Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144372.roa
File:                     AS144372.roa (raw, json)
Hash identifier:          1onl8Xy5XfrPRcW/5KMLcLHPSHhkXdC41d3IVMdG/GU=
Subject key identifier:   F6:9E:03:50:DF:4C:DA:8B:5B:EB:9C:CF:36:D5:74:64:E9:EE:39:C3
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       7A1610252296F7290926500FE14844E625CACBF3
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144372.roa
Signing time:             Wed 04 Mar 2026 06:12:59 +0000
ROA not before:           Wed 04 Mar 2026 06:07:59 +0000
ROA not after:            Wed 03 Mar 2027 06:12:59 +0000
asID:                     144372
IP address blocks:        240a:a6ba::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7a:16:10:25:22:96:f7:29:09:26:50:0f:e1:48:44:e6:25:ca:cb:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:07:59 2026 GMT
            Not After : Mar  3 06:12:59 2027 GMT
        Subject: CN=F69E0350DF4CDA8B5BEB9CCF36D57464E9EE39C3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:7a:92:e7:3a:49:b3:12:eb:ac:dc:67:1e:03:
                    72:e8:0b:a4:c3:f9:6c:e8:dc:a2:55:28:55:ba:9a:
                    d3:c6:89:9b:f3:6e:d7:c7:fb:d0:db:85:7b:4c:03:
                    87:20:63:b8:a7:6b:9a:14:77:e8:f5:2e:52:af:92:
                    76:8f:0a:8c:4e:6e:cf:45:85:5c:01:01:a9:5d:cf:
                    f3:98:a5:73:f2:f4:d0:85:c1:1d:e0:24:14:bc:cf:
                    e1:f2:9b:6f:3e:cd:2b:d4:1e:ef:0e:29:8c:ce:dc:
                    ff:00:1e:1c:26:f2:65:91:d0:bb:03:c9:70:d4:7f:
                    00:ad:36:1e:9f:68:13:bd:70:7b:61:a2:f4:fb:cb:
                    cb:f5:e1:75:f3:47:b9:06:f8:aa:48:16:93:03:db:
                    e7:46:78:76:e7:29:94:67:2f:b0:f0:71:b4:2f:69:
                    fa:60:e6:5b:6f:77:6c:9b:26:a3:23:f0:65:58:94:
                    0e:14:a1:3a:53:82:91:99:03:0c:a0:7c:ea:f8:ee:
                    22:8a:b2:8e:a6:da:a6:15:d7:b5:23:32:db:dc:4e:
                    d3:3d:78:cf:29:57:dd:05:ae:a8:9c:48:f1:e5:3b:
                    b9:52:9d:a7:a2:75:85:e0:ec:4f:7c:61:d9:0a:e3:
                    3c:12:8c:70:b3:77:84:2f:ec:9d:2e:03:11:57:ea:
                    ab:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:9E:03:50:DF:4C:DA:8B:5B:EB:9C:CF:36:D5:74:64:E9:EE:39:C3
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144372.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a6ba::/32

    Signature Algorithm: sha256WithRSAEncryption
         90:a6:0d:aa:e1:52:db:3a:a6:40:6f:1e:df:b2:16:42:52:c5:
         b9:f6:0e:98:39:cf:de:7f:7c:b3:7e:b7:2a:3e:0a:66:dc:4f:
         a9:5a:94:fd:3b:e8:63:91:80:c7:ac:49:73:8d:69:23:ad:5c:
         5f:d8:2d:ab:11:02:9e:b3:ca:96:45:9e:05:39:7a:80:3c:da:
         10:b4:59:11:12:43:24:1a:b2:78:28:54:e4:0a:eb:22:f1:eb:
         d1:67:d8:3a:5d:c2:63:95:b1:cb:8e:9d:da:85:50:49:a3:1c:
         9e:0c:c2:66:f1:b1:b9:95:d2:3b:18:80:a3:d4:1c:f1:fa:34:
         17:29:09:4c:1a:a2:10:3f:b8:d0:98:4a:e8:15:82:26:5d:46:
         3a:a1:62:93:70:af:6c:ae:b5:9a:59:d2:a2:e7:6b:76:a2:71:
         51:dd:a5:2f:0e:a8:84:50:b6:93:e1:1f:6c:2d:7e:e4:18:93:
         3a:2f:a5:bd:fd:88:3e:f4:d0:73:78:c9:1c:a7:36:bd:ec:2c:
         0c:5d:8a:e4:e4:3e:ed:3e:c7:42:c1:0e:d2:57:9b:b9:6d:29:
         68:6c:ab:7c:9d:4c:d2:c4:82:8f:ab:68:61:9f:72:28:83:90:
         8c:1e:48:0e:d9:25:eb:5e:47:f3:45:eb:54:c4:ee:35:f9:4e:
         46:00:70:c6
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUehYQJSKW9ykJJlAP4UhE5iXKy/MwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDc1OVoX
DTI3MDMwMzA2MTI1OVowMzExMC8GA1UEAxMoRjY5RTAzNTBERjRDREE4QjVCRUI5
Q0NGMzZENTc0NjRFOUVFMzlDMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOV6kuc6SbMS66zcZx4DcugLpMP5bOjcolUoVbqa08aJm/Nu18f70NuFe0wD
hyBjuKdrmhR36PUuUq+Sdo8KjE5uz0WFXAEBqV3P85ilc/L00IXBHeAkFLzP4fKb
bz7NK9Qe7w4pjM7c/wAeHCbyZZHQuwPJcNR/AK02Hp9oE71we2Gi9PvLy/XhdfNH
uQb4qkgWkwPb50Z4ducplGcvsPBxtC9p+mDmW293bJsmoyPwZViUDhShOlOCkZkD
DKB86vjuIoqyjqbaphXXtSMy29xO0z14zylX3QWuqJxI8eU7uVKdp6J1heDsT3xh
2QrjPBKMcLN3hC/snS4DEVfqq1cCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBT2ngNQ
30zai1vrnM821XRk6e45wzAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDM3Mi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
prowDQYJKoZIhvcNAQELBQADggEBAJCmDarhUts6pkBvHt+yFkJSxbn2Dpg5z95/
fLN+tyo+CmbcT6lalP076GORgMesSXONaSOtXF/YLasRAp6zypZFngU5eoA82hC0
WRESQyQasngoVOQK6yLx69Fn2DpdwmOVscuOndqFUEmjHJ4MwmbxsbmV0jsYgKPU
HPH6NBcpCUwaohA/uNCYSugVgiZdRjqhYpNwr2yutZpZ0qLna3aicVHdpS8OqIRQ
tpPhH2wtfuQYkzovpb39iD700HN4yRynNr3sLAxdiuTkPu0+x0LBDtJXm7ltKWhs
q3ydTNLEgo+raGGfciiDkIweSA7ZJeteR/NF61TE7jX5TkYAcMY=
-----END CERTIFICATE-----