Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144283.roa
File:                     AS144283.roa (raw, json)
Hash identifier:          UXFJisGz62JjYacbnrC9pog4AnviPXjQwJnXS6UpgtU=
Subject key identifier:   A8:0E:E1:0E:8B:E3:F2:C8:17:7B:EF:8D:EE:0F:7E:57:81:36:E9:6B
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       10C15655BBC6CFA14BC3AE383A7836B9A9F9C9D4
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144283.roa
Signing time:             Wed 04 Mar 2026 06:13:48 +0000
ROA not before:           Wed 04 Mar 2026 06:08:48 +0000
ROA not after:            Wed 03 Mar 2027 06:13:48 +0000
asID:                     144283
IP address blocks:        240a:a661::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:c1:56:55:bb:c6:cf:a1:4b:c3:ae:38:3a:78:36:b9:a9:f9:c9:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:08:48 2026 GMT
            Not After : Mar  3 06:13:48 2027 GMT
        Subject: CN=A80EE10E8BE3F2C8177BEF8DEE0F7E578136E96B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:35:56:b6:9f:61:c1:4f:0a:78:b5:27:0d:c9:
                    3e:45:bf:72:61:cd:d4:f0:0a:b3:82:11:1e:b2:78:
                    f2:d6:7c:23:26:3f:e9:e0:3b:7e:cc:48:6a:19:6f:
                    b5:3c:62:bd:6f:df:94:de:12:47:6f:10:c4:db:72:
                    a1:f6:a9:91:84:28:f3:41:14:8b:31:78:c0:a6:31:
                    69:1e:14:1d:7b:3f:0d:cb:92:ad:eb:de:6c:a6:f2:
                    12:d7:9a:8c:12:ab:76:96:f5:74:b7:8b:23:14:5e:
                    07:7f:b4:15:f9:75:dd:d2:18:2d:db:7f:cf:0c:5c:
                    e1:a2:c6:da:1c:8b:ce:d9:5e:19:33:c4:72:41:10:
                    b9:ed:f3:72:8e:2d:d6:26:bd:bc:fd:f4:ae:00:bc:
                    d6:e1:14:68:8a:ce:47:89:2d:10:80:7e:e7:7c:f6:
                    d0:cf:9e:37:e6:93:3c:e6:31:8d:56:df:dc:e8:5c:
                    47:35:6a:c8:6f:85:cf:06:54:66:bb:ba:07:36:74:
                    b6:a3:dd:bd:dc:ce:f8:69:fd:2a:d6:cf:59:9c:61:
                    9d:63:e3:0a:a6:c9:cc:88:d6:5c:49:aa:ca:c0:2c:
                    84:fc:14:9f:58:8e:8a:fb:1a:17:ff:d8:0d:58:41:
                    6e:b4:7d:f7:db:2f:38:24:14:a8:a5:42:2f:a2:f5:
                    eb:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:0E:E1:0E:8B:E3:F2:C8:17:7B:EF:8D:EE:0F:7E:57:81:36:E9:6B
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144283.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a661::/32

    Signature Algorithm: sha256WithRSAEncryption
         51:94:d2:ff:e9:70:38:27:0d:bd:6e:6e:5f:57:b7:ba:3a:b4:
         39:3e:6e:ff:5c:1c:8b:bc:fa:d7:d8:b5:52:ea:c1:cd:f9:5c:
         6f:ea:1c:55:8e:37:c0:76:2d:38:cc:e1:90:be:ef:be:f1:d9:
         80:4b:e4:0b:49:98:0a:5a:68:22:ac:40:c3:50:3d:58:6b:a0:
         6d:d8:3b:8e:6f:e7:44:c4:14:f6:87:d9:f3:32:2f:c4:dc:d7:
         ab:fb:1a:20:25:4c:6f:73:ff:70:d2:48:10:5d:4a:e2:35:42:
         91:4f:97:63:0c:17:c2:c9:61:c2:60:b2:75:17:35:99:be:c4:
         e6:17:9a:5f:9a:9d:be:1e:b7:20:84:f5:3a:d8:c9:a6:fd:b0:
         aa:95:40:5f:01:33:f3:0b:02:f0:f0:05:83:8b:b6:5a:c9:42:
         d1:a1:2f:0c:86:ca:c9:7f:83:48:0d:b3:10:2e:3e:db:52:1b:
         65:1b:80:7a:ff:40:b0:1e:20:f1:eb:80:6f:5b:3d:ae:ac:d2:
         3a:c9:26:86:e5:e5:76:b5:3e:24:6a:9c:c1:2c:5c:5e:38:88:
         95:d6:e2:3a:05:18:c7:4a:09:85:12:e7:e8:41:29:03:b0:a4:
         ab:2c:2e:3e:a3:14:a9:c6:9f:e8:fd:d0:fe:b3:02:c5:0d:df:
         ec:5d:c3:ff
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUEMFWVbvGz6FLw644Ong2uan5ydQwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDg0OFoX
DTI3MDMwMzA2MTM0OFowMzExMC8GA1UEAxMoQTgwRUUxMEU4QkUzRjJDODE3N0JF
RjhERUUwRjdFNTc4MTM2RTk2QjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMM1VrafYcFPCni1Jw3JPkW/cmHN1PAKs4IRHrJ48tZ8IyY/6eA7fsxIahlv
tTxivW/flN4SR28QxNtyofapkYQo80EUizF4wKYxaR4UHXs/DcuSrevebKbyEtea
jBKrdpb1dLeLIxReB3+0Ffl13dIYLdt/zwxc4aLG2hyLztleGTPEckEQue3zco4t
1ia9vP30rgC81uEUaIrOR4ktEIB+53z20M+eN+aTPOYxjVbf3OhcRzVqyG+FzwZU
Zru6BzZ0tqPdvdzO+Gn9KtbPWZxhnWPjCqbJzIjWXEmqysAshPwUn1iOivsaF//Y
DVhBbrR999svOCQUqKVCL6L166kCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBSoDuEO
i+PyyBd7743uD35XgTbpazAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDI4My5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
pmEwDQYJKoZIhvcNAQELBQADggEBAFGU0v/pcDgnDb1ubl9Xt7o6tDk+bv9cHIu8
+tfYtVLqwc35XG/qHFWON8B2LTjM4ZC+777x2YBL5AtJmApaaCKsQMNQPVhroG3Y
O45v50TEFPaH2fMyL8Tc16v7GiAlTG9z/3DSSBBdSuI1QpFPl2MMF8LJYcJgsnUX
NZm+xOYXml+anb4etyCE9TrYyab9sKqVQF8BM/MLAvDwBYOLtlrJQtGhLwyGysl/
g0gNsxAuPttSG2UbgHr/QLAeIPHrgG9bPa6s0jrJJobl5Xa1PiRqnMEsXF44iJXW
4joFGMdKCYUS5+hBKQOwpKssLj6jFKnGn+j90P6zAsUN3+xdw/8=
-----END CERTIFICATE-----