Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144290.roa
File:                     AS144290.roa (raw, json)
Hash identifier:          kCnaLkNle4BxiRbPQyPmgoYHKwL6WPEzJmJQjbKWT7w=
Subject key identifier:   58:13:62:2D:8A:D3:D7:C4:D3:D1:FD:6D:34:66:96:32:CB:BA:48:69
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       682309F216B71C72F03F5D9E868F33FBD1DF4614
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144290.roa
Signing time:             Wed 04 Mar 2026 06:13:14 +0000
ROA not before:           Wed 04 Mar 2026 06:08:14 +0000
ROA not after:            Wed 03 Mar 2027 06:13:14 +0000
asID:                     144290
IP address blocks:        240a:a668::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:23:09:f2:16:b7:1c:72:f0:3f:5d:9e:86:8f:33:fb:d1:df:46:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:08:14 2026 GMT
            Not After : Mar  3 06:13:14 2027 GMT
        Subject: CN=5813622D8AD3D7C4D3D1FD6D34669632CBBA4869
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:04:c7:f6:37:94:1b:bd:7f:c2:f4:63:3b:6b:
                    7f:56:9e:93:c6:18:3e:20:e5:27:1e:42:5b:df:9a:
                    0f:70:1b:2c:9c:e3:60:35:05:a4:a7:ea:80:75:7d:
                    a8:d3:04:6d:f1:17:31:cd:2f:f4:5c:df:c3:cd:3a:
                    2b:a2:9b:8e:fc:f4:66:3d:47:a6:e4:5e:64:54:56:
                    15:52:f5:47:ff:47:36:f7:f4:84:8f:c1:6a:69:2e:
                    ff:58:70:0a:ff:c3:b3:79:7a:83:db:c4:fb:84:d4:
                    88:45:44:ef:13:35:64:3f:ee:a2:ea:76:90:f5:ca:
                    44:17:f8:da:bd:30:3e:ab:8d:31:76:0d:f3:0b:89:
                    b7:64:73:be:0f:f9:0e:a2:0d:2a:14:39:f5:a6:94:
                    65:b0:f7:c5:55:ca:81:a2:d8:f4:b0:b8:7f:69:81:
                    c4:c9:a0:53:b1:c6:d8:e1:e8:28:a1:7c:15:c5:87:
                    30:5e:ac:7b:e4:15:b2:aa:60:66:58:21:19:08:98:
                    27:31:c5:ad:f6:57:6c:de:c0:dc:c0:fb:0a:ac:bd:
                    97:85:df:fe:8f:59:14:f2:be:d5:a4:05:02:e3:fd:
                    18:a3:e0:81:4a:ca:8e:44:44:2f:0f:c6:6c:f4:c9:
                    77:41:f2:f0:ce:0f:96:e1:e0:53:ec:d5:b9:11:1f:
                    e5:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:13:62:2D:8A:D3:D7:C4:D3:D1:FD:6D:34:66:96:32:CB:BA:48:69
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144290.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a668::/32

    Signature Algorithm: sha256WithRSAEncryption
         db:73:4c:64:7e:8b:62:4c:06:a6:22:40:3f:c5:25:69:48:52:
         2e:d4:9a:f5:cc:f2:92:1a:53:c6:e1:80:6c:bb:ce:d2:9b:0b:
         a9:80:82:89:f1:fc:26:f6:54:69:fc:c5:36:c8:e6:26:e5:6e:
         86:68:d5:a5:ba:35:f5:b1:37:c9:41:5d:25:cc:1b:e1:3d:24:
         c5:a0:65:10:ad:52:83:9d:90:d8:5f:06:a1:4a:6d:a5:72:f7:
         28:58:a4:e7:51:1e:d4:ae:4e:34:5e:8a:7e:b6:df:a8:c4:07:
         8b:f6:14:09:9e:66:26:d3:3c:43:3f:81:a7:4b:33:12:e1:52:
         61:2b:b1:8a:a9:5e:1e:c7:83:c1:e5:65:b0:62:a4:df:72:6a:
         57:0d:90:84:28:bb:d2:a2:28:61:01:6f:88:74:1f:68:69:23:
         63:17:5b:e7:74:49:36:a7:d7:af:63:b2:8e:61:6c:d2:d3:3f:
         0e:f4:cc:9f:c4:6c:f6:de:6a:44:80:18:46:ac:9a:97:ea:f8:
         31:23:b3:25:a6:31:20:66:35:f9:f5:5c:25:6b:75:93:4d:e6:
         f8:5f:77:0e:19:2b:45:aa:62:67:92:2b:48:5e:68:b5:5d:8b:
         ae:b9:c8:88:04:d8:86:fd:a0:83:89:6c:b8:ac:c3:ed:7e:2d:
         71:7d:b1:e1
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUaCMJ8ha3HHLwP12eho8z+9HfRhQwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDgxNFoX
DTI3MDMwMzA2MTMxNFowMzExMC8GA1UEAxMoNTgxMzYyMkQ4QUQzRDdDNEQzRDFG
RDZEMzQ2Njk2MzJDQkJBNDg2OTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAN8Ex/Y3lBu9f8L0Yztrf1aek8YYPiDlJx5CW9+aD3AbLJzjYDUFpKfqgHV9
qNMEbfEXMc0v9Fzfw806K6Kbjvz0Zj1HpuReZFRWFVL1R/9HNvf0hI/Bamku/1hw
Cv/Ds3l6g9vE+4TUiEVE7xM1ZD/uoup2kPXKRBf42r0wPquNMXYN8wuJt2Rzvg/5
DqINKhQ59aaUZbD3xVXKgaLY9LC4f2mBxMmgU7HG2OHoKKF8FcWHMF6se+QVsqpg
ZlghGQiYJzHFrfZXbN7A3MD7Cqy9l4Xf/o9ZFPK+1aQFAuP9GKPggUrKjkRELw/G
bPTJd0Hy8M4PluHgU+zVuREf5bECAwEAAaOCAcUwggHBMB0GA1UdDgQWBBRYE2It
itPXxNPR/W00ZpYyy7pIaTAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDI5MC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
pmgwDQYJKoZIhvcNAQELBQADggEBANtzTGR+i2JMBqYiQD/FJWlIUi7UmvXM8pIa
U8bhgGy7ztKbC6mAgonx/Cb2VGn8xTbI5iblboZo1aW6NfWxN8lBXSXMG+E9JMWg
ZRCtUoOdkNhfBqFKbaVy9yhYpOdRHtSuTjRein6236jEB4v2FAmeZibTPEM/gadL
MxLhUmErsYqpXh7Hg8HlZbBipN9yalcNkIQou9KiKGEBb4h0H2hpI2MXW+d0STan
169jso5hbNLTPw70zJ/EbPbeakSAGEasmpfq+DEjsyWmMSBmNfn1XCVrdZNN5vhf
dw4ZK0WqYmeSK0heaLVdi665yIgE2Ib9oIOJbLisw+1+LXF9seE=
-----END CERTIFICATE-----