Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144281.roa
File:                     AS144281.roa (raw, json)
Hash identifier:          Wbi4A9mqaSgEesFbCELJ04H+xSfBNWhbtLlyGw7eCvI=
Subject key identifier:   0D:0D:39:BC:0D:00:FA:23:6C:70:6B:58:E0:98:31:35:D7:C5:19:2D
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       5494A709C0762D2640DD9AA73105E63A817295E9
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144281.roa
Signing time:             Wed 04 Mar 2026 06:14:32 +0000
ROA not before:           Wed 04 Mar 2026 06:09:32 +0000
ROA not after:            Wed 03 Mar 2027 06:14:32 +0000
asID:                     144281
IP address blocks:        240a:a65f::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            54:94:a7:09:c0:76:2d:26:40:dd:9a:a7:31:05:e6:3a:81:72:95:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:09:32 2026 GMT
            Not After : Mar  3 06:14:32 2027 GMT
        Subject: CN=0D0D39BC0D00FA236C706B58E0983135D7C5192D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:d6:e5:99:6c:3a:4a:7e:67:91:6f:5a:0b:fe:
                    3b:29:f8:8f:c5:84:e1:3c:f7:f0:16:01:90:92:8c:
                    ac:12:78:73:f5:f1:22:49:c1:f5:63:da:34:b8:5c:
                    dc:ed:f8:77:8f:3e:2a:8d:70:f4:c5:33:2f:30:84:
                    e2:cd:5e:9b:b2:36:db:fe:cc:70:64:c3:a1:a1:3b:
                    04:99:70:dc:14:16:97:32:33:f3:8f:0d:32:88:2f:
                    72:5f:c6:6c:9c:91:52:96:9d:88:17:ff:43:07:b8:
                    e4:04:de:ed:95:e0:1d:fd:34:bd:ae:30:45:ec:5b:
                    57:fe:84:b9:0d:5a:5d:c3:9f:71:9c:c5:16:e9:85:
                    6b:b7:70:03:65:15:cd:90:3d:62:67:34:a0:82:3d:
                    72:2d:65:a3:03:91:26:95:51:28:fb:4d:99:76:7f:
                    72:2c:05:ff:3b:c0:db:89:dc:03:93:ca:ac:60:90:
                    02:86:12:99:96:dd:17:a1:dd:32:0e:64:06:65:fe:
                    95:0c:a8:55:99:94:e7:1e:66:92:92:84:1e:b9:5c:
                    15:8b:b6:e0:8d:44:00:20:af:43:09:dc:3f:6c:57:
                    44:20:27:fd:b0:53:ed:f0:68:3b:b9:78:f5:27:c2:
                    3c:0f:b7:32:99:9f:81:60:9a:d3:46:b4:20:12:3e:
                    a3:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:0D:39:BC:0D:00:FA:23:6C:70:6B:58:E0:98:31:35:D7:C5:19:2D
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144281.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a65f::/32

    Signature Algorithm: sha256WithRSAEncryption
         4f:5c:77:d0:db:48:99:46:c7:4c:ad:77:ed:a5:3a:00:55:a8:
         f8:d9:cc:bf:08:2f:e0:bd:9e:db:33:91:c9:3d:08:8e:a5:0b:
         ef:53:02:9b:97:93:21:94:44:7c:36:6a:00:a6:07:82:ca:0a:
         c7:9a:8d:0f:9b:8e:42:f9:29:12:03:4d:ff:6c:fa:41:e3:45:
         e1:4a:63:13:a3:ab:4b:f1:5a:5b:e9:d9:8b:54:0a:0d:c5:88:
         98:7e:65:58:85:a8:91:e0:13:c3:38:9d:eb:c3:63:c4:4b:1c:
         8a:5a:7a:cd:80:1e:7d:7b:53:31:f4:82:61:26:f0:ca:51:24:
         79:dc:59:73:ef:4f:ef:40:f9:7c:bb:cb:21:8e:b4:ad:d6:cc:
         e4:e8:fb:c4:eb:ed:ad:19:7b:b2:82:64:44:7e:75:68:66:dc:
         79:23:69:f7:88:2b:15:f6:8b:37:5e:a4:8a:ab:21:4d:0a:7c:
         a3:ad:3e:69:cd:db:43:b8:09:2b:a3:5c:0e:1a:83:37:43:88:
         ea:b2:cd:40:f5:eb:a3:54:8b:04:b0:b4:e4:fc:bd:31:aa:49:
         07:2b:98:5c:f1:bb:a6:98:02:bf:e3:a3:1a:f4:13:42:a0:ee:
         bd:95:d2:c3:d3:3c:09:bf:a4:30:64:a4:e5:50:03:5e:d4:d1:
         d6:dd:85:c2
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUVJSnCcB2LSZA3ZqnMQXmOoFylekwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDkzMloX
DTI3MDMwMzA2MTQzMlowMzExMC8GA1UEAxMoMEQwRDM5QkMwRDAwRkEyMzZDNzA2
QjU4RTA5ODMxMzVEN0M1MTkyRDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKXW5ZlsOkp+Z5FvWgv+Oyn4j8WE4Tz38BYBkJKMrBJ4c/XxIknB9WPaNLhc
3O34d48+Ko1w9MUzLzCE4s1em7I22/7McGTDoaE7BJlw3BQWlzIz848NMogvcl/G
bJyRUpadiBf/Qwe45ATe7ZXgHf00va4wRexbV/6EuQ1aXcOfcZzFFumFa7dwA2UV
zZA9Ymc0oII9ci1lowORJpVRKPtNmXZ/ciwF/zvA24ncA5PKrGCQAoYSmZbdF6Hd
Mg5kBmX+lQyoVZmU5x5mkpKEHrlcFYu24I1EACCvQwncP2xXRCAn/bBT7fBoO7l4
9SfCPA+3MpmfgWCa00a0IBI+oykCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQNDTm8
DQD6I2xwa1jgmDE118UZLTAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDI4MS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
pl8wDQYJKoZIhvcNAQELBQADggEBAE9cd9DbSJlGx0ytd+2lOgBVqPjZzL8IL+C9
ntszkck9CI6lC+9TApuXkyGURHw2agCmB4LKCseajQ+bjkL5KRIDTf9s+kHjReFK
YxOjq0vxWlvp2YtUCg3FiJh+ZViFqJHgE8M4nevDY8RLHIpaes2AHn17UzH0gmEm
8MpRJHncWXPvT+9A+Xy7yyGOtK3WzOTo+8Tr7a0Ze7KCZER+dWhm3HkjafeIKxX2
izdepIqrIU0KfKOtPmnN20O4CSujXA4agzdDiOqyzUD166NUiwSwtOT8vTGqSQcr
mFzxu6aYAr/joxr0E0Kg7r2V0sPTPAm/pDBkpOVQA17U0dbdhcI=
-----END CERTIFICATE-----