Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144268.roa
File:                     AS144268.roa (raw, json)
Hash identifier:          wmsw79XszlnAIVP3SjmMs6tzXkH7R2I5S1u1bvEoYiM=
Subject key identifier:   A7:C2:87:D2:83:47:52:1C:CC:9D:8B:28:9F:CE:2B:20:18:85:54:CF
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       5031B1770C1F6C7500ADB0BE171B27FCA2880295
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144268.roa
Signing time:             Wed 04 Mar 2026 06:14:15 +0000
ROA not before:           Wed 04 Mar 2026 06:09:15 +0000
ROA not after:            Wed 03 Mar 2027 06:14:15 +0000
asID:                     144268
IP address blocks:        240a:a652::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            50:31:b1:77:0c:1f:6c:75:00:ad:b0:be:17:1b:27:fc:a2:88:02:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:09:15 2026 GMT
            Not After : Mar  3 06:14:15 2027 GMT
        Subject: CN=A7C287D28347521CCC9D8B289FCE2B20188554CF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:bd:36:22:5f:aa:a8:29:cf:97:90:bc:dc:39:
                    9a:79:4b:96:bc:01:ce:7f:61:65:cb:1d:42:a2:94:
                    96:ef:00:b6:77:70:83:5c:a8:a3:6a:29:af:4a:8d:
                    f2:11:b0:96:64:63:15:ca:95:02:6e:a1:21:e1:54:
                    4a:64:45:c6:e6:47:93:33:cb:11:a5:9b:b3:b7:54:
                    44:32:72:f1:db:f9:4f:38:92:d0:be:48:bf:32:1c:
                    18:41:f3:50:04:2d:42:34:0d:02:7f:2e:e8:9b:ce:
                    92:50:d8:80:a2:17:9b:59:e3:ed:9a:ef:b8:df:30:
                    9c:e7:e1:b2:c3:bf:69:af:0d:9d:1b:34:d0:72:b7:
                    96:89:2a:ee:e2:8b:c5:25:a2:83:10:6e:fc:9c:ae:
                    12:83:55:5e:91:c7:f6:0b:7a:9a:f6:83:31:59:fa:
                    fe:76:b7:95:30:c9:fc:ff:2f:e7:1f:f3:9b:c0:5e:
                    ed:16:22:a3:9d:8d:25:67:5b:c1:70:5a:47:4d:95:
                    6d:c5:c9:34:65:ba:69:2d:d2:c4:b5:3e:2e:90:6f:
                    99:b8:c8:b7:f8:13:07:9e:64:28:71:7e:01:74:21:
                    7f:41:91:36:ac:1f:e8:e0:2a:0f:c6:9b:2a:60:20:
                    24:ad:f1:f1:8e:3e:b7:4c:e2:7f:b5:0f:86:23:58:
                    87:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:C2:87:D2:83:47:52:1C:CC:9D:8B:28:9F:CE:2B:20:18:85:54:CF
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144268.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a652::/32

    Signature Algorithm: sha256WithRSAEncryption
         35:e8:e4:2e:f4:39:c8:79:d4:12:d2:55:d6:67:28:6a:22:d3:
         f8:f9:f8:a3:4a:13:d5:33:00:2c:66:63:2e:19:5a:a9:8b:b4:
         5b:a9:f7:e3:f5:82:3d:c1:3e:90:f2:eb:8f:83:6d:64:6d:ab:
         5a:95:bb:cc:b6:db:70:66:69:8b:ed:17:01:75:cb:28:19:81:
         42:8d:49:67:0f:a7:59:56:6f:ff:61:96:a2:fd:fd:a2:fb:5b:
         f1:d2:04:3b:dd:b8:00:52:88:af:c5:65:38:28:75:46:9a:54:
         42:95:57:97:1b:94:96:a0:c9:60:56:72:c4:48:64:11:90:6e:
         2e:c2:2e:14:e4:5f:1f:0c:7c:c4:17:50:da:e8:56:f2:ad:dd:
         5c:89:78:75:cd:36:26:89:f8:86:d8:2e:b3:9d:b2:05:66:d2:
         c9:1e:54:9d:27:d8:a1:30:d5:3b:c4:b8:85:4e:97:17:6c:85:
         70:f4:be:39:75:e7:e7:23:d2:34:ff:4e:86:a4:e6:db:c2:00:
         55:8a:d4:19:b9:45:f7:7f:d4:e8:85:27:e5:58:e6:b6:9d:39:
         90:fd:48:83:34:7b:f3:80:2c:ec:34:c2:d1:20:cd:c0:34:5d:
         c8:14:b3:63:1d:05:7e:66:fb:16:7f:73:4f:f4:5a:b7:e7:ef:
         75:d6:ce:e0
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUUDGxdwwfbHUArbC+Fxsn/KKIApUwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDkxNVoX
DTI3MDMwMzA2MTQxNVowMzExMC8GA1UEAxMoQTdDMjg3RDI4MzQ3NTIxQ0NDOUQ4
QjI4OUZDRTJCMjAxODg1NTRDRjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAIy9NiJfqqgpz5eQvNw5mnlLlrwBzn9hZcsdQqKUlu8Atndwg1yoo2opr0qN
8hGwlmRjFcqVAm6hIeFUSmRFxuZHkzPLEaWbs7dURDJy8dv5TziS0L5IvzIcGEHz
UAQtQjQNAn8u6JvOklDYgKIXm1nj7ZrvuN8wnOfhssO/aa8NnRs00HK3lokq7uKL
xSWigxBu/JyuEoNVXpHH9gt6mvaDMVn6/na3lTDJ/P8v5x/zm8Be7RYio52NJWdb
wXBaR02VbcXJNGW6aS3SxLU+LpBvmbjIt/gTB55kKHF+AXQhf0GRNqwf6OAqD8ab
KmAgJK3x8Y4+t0zif7UPhiNYh2ECAwEAAaOCAcUwggHBMB0GA1UdDgQWBBSnwofS
g0dSHMydiyifzisgGIVUzzAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDI2OC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
plIwDQYJKoZIhvcNAQELBQADggEBADXo5C70Och51BLSVdZnKGoi0/j5+KNKE9Uz
ACxmYy4ZWqmLtFup9+P1gj3BPpDy64+DbWRtq1qVu8y223BmaYvtFwF1yygZgUKN
SWcPp1lWb/9hlqL9/aL7W/HSBDvduABSiK/FZTgodUaaVEKVV5cblJagyWBWcsRI
ZBGQbi7CLhTkXx8MfMQXUNroVvKt3VyJeHXNNiaJ+IbYLrOdsgVm0skeVJ0n2KEw
1TvEuIVOlxdshXD0vjl15+cj0jT/Toak5tvCAFWK1Bm5Rfd/1OiFJ+VY5radOZD9
SIM0e/OALOw0wtEgzcA0XcgUs2MdBX5m+xZ/c0/0Wrfn73XWzuA=
-----END CERTIFICATE-----