Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144292.roa
File:                     AS144292.roa (raw, json)
Hash identifier:          ghTb+lbz2DhBuQdfVfJEkBCmh135Iey9IvK1FZP4SoU=
Subject key identifier:   BB:B3:B2:CB:39:FE:AD:38:B9:9B:48:B2:8F:F6:D9:A6:5C:07:57:A0
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       50FC55DADBFB12EF1A5258977D96300B78731377
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144292.roa
Signing time:             Wed 04 Mar 2026 06:13:48 +0000
ROA not before:           Wed 04 Mar 2026 06:08:48 +0000
ROA not after:            Wed 03 Mar 2027 06:13:48 +0000
asID:                     144292
IP address blocks:        240a:a66a::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            50:fc:55:da:db:fb:12:ef:1a:52:58:97:7d:96:30:0b:78:73:13:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:08:48 2026 GMT
            Not After : Mar  3 06:13:48 2027 GMT
        Subject: CN=BBB3B2CB39FEAD38B99B48B28FF6D9A65C0757A0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:7e:58:9f:db:4a:67:f6:52:2d:45:c4:b7:1a:
                    ce:76:07:a6:5d:e6:3d:01:5f:b4:fd:ef:cc:91:d7:
                    13:2d:12:4c:16:99:09:92:f6:ed:20:38:f1:50:c1:
                    a4:dc:a7:44:de:ef:31:8b:1c:fd:7a:f4:4f:03:6a:
                    cb:52:36:65:1c:2a:d9:7c:0f:84:8d:8a:99:a0:f4:
                    e5:8f:f3:be:02:89:0b:c7:c0:68:f9:c8:48:59:e5:
                    23:4d:a9:ac:64:71:c5:b5:78:0c:73:64:8d:e5:4e:
                    ea:93:85:ce:76:c1:c9:6c:5e:92:4d:14:87:45:53:
                    fa:80:4d:e9:4b:85:c9:cd:a4:d1:8a:73:cb:1d:e4:
                    48:eb:aa:71:45:f6:2f:3a:f1:ea:01:dd:66:40:1b:
                    fc:fa:4e:18:63:59:77:0f:f8:e6:15:89:bf:5b:89:
                    74:4c:b1:d3:86:bb:10:0c:9d:a2:79:f7:00:27:f0:
                    a8:72:bc:1c:51:88:10:35:de:1a:1e:74:c7:da:a3:
                    b1:0a:07:24:fe:40:0b:e4:f2:76:39:eb:c4:65:7e:
                    8f:bf:4c:93:8b:78:02:fd:7a:59:d0:4f:78:ac:92:
                    58:50:9c:cf:77:bb:5c:60:79:dd:07:f9:71:5f:0d:
                    d8:a8:6c:b4:c8:84:ab:4d:95:5b:d2:71:d7:45:74:
                    86:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:B3:B2:CB:39:FE:AD:38:B9:9B:48:B2:8F:F6:D9:A6:5C:07:57:A0
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144292.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a66a::/32

    Signature Algorithm: sha256WithRSAEncryption
         97:56:85:0b:a2:b5:30:49:6b:94:5e:39:a7:41:4a:42:70:21:
         77:e7:55:09:c5:da:3a:1e:fe:71:a6:98:43:a6:f0:50:40:9b:
         56:73:a1:fe:a1:c8:12:f9:08:43:e1:21:77:b8:cd:62:89:5c:
         51:ae:ab:82:6e:9e:2a:c9:7f:41:c7:96:ff:ad:3f:7d:db:b5:
         25:0d:00:d3:5b:68:b6:9b:4c:4f:da:f8:82:66:aa:2b:67:e5:
         de:6c:8c:c1:5b:15:56:fd:10:b5:1f:a6:c8:d8:84:54:91:45:
         c2:28:c8:cd:01:23:46:4d:45:02:c7:b7:d1:d2:ed:2d:3c:70:
         aa:fa:46:36:af:95:92:19:08:ba:09:b5:17:77:d3:ba:13:bf:
         7b:5f:61:5d:de:cd:09:1b:28:10:1a:b1:9b:04:ed:35:8d:ea:
         d6:eb:2c:f5:90:b0:c1:81:b4:fe:a7:f4:ab:fd:71:0c:f5:6f:
         fe:e9:01:a2:70:d0:d9:18:cd:e5:a1:22:24:79:ff:7a:43:53:
         b2:27:e3:63:60:d5:67:0b:09:45:4f:51:d7:ce:04:11:f5:2d:
         ad:e8:6b:e1:a6:92:2c:84:27:34:ab:41:4d:17:a4:36:34:f6:
         16:75:46:38:22:68:25:70:c3:52:05:74:2e:29:40:41:bb:53:
         a1:99:f3:d3
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUUPxV2tv7Eu8aUliXfZYwC3hzE3cwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDg0OFoX
DTI3MDMwMzA2MTM0OFowMzExMC8GA1UEAxMoQkJCM0IyQ0IzOUZFQUQzOEI5OUI0
OEIyOEZGNkQ5QTY1QzA3NTdBMDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALt+WJ/bSmf2Ui1FxLcaznYHpl3mPQFftP3vzJHXEy0STBaZCZL27SA48VDB
pNynRN7vMYsc/Xr0TwNqy1I2ZRwq2XwPhI2KmaD05Y/zvgKJC8fAaPnISFnlI02p
rGRxxbV4DHNkjeVO6pOFznbByWxekk0Uh0VT+oBN6UuFyc2k0Ypzyx3kSOuqcUX2
Lzrx6gHdZkAb/PpOGGNZdw/45hWJv1uJdEyx04a7EAydonn3ACfwqHK8HFGIEDXe
Gh50x9qjsQoHJP5AC+TydjnrxGV+j79Mk4t4Av16WdBPeKySWFCcz3e7XGB53Qf5
cV8N2KhstMiEq02VW9Jx10V0htsCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBS7s7LL
Of6tOLmbSLKP9tmmXAdXoDAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDI5Mi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
pmowDQYJKoZIhvcNAQELBQADggEBAJdWhQuitTBJa5ReOadBSkJwIXfnVQnF2joe
/nGmmEOm8FBAm1Zzof6hyBL5CEPhIXe4zWKJXFGuq4JunirJf0HHlv+tP33btSUN
ANNbaLabTE/a+IJmqitn5d5sjMFbFVb9ELUfpsjYhFSRRcIoyM0BI0ZNRQLHt9HS
7S08cKr6RjavlZIZCLoJtRd307oTv3tfYV3ezQkbKBAasZsE7TWN6tbrLPWQsMGB
tP6n9Kv9cQz1b/7pAaJw0NkYzeWhIiR5/3pDU7In42Ng1WcLCUVPUdfOBBH1La3o
a+GmkiyEJzSrQU0XpDY09hZ1RjgiaCVww1IFdC4pQEG7U6GZ89M=
-----END CERTIFICATE-----