Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144312.roa
File:                     AS144312.roa (raw, json)
Hash identifier:          kB6ZUBaBaEtruBwIQC+X8kGnEl0NgnPVQoq++B02cDU=
Subject key identifier:   6D:F2:D9:B1:BB:FE:FF:CF:50:E6:C5:59:95:05:02:F9:8C:7F:6F:21
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       3D862FD9C74460034834DC9962D929CDCC16AAE2
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144312.roa
Signing time:             Wed 04 Mar 2026 06:13:07 +0000
ROA not before:           Wed 04 Mar 2026 06:08:07 +0000
ROA not after:            Wed 03 Mar 2027 06:13:07 +0000
asID:                     144312
IP address blocks:        240a:a67e::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:86:2f:d9:c7:44:60:03:48:34:dc:99:62:d9:29:cd:cc:16:aa:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:08:07 2026 GMT
            Not After : Mar  3 06:13:07 2027 GMT
        Subject: CN=6DF2D9B1BBFEFFCF50E6C559950502F98C7F6F21
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:b0:38:09:74:69:8c:a6:a5:6c:41:c5:9b:a1:
                    d7:34:a3:0e:d5:6b:7f:8f:a2:45:ff:96:3f:47:62:
                    90:07:13:c2:1d:73:36:46:26:dd:df:69:5b:f7:d1:
                    a1:aa:5f:ae:6b:a3:17:fa:e9:e9:18:33:81:df:f7:
                    cc:5a:70:5c:0a:55:14:42:19:7a:7c:42:47:ef:4f:
                    e2:fb:68:6e:8f:62:8c:c8:d2:96:68:a5:b7:c6:7a:
                    df:9a:95:04:20:32:53:73:79:64:4a:0b:27:66:59:
                    3a:04:22:e4:ff:6a:66:f5:66:bb:66:d3:4e:a2:c9:
                    37:20:ee:66:65:f5:4c:1a:21:e8:1c:fe:29:e5:8c:
                    09:35:ac:f4:37:73:d7:8d:a9:55:d8:52:af:95:4c:
                    ee:51:6c:dc:a3:e9:57:79:53:94:b2:eb:d4:e1:ca:
                    25:48:01:2e:ff:7d:80:1f:de:bf:2a:e6:77:85:90:
                    4f:a1:1a:f5:ab:d5:81:b5:d9:59:d8:d1:97:54:6e:
                    77:0d:e1:d5:3c:cb:93:05:a9:22:dc:20:cf:bb:e6:
                    24:a1:4f:15:1e:f7:d4:7d:57:13:e9:cf:cd:b2:1c:
                    32:a5:4b:61:4b:d5:7f:33:ba:93:81:f5:41:52:d3:
                    9b:ba:58:9e:d7:e1:4e:d4:f1:92:ba:f3:ab:cd:67:
                    56:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:F2:D9:B1:BB:FE:FF:CF:50:E6:C5:59:95:05:02:F9:8C:7F:6F:21
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144312.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a67e::/32

    Signature Algorithm: sha256WithRSAEncryption
         a7:ca:4d:6d:27:c0:b1:83:8c:66:9d:69:57:38:5a:dc:6f:24:
         31:91:a2:75:e2:6f:0b:ad:19:e8:19:3c:96:3c:87:46:e5:59:
         ba:52:7e:b0:e8:aa:3e:f5:25:b6:2b:dd:8c:26:80:93:2f:ba:
         da:1f:fd:84:5b:7d:b0:6d:d2:23:6b:e6:1a:02:c7:1c:51:3d:
         a6:e8:17:c0:f4:8d:d8:6e:0d:b9:33:c6:f2:34:5f:c7:ed:f8:
         ec:c3:6c:41:13:ed:28:59:b2:1f:d7:35:70:b0:0f:de:de:b2:
         33:73:b1:38:7a:4a:8c:43:2e:11:31:3f:d4:52:21:83:cb:d2:
         ca:3e:00:3f:e8:45:02:5f:85:c0:c0:0f:2c:94:64:76:d3:68:
         c6:c9:90:1d:7c:a6:ad:60:e3:b2:78:a3:3c:88:4b:08:ca:61:
         3d:bd:5b:44:c2:64:e3:86:ce:53:82:0f:bc:89:8f:73:df:1d:
         c9:80:e0:e6:95:0f:b2:f5:c4:d4:37:c1:65:28:b0:d5:a9:4e:
         d7:64:01:37:46:c1:ba:91:8e:fa:bd:6b:3d:ab:7e:77:11:3c:
         70:c6:65:c8:4c:13:30:fe:7e:c1:98:3d:08:d8:fc:c9:68:f6:
         84:f0:30:39:fb:67:78:0a:7b:dd:ed:9b:06:97:f6:a7:85:ac:
         47:76:95:31
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUPYYv2cdEYANINNyZYtkpzcwWquIwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDgwN1oX
DTI3MDMwMzA2MTMwN1owMzExMC8GA1UEAxMoNkRGMkQ5QjFCQkZFRkZDRjUwRTZD
NTU5OTUwNTAyRjk4QzdGNkYyMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJawOAl0aYympWxBxZuh1zSjDtVrf4+iRf+WP0dikAcTwh1zNkYm3d9pW/fR
oapfrmujF/rp6Rgzgd/3zFpwXApVFEIZenxCR+9P4vtobo9ijMjSlmilt8Z635qV
BCAyU3N5ZEoLJ2ZZOgQi5P9qZvVmu2bTTqLJNyDuZmX1TBoh6Bz+KeWMCTWs9Ddz
142pVdhSr5VM7lFs3KPpV3lTlLLr1OHKJUgBLv99gB/evyrmd4WQT6Ea9avVgbXZ
WdjRl1Rudw3h1TzLkwWpItwgz7vmJKFPFR731H1XE+nPzbIcMqVLYUvVfzO6k4H1
QVLTm7pYntfhTtTxkrrzq81nVu0CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBRt8tmx
u/7/z1DmxVmVBQL5jH9vITAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDMxMi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
pn4wDQYJKoZIhvcNAQELBQADggEBAKfKTW0nwLGDjGadaVc4WtxvJDGRonXibwut
GegZPJY8h0blWbpSfrDoqj71JbYr3YwmgJMvutof/YRbfbBt0iNr5hoCxxxRPabo
F8D0jdhuDbkzxvI0X8ft+OzDbEET7ShZsh/XNXCwD97esjNzsTh6SoxDLhExP9RS
IYPL0so+AD/oRQJfhcDADyyUZHbTaMbJkB18pq1g47J4ozyISwjKYT29W0TCZOOG
zlOCD7yJj3PfHcmA4OaVD7L1xNQ3wWUosNWpTtdkATdGwbqRjvq9az2rfncRPHDG
ZchMEzD+fsGYPQjY/Mlo9oTwMDn7Z3gKe93tmwaX9qeFrEd2lTE=
-----END CERTIFICATE-----