzNDFDRThDMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJFBVOtyOhxTpThE8wFYXqdm2alw7VgJ+qDEKFT7prS3SLeK/0picWBnEVvG
SJs5NnylHBYCpjYVR2aw5yjCMi9eRJzzbzL6BaENTrqSE6Zj2sdZTir1nxCR2lcE
841wFxUjE7C/a3ieJR2Uw8xJZzBlJM513Zfm+ZrIFEzAtSlVfsS0A6I4Wz8fpA8C
+zqJehlochNK4sfYlKNFZq0dYraKTQ91SnG70+z7SSEoDqIT7DkmsguiGR+QpMok
FqRPSmyvBlMfKI97x9QyLGY9UwzgjfyJXdRBjvb5KuHtrs01TnN4dyQuSkXhnjoR
0VXHvC9nNVzeBN+dl4AirRqZOKECAwEAAaOCAcUwggHBMB0GA1UdDgQWBBR9vzOo
1LL+m+e7iUzFoHbkNBzowzAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDI1Ni5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
pkYwDQYJKoZIhvcNAQELBQADggEBALdSwlGiW6CU0dw2Stz/UkrINRONBJHiHPH4
usPeDRMhKzILkYx38XwKr02T+HZbBPK3NudSnjg/wql23RbQ2fZEsEPGptONWHcO
u7QRel4wqJ97c6ofw3xUNe6Af/xCZ32Zco3OsEOtv8xprevtUN8/RRgtYEnD2qtY
wg+k5jh76F2sDMMEtOKdjqlVfGcQVd70OFiPP+YrUJkCE4bFbq03+MiVfSEGVrJ8
Ptw67vOaL6sohCiKrV3bVqBRbQy9BgVde9blKE3jP+QoAjPibYTWHv3mRtJQttCR
j/vbxy7qKyFe4OGAdxoSaoxtLMzHZ1rize5XgQhVnAPSQ/j9Wso=
-----END CERTIFICATE-----