Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144275.roa
File:                     AS144275.roa (raw, json)
Hash identifier:          QHxWJ2SdpBahts+Uivj2LfQcTBAwSUfht1ltlPLYeHI=
Subject key identifier:   A6:41:3C:C2:8C:CE:55:FD:B2:17:62:20:2F:8A:DD:4C:EC:DF:F6:B3
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       140C8CC965B6814858A4853429A5ED9766C59DF0
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144275.roa
Signing time:             Wed 04 Mar 2026 06:14:42 +0000
ROA not before:           Wed 04 Mar 2026 06:09:42 +0000
ROA not after:            Wed 03 Mar 2027 06:14:42 +0000
asID:                     144275
IP address blocks:        240a:a659::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            14:0c:8c:c9:65:b6:81:48:58:a4:85:34:29:a5:ed:97:66:c5:9d:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:09:42 2026 GMT
            Not After : Mar  3 06:14:42 2027 GMT
        Subject: CN=A6413CC28CCE55FDB21762202F8ADD4CECDFF6B3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:99:a9:63:21:bb:7e:5d:aa:24:58:b8:63:de:
                    cc:9c:44:13:54:1b:70:c3:e4:3b:de:61:d4:ac:58:
                    74:b0:49:fb:d5:13:51:c6:73:b4:4f:33:10:65:6e:
                    98:56:17:0c:ed:c5:01:f6:fa:0a:c2:fa:5d:9b:ba:
                    73:3f:07:90:94:b6:64:d0:3a:c5:2f:55:b1:02:70:
                    0f:d4:4d:59:41:75:56:ae:dc:62:17:2f:2d:32:9c:
                    28:e9:f6:9e:70:83:1b:d9:d7:93:a9:9f:c8:c8:de:
                    d1:bc:bd:24:25:c8:99:f8:0c:7c:f2:26:1d:d8:7f:
                    48:1e:15:40:53:56:a2:fe:95:3a:9b:d2:a2:72:b5:
                    e3:50:f4:01:7f:ee:5c:ec:88:b2:3e:c6:06:78:6a:
                    9a:6f:86:d2:62:7d:d1:8a:d2:c5:aa:60:7c:3e:80:
                    f4:ed:fe:7b:f6:df:94:f0:cf:02:15:b4:21:26:37:
                    35:f7:10:d7:84:63:0c:4b:63:8e:bc:e9:02:df:ca:
                    72:59:c0:1f:9f:0e:6d:bf:e9:93:31:ea:42:0b:2b:
                    03:8a:1d:33:d8:93:2f:bc:bd:5a:26:ba:30:a1:44:
                    f4:01:46:96:45:6e:9e:83:c0:6c:88:ea:6d:00:09:
                    9c:e9:4b:b4:74:a4:31:4e:a4:14:20:5c:2f:ed:dc:
                    4e:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:41:3C:C2:8C:CE:55:FD:B2:17:62:20:2F:8A:DD:4C:EC:DF:F6:B3
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144275.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a659::/32

    Signature Algorithm: sha256WithRSAEncryption
         04:eb:0f:81:64:bb:59:9d:bf:37:c8:80:e0:15:b7:73:2b:75:
         8e:bd:24:ce:8a:6b:e6:33:fa:77:5e:74:a8:11:37:83:3b:42:
         96:cc:9d:28:3c:26:08:94:01:ac:e5:ca:16:ef:c7:8b:1e:b5:
         9b:54:f9:16:42:3d:e4:ab:8f:2d:19:b8:91:33:30:b6:a5:4c:
         a7:78:ad:49:29:e4:3a:97:14:39:38:bd:e4:35:6f:15:8d:d2:
         4c:65:e7:81:57:5d:ca:d3:6f:a2:b7:14:39:f5:3f:41:cb:7f:
         55:ea:47:ce:38:33:f3:42:1e:23:fb:50:97:72:a9:4a:d5:35:
         4a:a7:b5:d1:01:d2:e4:b1:cc:cf:66:7e:50:29:8e:f9:0d:5d:
         64:8b:dd:09:e0:63:5b:39:2a:8b:b6:82:be:36:bf:56:41:4e:
         e8:7e:61:ce:df:e8:80:8f:d8:57:be:75:b8:ce:13:6c:bd:ca:
         d4:87:43:1f:b7:f5:e1:71:94:98:a1:88:21:cc:01:68:ac:ca:
         e2:37:cd:49:4c:da:ad:24:64:01:56:f8:8d:93:6e:05:64:2f:
         5f:43:9c:1d:ed:6d:dc:ef:18:5c:c8:d7:81:13:0f:a1:db:ee:
         db:ce:fc:ad:ea:45:29:a8:c3:1c:68:72:de:f3:50:67:0f:3b:
         dd:7e:f0:bc
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUFAyMyWW2gUhYpIU0KaXtl2bFnfAwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDk0MloX
DTI3MDMwMzA2MTQ0MlowMzExMC8GA1UEAxMoQTY0MTNDQzI4Q0NFNTVGREIyMTc2
MjIwMkY4QURENENFQ0RGRjZCMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKmZqWMhu35dqiRYuGPezJxEE1QbcMPkO95h1KxYdLBJ+9UTUcZztE8zEGVu
mFYXDO3FAfb6CsL6XZu6cz8HkJS2ZNA6xS9VsQJwD9RNWUF1Vq7cYhcvLTKcKOn2
nnCDG9nXk6mfyMje0by9JCXImfgMfPImHdh/SB4VQFNWov6VOpvSonK141D0AX/u
XOyIsj7GBnhqmm+G0mJ90YrSxapgfD6A9O3+e/bflPDPAhW0ISY3NfcQ14RjDEtj
jrzpAt/KclnAH58Obb/pkzHqQgsrA4odM9iTL7y9Wia6MKFE9AFGlkVunoPAbIjq
bQAJnOlLtHSkMU6kFCBcL+3cTmUCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBSmQTzC
jM5V/bIXYiAvit1M7N/2szAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDI3NS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
plkwDQYJKoZIhvcNAQELBQADggEBAATrD4Fku1mdvzfIgOAVt3MrdY69JM6Ka+Yz
+ndedKgRN4M7QpbMnSg8JgiUAazlyhbvx4setZtU+RZCPeSrjy0ZuJEzMLalTKd4
rUkp5DqXFDk4veQ1bxWN0kxl54FXXcrTb6K3FDn1P0HLf1XqR844M/NCHiP7UJdy
qUrVNUqntdEB0uSxzM9mflApjvkNXWSL3QngY1s5Kou2gr42v1ZBTuh+Yc7f6ICP
2Fe+dbjOE2y9ytSHQx+39eFxlJihiCHMAWisyuI3zUlM2q0kZAFW+I2TbgVkL19D
nB3tbdzvGFzI14ETD6Hb7tvO/K3qRSmowxxoct7zUGcPO91+8Lw=
-----END CERTIFICATE-----