Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144394.roa
File:                     AS144394.roa (raw, json)
Hash identifier:          1t8FcHBB8Y+MdqWES4duJE2urC8sWehv7c3w+8vYsI8=
Subject key identifier:   8F:A2:C0:54:93:C0:D4:DF:FE:DE:B0:99:2B:87:4D:0C:F1:E6:76:90
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       2740E3CFA2A07AA0E45F721B2F2060B28D9BA0CD
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144394.roa
Signing time:             Wed 04 Mar 2026 06:13:55 +0000
ROA not before:           Wed 04 Mar 2026 06:08:55 +0000
ROA not after:            Wed 03 Mar 2027 06:13:55 +0000
asID:                     144394
IP address blocks:        240a:a6d0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            27:40:e3:cf:a2:a0:7a:a0:e4:5f:72:1b:2f:20:60:b2:8d:9b:a0:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:08:55 2026 GMT
            Not After : Mar  3 06:13:55 2027 GMT
        Subject: CN=8FA2C05493C0D4DFFEDEB0992B874D0CF1E67690
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:f7:4c:fa:a6:33:e0:d2:ec:56:13:6a:25:e6:
                    75:03:ce:cc:c6:c0:3f:d5:8a:31:5f:3e:56:e5:53:
                    3b:e3:f1:23:99:2f:29:2b:48:57:86:b6:14:d2:c8:
                    01:67:93:86:bc:1f:33:8e:53:7f:bc:e0:47:f8:c6:
                    96:92:6d:cf:43:71:bb:bf:40:f4:8d:f5:4d:9d:42:
                    09:88:e6:b0:e9:a6:a3:04:01:f8:84:67:0a:ad:ab:
                    69:b5:67:75:dc:e7:f1:69:cf:d8:b0:22:8f:ae:d1:
                    7e:1a:47:ab:17:5b:11:c2:6d:a9:08:4b:da:58:d8:
                    93:51:95:5a:18:25:4d:37:f1:41:91:92:d9:42:d3:
                    c7:99:cc:d3:10:3f:c9:8a:79:e6:d0:68:b0:40:7a:
                    0a:fc:03:57:94:21:db:9f:54:2d:50:ae:c7:93:c3:
                    66:e4:7b:0b:5f:cf:ca:d9:1b:d1:5b:11:2e:1c:63:
                    81:93:fa:da:0c:fb:54:e2:f1:9c:74:a7:fd:54:53:
                    a5:3e:1b:41:14:ca:49:ba:59:5d:d6:d1:8d:7e:9a:
                    3a:51:e4:dc:f8:ff:12:d3:99:37:6b:cb:8f:2b:7f:
                    fa:0e:d4:dd:ab:98:12:0c:d6:f2:c4:3a:9b:9b:30:
                    08:71:d5:e2:9a:72:67:03:37:43:c0:55:4d:c6:a8:
                    99:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:A2:C0:54:93:C0:D4:DF:FE:DE:B0:99:2B:87:4D:0C:F1:E6:76:90
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144394.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a6d0::/32

    Signature Algorithm: sha256WithRSAEncryption
         51:6b:5e:f7:e2:10:69:64:f1:30:45:40:da:0a:e2:e4:17:da:
         88:33:ee:c1:03:34:a3:9b:b3:d5:46:b0:46:2d:61:65:78:3e:
         67:d4:ae:70:7d:2a:17:ea:b1:45:c8:7f:08:bb:c1:cc:ac:9b:
         96:71:7a:a0:1c:0c:03:19:3b:72:26:30:13:c4:ca:5a:a3:79:
         52:57:cb:c2:82:ac:5e:5d:7d:b0:eb:6f:8c:11:7c:27:8f:a0:
         81:4b:cc:eb:8d:71:3c:88:31:ce:a3:ba:77:77:d9:a0:d0:92:
         2e:5e:23:1e:d7:7b:5e:bf:bf:0b:1a:9c:fe:71:cb:ae:9d:f3:
         b2:21:ff:1b:be:bf:8a:4b:0d:39:6e:79:8a:e8:f8:4a:03:8b:
         31:95:d5:12:c5:d7:59:e0:aa:a9:28:b5:8e:43:06:51:4a:61:
         9e:58:53:6e:9a:60:da:b8:8a:68:9d:13:29:72:5b:d5:e8:73:
         48:a4:42:e7:74:4f:8f:19:a1:95:99:6a:ca:15:f5:2e:2e:1f:
         da:c2:12:04:04:ea:80:3a:8c:0d:67:a7:03:5b:a5:ce:33:fe:
         af:3b:66:ce:0e:1b:30:6d:79:16:5b:e4:93:35:b5:76:14:6f:
         08:71:e9:c7:d2:68:ee:24:f0:8c:53:be:c1:cd:06:d5:06:ee:
         d1:64:d7:c8
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUJ0Djz6KgeqDkX3IbLyBgso2boM0wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDg1NVoX
DTI3MDMwMzA2MTM1NVowMzExMC8GA1UEAxMoOEZBMkMwNTQ5M0MwRDRERkZFREVC
MDk5MkI4NzREMENGMUU2NzY5MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJv3TPqmM+DS7FYTaiXmdQPOzMbAP9WKMV8+VuVTO+PxI5kvKStIV4a2FNLI
AWeThrwfM45Tf7zgR/jGlpJtz0Nxu79A9I31TZ1CCYjmsOmmowQB+IRnCq2rabVn
ddzn8WnP2LAij67RfhpHqxdbEcJtqQhL2ljYk1GVWhglTTfxQZGS2ULTx5nM0xA/
yYp55tBosEB6CvwDV5Qh259ULVCux5PDZuR7C1/Pytkb0VsRLhxjgZP62gz7VOLx
nHSn/VRTpT4bQRTKSbpZXdbRjX6aOlHk3Pj/EtOZN2vLjyt/+g7U3auYEgzW8sQ6
m5swCHHV4ppyZwM3Q8BVTcaomYECAwEAAaOCAcUwggHBMB0GA1UdDgQWBBSPosBU
k8DU3/7esJkrh00M8eZ2kDAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDM5NC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
ptAwDQYJKoZIhvcNAQELBQADggEBAFFrXvfiEGlk8TBFQNoK4uQX2ogz7sEDNKOb
s9VGsEYtYWV4PmfUrnB9KhfqsUXIfwi7wcysm5ZxeqAcDAMZO3ImMBPEylqjeVJX
y8KCrF5dfbDrb4wRfCePoIFLzOuNcTyIMc6jund32aDQki5eIx7Xe16/vwsanP5x
y66d87Ih/xu+v4pLDTlueYro+EoDizGV1RLF11ngqqkotY5DBlFKYZ5YU26aYNq4
imidEylyW9Xoc0ikQud0T48ZoZWZasoV9S4uH9rCEgQE6oA6jA1npwNbpc4z/q87
Zs4OGzBteRZb5JM1tXYUbwhx6cfSaO4k8IxTvsHNBtUG7tFk18g=
-----END CERTIFICATE-----