Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144353.roa
File:                     AS144353.roa (raw, json)
Hash identifier:          7ibM8686Wvd1MQ/cOSuw0NZoNccN0rpUdyF/PpPoQ/Y=
Subject key identifier:   1B:70:71:6B:2C:14:D4:3A:87:80:1C:00:F9:DD:A9:90:CE:25:DF:31
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       10513F999CFBD1A2DD2AC0559029225D2904AA90
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144353.roa
Signing time:             Wed 04 Mar 2026 06:13:44 +0000
ROA not before:           Wed 04 Mar 2026 06:08:44 +0000
ROA not after:            Wed 03 Mar 2027 06:13:44 +0000
asID:                     144353
IP address blocks:        240a:a6a7::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:51:3f:99:9c:fb:d1:a2:dd:2a:c0:55:90:29:22:5d:29:04:aa:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:08:44 2026 GMT
            Not After : Mar  3 06:13:44 2027 GMT
        Subject: CN=1B70716B2C14D43A87801C00F9DDA990CE25DF31
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:fc:ca:ce:d2:a7:71:0b:10:b0:09:57:40:01:
                    e9:a6:c7:8f:0f:ad:bc:ee:b7:e0:ee:91:a0:d5:07:
                    bc:6c:16:30:94:a5:c8:bb:f9:3c:01:bb:66:b0:a6:
                    63:d8:72:2a:a1:ca:da:a2:c2:6d:e0:5b:62:a5:66:
                    89:04:d0:b3:89:60:05:58:13:a5:1b:45:45:d8:71:
                    e9:e8:68:38:35:0d:1c:db:36:aa:28:89:9c:16:fa:
                    68:44:6e:30:e5:ec:3b:67:d9:32:5a:c0:7d:14:14:
                    10:a1:2f:a0:ea:5f:06:61:dc:46:f9:d5:c5:cb:d9:
                    79:cd:93:78:20:f5:b4:28:54:f8:56:b8:38:d9:fb:
                    d9:a5:35:5b:99:c3:6f:76:58:1b:95:93:9a:40:c2:
                    60:8b:ef:7e:7d:6b:37:48:ab:96:ba:09:dc:25:5d:
                    f7:ee:22:bb:e0:6f:36:cc:31:5b:e4:8d:dc:8b:1c:
                    8c:e3:ba:00:0c:bc:ed:08:cf:cb:a0:b5:b5:a7:ed:
                    73:ff:a5:5c:6a:9c:66:9d:f4:d5:93:47:ce:72:7d:
                    8f:1f:f0:39:5e:2d:5e:16:01:68:93:ba:38:fe:fc:
                    39:e5:a2:da:c1:d9:ba:4d:44:d2:f8:63:23:89:e1:
                    7a:f8:56:0d:07:e8:89:bb:e3:03:7c:92:69:cf:89:
                    81:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:70:71:6B:2C:14:D4:3A:87:80:1C:00:F9:DD:A9:90:CE:25:DF:31
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144353.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a6a7::/32

    Signature Algorithm: sha256WithRSAEncryption
         a6:af:fe:c7:b9:42:a8:02:01:17:1b:c7:26:6b:08:24:66:f9:
         dc:fe:bb:1b:73:95:06:02:b7:c8:44:f5:34:f5:98:13:f4:7d:
         2e:e4:c9:e4:75:42:26:20:45:92:f7:5c:55:1f:28:8a:2a:54:
         89:8c:85:1c:35:83:db:a5:e9:13:34:b9:f6:8c:ef:8f:c9:ca:
         25:ce:df:11:13:56:70:5e:c9:3b:4f:44:cf:c4:48:fc:ab:66:
         de:3d:3b:c4:4e:0c:ed:5f:20:ff:4f:05:c0:33:dc:c6:f4:75:
         19:e8:f5:67:eb:5a:70:96:34:39:ed:85:2d:cd:a2:89:67:e3:
         05:41:5b:ad:7a:c1:a5:c0:81:57:1c:21:5b:bf:2a:16:40:8e:
         f7:ca:11:ad:55:91:fe:c5:b9:69:0e:10:08:11:ce:41:16:bf:
         4f:62:38:4e:5e:d6:c2:52:3a:ff:5f:69:39:10:6f:58:d6:ba:
         36:57:cd:79:24:27:d7:1a:71:ae:4f:5d:cf:77:4a:7b:94:e2:
         81:8e:f7:92:7a:e0:f9:7f:c7:71:3e:9b:3f:1d:bd:12:11:62:
         5e:30:68:72:0a:6f:78:79:1c:34:8f:d6:73:86:4f:44:a5:f3:
         eb:82:69:c3:d0:d4:83:10:16:3c:ed:63:86:73:c2:8e:2c:e8:
         58:b4:17:84
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUEFE/mZz70aLdKsBVkCkiXSkEqpAwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDg0NFoX
DTI3MDMwMzA2MTM0NFowMzExMC8GA1UEAxMoMUI3MDcxNkIyQzE0RDQzQTg3ODAx
QzAwRjlEREE5OTBDRTI1REYzMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKr8ys7Sp3ELELAJV0AB6abHjw+tvO634O6RoNUHvGwWMJSlyLv5PAG7ZrCm
Y9hyKqHK2qLCbeBbYqVmiQTQs4lgBVgTpRtFRdhx6ehoODUNHNs2qiiJnBb6aERu
MOXsO2fZMlrAfRQUEKEvoOpfBmHcRvnVxcvZec2TeCD1tChU+Fa4ONn72aU1W5nD
b3ZYG5WTmkDCYIvvfn1rN0irlroJ3CVd9+4iu+BvNswxW+SN3IscjOO6AAy87QjP
y6C1taftc/+lXGqcZp301ZNHznJ9jx/wOV4tXhYBaJO6OP78OeWi2sHZuk1E0vhj
I4nhevhWDQfoibvjA3ySac+JgT8CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQbcHFr
LBTUOoeAHAD53amQziXfMTAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDM1My5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
pqcwDQYJKoZIhvcNAQELBQADggEBAKav/se5QqgCARcbxyZrCCRm+dz+uxtzlQYC
t8hE9TT1mBP0fS7kyeR1QiYgRZL3XFUfKIoqVImMhRw1g9ul6RM0ufaM74/JyiXO
3xETVnBeyTtPRM/ESPyrZt49O8RODO1fIP9PBcAz3Mb0dRno9WfrWnCWNDnthS3N
ooln4wVBW616waXAgVccIVu/KhZAjvfKEa1Vkf7FuWkOEAgRzkEWv09iOE5e1sJS
Ov9faTkQb1jWujZXzXkkJ9caca5PXc93SnuU4oGO95J64Pl/x3E+mz8dvRIRYl4w
aHIKb3h5HDSP1nOGT0Sl8+uCacPQ1IMQFjztY4Zzwo4s6Fi0F4Q=
-----END CERTIFICATE-----