Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144384.roa
File:                     AS144384.roa (raw, json)
Hash identifier:          Psnm3H8YSwD6Xohh8zv3L8p2HFzLuXwsuWK0aacLgXc=
Subject key identifier:   4E:72:D1:E9:62:67:C8:58:4D:94:0C:68:9D:38:72:6F:DF:92:C4:C5
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       7A8CE00E64550F029F88738C2392BCF7E6969C80
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144384.roa
Signing time:             Wed 04 Mar 2026 06:13:22 +0000
ROA not before:           Wed 04 Mar 2026 06:08:22 +0000
ROA not after:            Wed 03 Mar 2027 06:13:22 +0000
asID:                     144384
IP address blocks:        240a:a6c6::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7a:8c:e0:0e:64:55:0f:02:9f:88:73:8c:23:92:bc:f7:e6:96:9c:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:08:22 2026 GMT
            Not After : Mar  3 06:13:22 2027 GMT
        Subject: CN=4E72D1E96267C8584D940C689D38726FDF92C4C5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:8a:23:40:ba:d6:c8:8f:57:61:b7:47:97:a9:
                    59:5c:9a:e3:e3:09:6a:1f:3d:b2:8c:20:8f:96:3d:
                    8d:22:5d:a1:a6:6a:b1:43:bd:d7:f3:01:dd:d5:87:
                    4b:75:b3:78:a6:a6:7b:50:a1:0a:1c:e4:c0:44:c7:
                    96:65:b1:eb:7d:99:02:6f:33:af:9a:89:d6:37:df:
                    d5:df:75:dc:8f:a2:fd:e7:e8:8c:9c:90:36:9d:c2:
                    9a:8c:84:19:ef:32:b7:84:95:81:7b:93:1a:30:6a:
                    8e:c4:ac:2c:fb:e3:59:da:00:bc:47:69:db:c6:1e:
                    ac:52:10:8f:76:ab:44:09:34:9a:b0:2c:4f:5b:7d:
                    41:f7:84:39:dd:56:b4:fe:cf:3f:cc:a6:f9:57:9c:
                    2b:af:8e:ed:4c:b6:d3:3f:55:8c:f0:15:bc:4d:ab:
                    72:aa:2f:4e:b9:7a:b6:e9:a8:2a:36:00:44:2d:39:
                    6a:8c:07:a0:f1:63:5f:d0:94:4c:61:f5:c9:be:6e:
                    b2:6e:8f:c5:a8:4b:e6:9b:e7:54:a0:35:1c:80:e8:
                    a6:fe:30:5d:22:3d:11:53:d7:26:64:28:bc:fc:6f:
                    1a:f6:81:7c:0a:97:11:d8:d7:4c:55:d0:ab:ef:b4:
                    5b:f1:2c:38:b0:8a:f4:c6:36:85:93:16:20:0e:a4:
                    40:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:72:D1:E9:62:67:C8:58:4D:94:0C:68:9D:38:72:6F:DF:92:C4:C5
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144384.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a6c6::/32

    Signature Algorithm: sha256WithRSAEncryption
         ae:46:ec:dc:4d:f0:f3:b2:71:99:cc:76:02:76:ea:ab:4b:19:
         0b:dc:14:d2:3d:9f:a6:9c:39:f9:21:a0:4a:31:26:87:42:8d:
         04:a8:aa:1a:d7:7a:f7:51:b4:54:97:84:17:0d:a7:60:f6:8f:
         5e:cf:4b:1e:38:6d:46:68:6e:a2:e2:e9:b3:a7:59:a3:c9:93:
         4e:6b:31:8e:e9:1e:39:e2:16:4d:0e:db:e1:b6:fa:4c:ed:0c:
         03:0c:e8:b7:67:ca:61:75:a0:6d:fb:7f:7e:c1:6e:24:68:7b:
         af:93:41:43:f4:ea:9d:6c:2f:84:3c:80:40:f0:c6:66:66:c0:
         f2:51:78:95:89:9b:63:c2:46:c9:e7:80:0b:6a:51:91:a3:13:
         cf:08:5a:40:96:ae:c2:93:e3:17:ec:67:14:20:a0:66:83:ee:
         7c:6b:e3:65:e2:f3:9d:99:23:54:a5:7d:ba:0d:fe:3a:a4:9f:
         ec:29:a1:5e:3c:c4:39:60:18:fa:5f:cc:07:fe:80:e5:64:70:
         10:94:35:7c:46:4a:a2:c3:a5:6d:0e:76:da:c7:98:3c:03:30:
         b0:c6:25:d5:62:47:20:e1:bb:8a:19:c7:d7:fe:55:65:6e:18:
         e9:95:5c:5a:69:dc:ca:47:ee:52:b1:51:a4:68:66:53:5f:29:
         24:16:9a:13
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUeozgDmRVDwKfiHOMI5K89+aWnIAwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDgyMloX
DTI3MDMwMzA2MTMyMlowMzExMC8GA1UEAxMoNEU3MkQxRTk2MjY3Qzg1ODREOTQw
QzY4OUQzODcyNkZERjkyQzRDNTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALWKI0C61siPV2G3R5epWVya4+MJah89sowgj5Y9jSJdoaZqsUO91/MB3dWH
S3WzeKame1ChChzkwETHlmWx632ZAm8zr5qJ1jff1d913I+i/efojJyQNp3CmoyE
Ge8yt4SVgXuTGjBqjsSsLPvjWdoAvEdp28YerFIQj3arRAk0mrAsT1t9QfeEOd1W
tP7PP8ym+VecK6+O7Uy20z9VjPAVvE2rcqovTrl6tumoKjYARC05aowHoPFjX9CU
TGH1yb5usm6PxahL5pvnVKA1HIDopv4wXSI9EVPXJmQovPxvGvaBfAqXEdjXTFXQ
q++0W/EsOLCK9MY2hZMWIA6kQM0CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBROctHp
YmfIWE2UDGidOHJv35LExTAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDM4NC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
psYwDQYJKoZIhvcNAQELBQADggEBAK5G7NxN8POycZnMdgJ26qtLGQvcFNI9n6ac
OfkhoEoxJodCjQSoqhrXevdRtFSXhBcNp2D2j17PSx44bUZobqLi6bOnWaPJk05r
MY7pHjniFk0O2+G2+kztDAMM6LdnymF1oG37f37BbiRoe6+TQUP06p1sL4Q8gEDw
xmZmwPJReJWJm2PCRsnngAtqUZGjE88IWkCWrsKT4xfsZxQgoGaD7nxr42Xi852Z
I1SlfboN/jqkn+wpoV48xDlgGPpfzAf+gOVkcBCUNXxGSqLDpW0OdtrHmDwDMLDG
JdViRyDhu4oZx9f+VWVuGOmVXFpp3MpH7lKxUaRoZlNfKSQWmhM=
-----END CERTIFICATE-----