Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144398.roa
File:                     AS144398.roa (raw, json)
Hash identifier:          WfCj6tof2MfdYAHx4JSqcQxvNnuGxt6Fi6sy/MDlOP8=
Subject key identifier:   54:26:FD:7D:A4:44:60:93:AE:A2:98:EB:20:86:20:2F:36:85:D3:5C
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       38B25B6060E8938494D961C639CB6BDB855C90E7
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144398.roa
Signing time:             Wed 04 Mar 2026 06:12:36 +0000
ROA not before:           Wed 04 Mar 2026 06:07:36 +0000
ROA not after:            Wed 03 Mar 2027 06:12:36 +0000
asID:                     144398
IP address blocks:        240a:a6d4::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            38:b2:5b:60:60:e8:93:84:94:d9:61:c6:39:cb:6b:db:85:5c:90:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:07:36 2026 GMT
            Not After : Mar  3 06:12:36 2027 GMT
        Subject: CN=5426FD7DA4446093AEA298EB2086202F3685D35C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:79:be:4a:04:47:bb:7b:28:c8:32:88:37:1f:
                    79:48:13:40:21:af:0d:a2:6b:3f:e8:02:4c:0d:86:
                    74:f7:01:30:76:bc:a7:1b:f0:b4:9c:20:c0:a0:62:
                    75:31:a3:ad:8f:ff:58:c5:8f:7e:39:92:cc:27:61:
                    20:be:49:f9:d3:9a:49:d5:ed:95:9f:fc:ce:dc:ab:
                    16:7e:90:11:83:4a:30:51:b6:4f:4c:26:60:7d:0a:
                    74:e6:33:46:f2:29:8a:cb:3b:56:75:78:ae:6e:5e:
                    19:d8:69:1c:07:39:bb:2d:32:9f:29:82:40:99:02:
                    d0:39:d7:9f:57:f8:4c:ad:94:a2:26:56:73:14:8f:
                    2d:00:18:e5:a5:53:3d:9c:a9:3a:75:8d:ce:f0:c6:
                    7a:56:1f:b6:29:5b:a4:20:a2:f4:14:22:35:8e:76:
                    82:4c:12:e5:00:97:80:e1:0d:5b:fa:0a:dd:f1:8a:
                    77:45:6b:86:a7:37:e3:37:f9:bb:48:fc:af:44:be:
                    cd:79:55:70:7c:b8:9d:ed:c6:1f:30:d3:1a:40:55:
                    da:80:8b:57:5b:6e:06:70:40:70:72:07:12:ad:eb:
                    5f:2d:b1:1a:15:e8:c2:26:1d:aa:48:f9:25:ac:95:
                    47:81:fe:fa:0e:45:c9:99:dd:5e:3e:82:7a:50:9c:
                    fc:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:26:FD:7D:A4:44:60:93:AE:A2:98:EB:20:86:20:2F:36:85:D3:5C
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144398.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a6d4::/32

    Signature Algorithm: sha256WithRSAEncryption
         3e:91:23:52:87:7c:8c:f1:48:54:b3:9f:2b:7f:ce:7d:e3:85:
         22:2a:0a:5c:96:e5:43:71:e4:5a:4f:64:47:0b:cb:e8:e0:cc:
         41:cc:f8:88:13:34:10:d3:d2:c2:53:81:dd:91:e7:c1:51:86:
         69:53:58:cf:9e:a3:17:8e:ad:e0:ee:b2:fb:c5:24:97:d1:b5:
         e2:22:6b:c4:50:aa:52:7d:fb:57:bd:1b:7f:38:5c:2a:fb:1c:
         85:9e:1a:74:cb:da:a9:a8:e9:57:8c:bd:1f:85:2f:0d:cb:23:
         b6:cf:37:e7:42:df:e5:24:eb:e9:54:ad:1a:4e:5c:91:68:25:
         1b:14:46:f5:eb:6d:ec:ba:25:0c:51:0a:fc:5b:13:e8:23:cc:
         4f:ba:ba:52:1f:6c:cd:90:ea:d6:b3:72:64:6e:35:91:e7:8e:
         ae:ff:87:e6:82:5f:ac:02:dc:18:ef:ec:e8:63:1c:c9:a8:1a:
         25:18:a1:2c:e6:1a:6c:a1:76:9c:46:33:c9:50:8e:39:92:92:
         d2:99:1e:8c:2c:25:d5:68:5a:b7:7a:27:dd:6c:b0:fc:28:d1:
         10:63:70:05:71:d7:be:2d:4a:5b:99:30:0c:4a:75:66:9b:c5:
         93:41:e5:b7:f9:ae:f1:a7:bf:7b:96:98:14:4e:da:63:a4:7b:
         a5:c3:0b:5b
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUOLJbYGDok4SU2WHGOctr24VckOcwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDczNloX
DTI3MDMwMzA2MTIzNlowMzExMC8GA1UEAxMoNTQyNkZEN0RBNDQ0NjA5M0FFQTI5
OEVCMjA4NjIwMkYzNjg1RDM1QzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAIt5vkoER7t7KMgyiDcfeUgTQCGvDaJrP+gCTA2GdPcBMHa8pxvwtJwgwKBi
dTGjrY//WMWPfjmSzCdhIL5J+dOaSdXtlZ/8ztyrFn6QEYNKMFG2T0wmYH0KdOYz
RvIpiss7VnV4rm5eGdhpHAc5uy0ynymCQJkC0DnXn1f4TK2UoiZWcxSPLQAY5aVT
PZypOnWNzvDGelYftilbpCCi9BQiNY52gkwS5QCXgOENW/oK3fGKd0Vrhqc34zf5
u0j8r0S+zXlVcHy4ne3GHzDTGkBV2oCLV1tuBnBAcHIHEq3rXy2xGhXowiYdqkj5
JayVR4H++g5FyZndXj6CelCc/MsCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBRUJv19
pERgk66imOsghiAvNoXTXDAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDM5OC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
ptQwDQYJKoZIhvcNAQELBQADggEBAD6RI1KHfIzxSFSznyt/zn3jhSIqClyW5UNx
5FpPZEcLy+jgzEHM+IgTNBDT0sJTgd2R58FRhmlTWM+eoxeOreDusvvFJJfRteIi
a8RQqlJ9+1e9G384XCr7HIWeGnTL2qmo6VeMvR+FLw3LI7bPN+dC3+Uk6+lUrRpO
XJFoJRsURvXrbey6JQxRCvxbE+gjzE+6ulIfbM2Q6tazcmRuNZHnjq7/h+aCX6wC
3Bjv7OhjHMmoGiUYoSzmGmyhdpxGM8lQjjmSktKZHowsJdVoWrd6J91ssPwo0RBj
cAVx174tSluZMAxKdWabxZNB5bf5rvGnv3uWmBRO2mOke6XDC1s=
-----END CERTIFICATE-----