Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144297.roa
File:                     AS144297.roa (raw, json)
Hash identifier:          VuVeLUdGjuUijCSUKPFR/4a+HTCPfcQ6oXLur8WVrSA=
Subject key identifier:   60:71:62:6D:5F:40:0A:72:D2:B2:6F:8B:D3:CB:18:F0:67:1A:2E:0D
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       4A815BD4CD9EFBCE598F6FF9FDD291ED05AFB596
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144297.roa
Signing time:             Wed 04 Mar 2026 06:13:42 +0000
ROA not before:           Wed 04 Mar 2026 06:08:42 +0000
ROA not after:            Wed 03 Mar 2027 06:13:42 +0000
asID:                     144297
IP address blocks:        240a:a66f::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4a:81:5b:d4:cd:9e:fb:ce:59:8f:6f:f9:fd:d2:91:ed:05:af:b5:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:08:42 2026 GMT
            Not After : Mar  3 06:13:42 2027 GMT
        Subject: CN=6071626D5F400A72D2B26F8BD3CB18F0671A2E0D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:42:b1:a2:40:41:28:22:2e:d2:aa:a3:e6:44:
                    01:e0:be:77:e1:dc:2b:a7:50:31:73:e1:2d:d3:f1:
                    c5:3d:05:44:15:89:94:6f:ea:5d:d9:d1:07:58:94:
                    69:0e:8b:19:3e:96:38:a5:c6:bd:f0:05:da:87:90:
                    75:a9:21:df:85:05:35:8e:30:36:f4:59:a4:8d:1e:
                    f0:21:56:96:01:17:7b:d8:2a:6d:f0:c9:cb:c5:05:
                    ab:2e:9b:7d:40:0a:8a:e2:37:82:d4:fc:0b:f5:28:
                    54:0b:e6:1c:fc:52:bc:3d:10:ca:eb:97:41:3a:0d:
                    b9:d8:ab:8f:2b:ea:b0:8a:c3:e1:d9:46:9d:f5:c2:
                    26:93:4d:b8:2c:d9:fa:e7:f8:ad:41:da:2a:7b:42:
                    98:e7:e1:5c:f9:92:01:3b:cb:ed:44:27:3a:a8:74:
                    50:a3:f5:06:78:87:a6:9a:48:fc:1f:5c:c8:c3:d6:
                    bc:c5:52:b6:48:d7:58:05:38:4f:ab:cc:26:12:48:
                    06:73:87:f1:05:74:74:a2:d6:ca:e3:10:58:65:bf:
                    37:99:bf:7e:67:29:f7:67:7f:6f:f2:f3:92:82:07:
                    46:93:75:57:48:4a:df:1a:67:71:b3:14:bf:86:6a:
                    76:19:aa:c9:8d:3c:ee:06:bb:92:75:8f:1d:43:9a:
                    1c:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:71:62:6D:5F:40:0A:72:D2:B2:6F:8B:D3:CB:18:F0:67:1A:2E:0D
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144297.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a66f::/32

    Signature Algorithm: sha256WithRSAEncryption
         a8:bb:64:95:5c:2b:7c:87:be:ce:d3:bd:e7:6c:c8:4f:57:35:
         7b:77:44:58:0f:6c:e4:dd:6a:c8:8e:65:3d:f2:05:12:bb:73:
         d0:73:fe:28:18:e1:46:49:a9:34:58:24:0f:67:a7:5f:03:5e:
         91:a4:8b:f6:93:77:71:d2:1b:4b:43:d3:a9:5a:cb:c0:78:58:
         5a:b0:18:99:0f:25:d3:23:b0:c1:68:17:6b:c7:a0:29:e0:e6:
         85:4d:d4:c0:51:19:e9:3b:17:b0:e9:c0:ec:9b:a8:ea:e8:ce:
         f2:60:f3:21:1e:67:3d:e4:f1:1b:ca:ae:a2:92:84:3d:ac:bb:
         43:26:09:f6:2f:f9:f2:89:93:5b:ce:d5:a4:d8:d1:52:03:1a:
         39:5f:2d:21:37:cb:c0:3f:cc:c8:62:8a:02:22:19:b4:ab:07:
         38:b4:72:2c:e5:3d:ce:5b:fe:1f:aa:51:de:c8:10:f9:95:49:
         6d:94:2e:f2:8d:c7:31:73:c4:20:ba:de:f8:33:aa:31:ff:a3:
         00:8e:fa:08:a5:59:50:7a:db:d3:4f:88:5e:1f:e4:a4:f5:ae:
         e7:65:7d:ba:4a:ad:6e:88:66:03:0d:3c:b7:35:27:9c:55:da:
         85:83:54:45:8b:a9:34:39:63:f0:80:0a:3e:a5:34:3d:d1:47:
         a1:3d:20:37
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUSoFb1M2e+85Zj2/5/dKR7QWvtZYwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDg0MloX
DTI3MDMwMzA2MTM0MlowMzExMC8GA1UEAxMoNjA3MTYyNkQ1RjQwMEE3MkQyQjI2
RjhCRDNDQjE4RjA2NzFBMkUwRDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJBCsaJAQSgiLtKqo+ZEAeC+d+HcK6dQMXPhLdPxxT0FRBWJlG/qXdnRB1iU
aQ6LGT6WOKXGvfAF2oeQdakh34UFNY4wNvRZpI0e8CFWlgEXe9gqbfDJy8UFqy6b
fUAKiuI3gtT8C/UoVAvmHPxSvD0QyuuXQToNudirjyvqsIrD4dlGnfXCJpNNuCzZ
+uf4rUHaKntCmOfhXPmSATvL7UQnOqh0UKP1BniHpppI/B9cyMPWvMVStkjXWAU4
T6vMJhJIBnOH8QV0dKLWyuMQWGW/N5m/fmcp92d/b/LzkoIHRpN1V0hK3xpncbMU
v4ZqdhmqyY087ga7knWPHUOaHOECAwEAAaOCAcUwggHBMB0GA1UdDgQWBBRgcWJt
X0AKctKyb4vTyxjwZxouDTAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDI5Ny5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
pm8wDQYJKoZIhvcNAQELBQADggEBAKi7ZJVcK3yHvs7TvedsyE9XNXt3RFgPbOTd
asiOZT3yBRK7c9Bz/igY4UZJqTRYJA9np18DXpGki/aTd3HSG0tD06lay8B4WFqw
GJkPJdMjsMFoF2vHoCng5oVN1MBRGek7F7DpwOybqOrozvJg8yEeZz3k8RvKrqKS
hD2su0MmCfYv+fKJk1vO1aTY0VIDGjlfLSE3y8A/zMhiigIiGbSrBzi0cizlPc5b
/h+qUd7IEPmVSW2ULvKNxzFzxCC63vgzqjH/owCO+gilWVB629NPiF4f5KT1rudl
fbpKrW6IZgMNPLc1J5xV2oWDVEWLqTQ5Y/CACj6lND3RR6E9IDc=
-----END CERTIFICATE-----