Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144402.roa
File:                     AS144402.roa (raw, json)
Hash identifier:          Dvkfv6hH4rJZ9mRnmFfkZlPdxPfiUuCOjsE7AsACxZY=
Subject key identifier:   D4:3B:AE:0A:9D:55:C8:55:6B:56:C2:08:7F:D7:F9:19:73:E1:1E:7D
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       1580E2ECC4597679D3CA114E9EB2625E4B87A0E6
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144402.roa
Signing time:             Wed 04 Mar 2026 06:13:35 +0000
ROA not before:           Wed 04 Mar 2026 06:08:35 +0000
ROA not after:            Wed 03 Mar 2027 06:13:35 +0000
asID:                     144402
IP address blocks:        240a:a6d8::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            15:80:e2:ec:c4:59:76:79:d3:ca:11:4e:9e:b2:62:5e:4b:87:a0:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:08:35 2026 GMT
            Not After : Mar  3 06:13:35 2027 GMT
        Subject: CN=D43BAE0A9D55C8556B56C2087FD7F91973E11E7D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:af:f3:56:41:2d:48:74:ad:5c:25:15:41:9f:
                    b3:6d:5e:bb:8a:85:60:cd:27:6e:49:dd:4f:0d:54:
                    95:d3:c9:55:f5:cf:37:6c:65:63:bf:72:d0:af:2e:
                    7e:da:70:c7:83:61:b5:9b:d1:59:26:5d:fc:df:09:
                    55:79:76:54:e5:91:fe:f2:ea:05:16:8e:1f:d1:5d:
                    0b:0b:da:61:ac:b2:c9:64:1b:31:f4:52:e4:f1:45:
                    82:62:6b:3a:69:7f:02:9e:f7:6a:d9:c9:ee:12:9f:
                    eb:03:85:fc:a8:b3:27:5e:9b:0b:77:60:79:2a:60:
                    c2:ce:33:66:84:dd:5c:2d:67:ee:d5:2f:a0:98:df:
                    97:91:45:0b:c2:c3:cb:13:64:ea:7e:68:35:35:73:
                    bc:64:5a:22:8f:c8:9f:57:08:a4:36:38:58:d8:75:
                    c8:d5:9f:51:88:36:8e:0e:4a:c5:9f:f1:b3:cc:4f:
                    90:ca:15:11:e9:6c:59:f7:3c:8d:e3:b8:66:9c:d2:
                    be:61:32:b0:07:fa:79:7e:fc:5b:c3:9c:bd:2f:57:
                    a6:da:76:70:49:6a:95:1d:d6:b9:32:f3:69:06:94:
                    df:58:ca:84:0c:e8:f0:a4:04:7c:0e:70:4a:4a:df:
                    4e:a9:17:dc:70:d2:1a:2b:c1:8d:39:65:b0:52:98:
                    23:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:3B:AE:0A:9D:55:C8:55:6B:56:C2:08:7F:D7:F9:19:73:E1:1E:7D
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144402.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a6d8::/32

    Signature Algorithm: sha256WithRSAEncryption
         16:b7:d6:9f:f2:a1:ca:b2:2a:b5:82:d9:87:bc:dd:50:16:43:
         44:3f:7f:dc:61:0a:d3:48:fb:af:41:61:95:d7:8c:16:5a:bc:
         bb:af:07:a7:01:a1:5e:2d:e4:3b:af:20:c8:4d:e2:69:5a:6c:
         25:18:94:6a:c2:4d:26:78:4c:9d:cd:9e:f5:61:37:22:c6:26:
         97:50:da:4d:7c:78:ea:5c:17:1b:db:79:f3:90:5a:8e:a8:f0:
         41:27:c2:9b:91:b8:ff:20:1a:2f:70:66:b7:b0:38:c0:9e:9a:
         1f:cc:22:eb:11:40:6e:9f:c0:8f:26:73:90:37:a3:b9:4f:e8:
         3f:49:0d:e8:bd:69:63:1b:c5:9c:a1:c0:17:db:19:ca:24:b2:
         59:15:04:a8:51:2c:e2:96:c6:93:e2:52:31:1e:92:db:9a:5e:
         74:c4:bd:e9:3d:54:71:0c:3d:96:4c:24:94:70:45:b5:c2:bd:
         8b:85:7e:89:42:d3:1a:01:7b:77:f2:3c:64:b9:84:10:b0:2a:
         df:6b:69:ee:d0:9f:d4:37:cb:43:5a:aa:39:10:bc:c2:8a:8d:
         59:0f:05:16:fa:c9:8a:b3:18:b7:e6:58:f5:30:7f:9a:de:f3:
         5e:96:20:e0:b5:74:c3:54:02:d5:6d:9a:6e:32:f8:76:48:ec:
         7f:c8:79:14
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUFYDi7MRZdnnTyhFOnrJiXkuHoOYwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDgzNVoX
DTI3MDMwMzA2MTMzNVowMzExMC8GA1UEAxMoRDQzQkFFMEE5RDU1Qzg1NTZCNTZD
MjA4N0ZEN0Y5MTk3M0UxMUU3RDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMev81ZBLUh0rVwlFUGfs21eu4qFYM0nbkndTw1UldPJVfXPN2xlY79y0K8u
ftpwx4NhtZvRWSZd/N8JVXl2VOWR/vLqBRaOH9FdCwvaYayyyWQbMfRS5PFFgmJr
Oml/Ap73atnJ7hKf6wOF/KizJ16bC3dgeSpgws4zZoTdXC1n7tUvoJjfl5FFC8LD
yxNk6n5oNTVzvGRaIo/In1cIpDY4WNh1yNWfUYg2jg5KxZ/xs8xPkMoVEelsWfc8
jeO4ZpzSvmEysAf6eX78W8OcvS9Xptp2cElqlR3WuTLzaQaU31jKhAzo8KQEfA5w
SkrfTqkX3HDSGivBjTllsFKYIxsCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBTUO64K
nVXIVWtWwgh/1/kZc+EefTAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDQwMi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
ptgwDQYJKoZIhvcNAQELBQADggEBABa31p/yocqyKrWC2Ye83VAWQ0Q/f9xhCtNI
+69BYZXXjBZavLuvB6cBoV4t5DuvIMhN4mlabCUYlGrCTSZ4TJ3NnvVhNyLGJpdQ
2k18eOpcFxvbefOQWo6o8EEnwpuRuP8gGi9wZrewOMCemh/MIusRQG6fwI8mc5A3
o7lP6D9JDei9aWMbxZyhwBfbGcokslkVBKhRLOKWxpPiUjEektuaXnTEvek9VHEM
PZZMJJRwRbXCvYuFfolC0xoBe3fyPGS5hBCwKt9rae7Qn9Q3y0NaqjkQvMKKjVkP
BRb6yYqzGLfmWPUwf5re816WIOC1dMNUAtVtmm4y+HZI7H/IeRQ=
-----END CERTIFICATE-----