Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144370.roa
File:                     AS144370.roa (raw, json)
Hash identifier:          YHEFxkKnvXYoZgrwUYu/9meDHf17JG8ua1zBXwGU5Vs=
Subject key identifier:   BC:19:33:85:CC:A3:52:48:78:45:12:D0:E6:F4:33:02:BE:D5:A0:D6
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       6F685FBE5DB0F17A6574EC9C75565618A09F9B91
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144370.roa
Signing time:             Wed 04 Mar 2026 06:14:44 +0000
ROA not before:           Wed 04 Mar 2026 06:09:44 +0000
ROA not after:            Wed 03 Mar 2027 06:14:44 +0000
asID:                     144370
IP address blocks:        240a:a6b8::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6f:68:5f:be:5d:b0:f1:7a:65:74:ec:9c:75:56:56:18:a0:9f:9b:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:09:44 2026 GMT
            Not After : Mar  3 06:14:44 2027 GMT
        Subject: CN=BC193385CCA35248784512D0E6F43302BED5A0D6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:f9:6d:61:86:db:28:a4:32:c3:dc:4f:fe:63:
                    2b:83:46:05:50:12:12:a8:28:5d:7c:a2:01:84:10:
                    b2:df:94:b1:68:c5:99:f4:35:a9:9f:ff:93:98:71:
                    dc:b3:ac:b8:86:3b:92:a7:04:60:32:33:29:fe:aa:
                    90:c6:b7:84:59:f4:31:03:8c:3f:a0:ee:af:8c:5d:
                    d9:44:76:51:7b:88:fe:0f:ab:ac:d2:27:35:25:bb:
                    7d:ab:60:80:a8:e1:fe:08:cb:9e:77:07:78:c8:58:
                    29:e3:81:df:ea:82:9b:8b:6e:7d:5c:69:50:11:b4:
                    a2:71:8a:79:44:f5:fe:87:60:61:e3:14:5c:bf:4a:
                    7b:fa:52:1a:dd:5c:73:b2:36:3c:d5:b1:12:0e:29:
                    a0:7f:fb:f2:e7:31:cd:43:d8:5d:23:04:e5:ab:9a:
                    8f:f0:c3:d3:41:18:fa:f1:e5:4e:bc:4c:9c:28:d7:
                    d1:e3:8c:f4:16:e9:39:34:f0:6c:a0:b6:c9:a5:c5:
                    0a:94:3f:88:be:b5:58:f4:ba:ec:73:9c:4b:79:80:
                    9b:36:aa:18:f8:21:f6:57:2b:dc:09:c0:0c:77:5f:
                    ff:c3:f8:b6:fb:87:22:67:80:d8:97:34:3b:12:de:
                    e0:a3:7b:74:ae:2c:44:56:1d:96:35:e4:4c:2f:14:
                    6b:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:19:33:85:CC:A3:52:48:78:45:12:D0:E6:F4:33:02:BE:D5:A0:D6
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144370.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a6b8::/32

    Signature Algorithm: sha256WithRSAEncryption
         99:ee:b6:a0:a9:48:6a:5d:e3:80:39:2e:80:15:e4:8e:d8:24:
         c5:9f:ea:fa:27:b9:2d:9f:cf:b8:7c:8b:07:29:86:b6:30:4d:
         22:b7:fe:0d:19:a9:e6:94:dd:2d:f9:d5:0d:00:56:15:aa:ab:
         f1:d4:29:22:fa:5a:fd:24:5d:20:35:0b:73:2b:3c:03:b0:77:
         c0:46:34:34:7a:6b:29:27:f3:30:dd:a8:ae:4b:59:87:d9:75:
         1e:eb:61:c9:59:6d:83:8c:e1:a3:86:d4:16:7d:cd:f6:7d:6d:
         05:c5:8e:f4:15:79:a4:17:44:67:21:3f:4e:90:92:14:e6:fa:
         1f:45:21:47:f3:e3:f2:97:3b:2a:8a:2f:5e:71:58:4a:c2:91:
         15:81:8b:1c:70:ee:66:c5:a6:a0:e2:15:d5:03:8d:8f:94:7d:
         56:ee:50:3e:4a:7e:34:22:c9:9d:d0:a4:2e:d3:78:ec:e4:cc:
         62:02:fc:e1:3a:c9:ca:17:9d:cf:d9:f1:26:a2:04:6a:66:12:
         93:37:3b:ce:a5:ee:3d:e4:b2:ab:49:d9:2a:21:b7:29:f8:79:
         23:f7:3a:49:cb:bc:c4:41:dd:45:d8:a0:5a:97:a6:2e:28:a4:
         0b:2e:a3:10:9a:e8:e3:82:2f:8c:9a:6d:2c:cc:db:ae:e3:e8:
         60:ed:ca:1f
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUb2hfvl2w8XpldOycdVZWGKCfm5EwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDk0NFoX
DTI3MDMwMzA2MTQ0NFowMzExMC8GA1UEAxMoQkMxOTMzODVDQ0EzNTI0ODc4NDUx
MkQwRTZGNDMzMDJCRUQ1QTBENjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJ35bWGG2yikMsPcT/5jK4NGBVASEqgoXXyiAYQQst+UsWjFmfQ1qZ//k5hx
3LOsuIY7kqcEYDIzKf6qkMa3hFn0MQOMP6Dur4xd2UR2UXuI/g+rrNInNSW7fatg
gKjh/gjLnncHeMhYKeOB3+qCm4tufVxpUBG0onGKeUT1/odgYeMUXL9Ke/pSGt1c
c7I2PNWxEg4poH/78ucxzUPYXSME5auaj/DD00EY+vHlTrxMnCjX0eOM9BbpOTTw
bKC2yaXFCpQ/iL61WPS67HOcS3mAmzaqGPgh9lcr3AnADHdf/8P4tvuHImeA2Jc0
OxLe4KN7dK4sRFYdljXkTC8Ua5kCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBS8GTOF
zKNSSHhFEtDm9DMCvtWg1jAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDM3MC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
prgwDQYJKoZIhvcNAQELBQADggEBAJnutqCpSGpd44A5LoAV5I7YJMWf6vonuS2f
z7h8iwcphrYwTSK3/g0ZqeaU3S351Q0AVhWqq/HUKSL6Wv0kXSA1C3MrPAOwd8BG
NDR6aykn8zDdqK5LWYfZdR7rYclZbYOM4aOG1BZ9zfZ9bQXFjvQVeaQXRGchP06Q
khTm+h9FIUfz4/KXOyqKL15xWErCkRWBixxw7mbFpqDiFdUDjY+UfVbuUD5KfjQi
yZ3QpC7TeOzkzGIC/OE6ycoXnc/Z8SaiBGpmEpM3O86l7j3ksqtJ2Sohtyn4eSP3
OknLvMRB3UXYoFqXpi4opAsuoxCa6OOCL4yabSzM267j6GDtyh8=
-----END CERTIFICATE-----