Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144427.roa
File:                     AS144427.roa (raw, json)
Hash identifier:          GV7VWcBnmIkYI6+9vT+oBwBa/1GyBOdfixeYtKgiqbI=
Subject key identifier:   41:4F:76:99:04:37:04:1A:E0:9A:2B:6F:A4:06:F9:EE:E9:70:74:20
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       778E705DE39966D6DA76B7FA25F313A520810609
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144427.roa
Signing time:             Wed 04 Mar 2026 06:13:45 +0000
ROA not before:           Wed 04 Mar 2026 06:08:45 +0000
ROA not after:            Wed 03 Mar 2027 06:13:45 +0000
asID:                     144427
IP address blocks:        240a:a6f1::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            77:8e:70:5d:e3:99:66:d6:da:76:b7:fa:25:f3:13:a5:20:81:06:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:08:45 2026 GMT
            Not After : Mar  3 06:13:45 2027 GMT
        Subject: CN=414F76990437041AE09A2B6FA406F9EEE9707420
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:a0:27:07:df:46:d9:67:48:49:82:ce:42:11:
                    c7:10:ae:81:10:43:4e:0e:b0:39:10:7a:34:6f:ed:
                    a3:68:69:dc:3f:09:ec:f7:2e:1d:7b:3e:26:70:ba:
                    a9:2a:57:b5:ed:a2:6a:a4:b4:3d:d3:0a:d0:3f:30:
                    3a:80:6c:35:a6:e2:f2:5f:c0:f0:dd:62:66:57:f7:
                    59:5c:61:f1:68:4b:50:28:79:c8:8d:e3:ae:54:be:
                    e1:8e:19:90:f2:f0:9e:dc:70:1c:f0:7a:72:6e:6a:
                    38:8a:e2:7a:61:b0:7e:08:e1:82:21:19:f6:70:ef:
                    0a:c3:73:db:88:93:04:40:95:bc:d1:c4:9a:7b:4c:
                    0e:eb:04:84:d3:44:5a:20:75:7a:63:fa:68:59:b6:
                    78:eb:65:bf:bb:24:7d:eb:b8:99:be:d0:c5:4d:2c:
                    87:b2:47:35:bf:f4:39:13:6f:ee:5a:62:1e:7f:41:
                    fe:92:60:ec:86:29:a1:e7:9e:d3:9a:3d:a1:7a:63:
                    7f:1b:18:65:8f:17:61:c9:c9:5d:5d:aa:bf:ff:3d:
                    3f:7a:bc:e0:b2:a4:17:d6:ed:20:8b:d9:41:ab:66:
                    bd:fd:96:7b:de:b4:d6:a1:aa:e6:63:0d:a8:26:42:
                    e5:78:d2:b1:69:9a:87:43:25:64:dc:5c:31:62:35:
                    b3:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:4F:76:99:04:37:04:1A:E0:9A:2B:6F:A4:06:F9:EE:E9:70:74:20
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144427.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a6f1::/32

    Signature Algorithm: sha256WithRSAEncryption
         2d:57:00:bb:f2:57:11:c6:e3:46:0f:f2:3e:d4:36:55:20:a4:
         59:c5:28:05:80:3c:2b:58:0d:55:f1:d3:c4:cf:eb:f8:a6:a9:
         bd:3f:3b:08:b1:1a:af:13:ff:36:5b:fd:ba:be:ee:5a:04:3c:
         07:12:21:8d:30:6e:06:41:f1:dc:ac:6a:23:d7:51:f6:17:14:
         24:f6:1a:55:96:d9:12:69:92:d0:a1:1f:bd:9d:1c:69:8c:ad:
         3d:73:95:e1:c1:f7:46:eb:a4:55:6e:37:09:9f:c4:5c:84:3c:
         a6:5b:d5:3e:8a:a7:c1:60:06:b4:1f:22:05:44:b3:3b:7e:39:
         63:52:72:a3:e3:96:74:37:aa:ce:71:dc:1b:a8:0b:dd:fd:c8:
         20:3e:46:bb:c4:58:e7:55:7c:b3:e2:b0:ac:03:29:58:9e:6d:
         ee:a6:f2:71:ba:44:9f:cc:72:ce:fa:d2:d6:82:ab:77:a2:d9:
         04:6b:5a:31:a0:bb:35:22:4a:5a:de:b2:9c:77:cb:35:66:1e:
         bc:59:c9:16:9d:34:04:43:d4:df:58:e6:75:4c:20:1c:c5:7f:
         99:be:03:5a:b3:e9:3c:cf:7c:f7:be:69:dd:40:02:43:e3:92:
         3c:5b:f4:b9:dc:1e:45:ab:fe:6b:bc:21:cd:30:fb:f9:ed:1c:
         f9:0e:e8:49
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUd45wXeOZZtbadrf6JfMTpSCBBgkwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDg0NVoX
DTI3MDMwMzA2MTM0NVowMzExMC8GA1UEAxMoNDE0Rjc2OTkwNDM3MDQxQUUwOUEy
QjZGQTQwNkY5RUVFOTcwNzQyMDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALOgJwffRtlnSEmCzkIRxxCugRBDTg6wORB6NG/to2hp3D8J7PcuHXs+JnC6
qSpXte2iaqS0PdMK0D8wOoBsNabi8l/A8N1iZlf3WVxh8WhLUCh5yI3jrlS+4Y4Z
kPLwntxwHPB6cm5qOIriemGwfgjhgiEZ9nDvCsNz24iTBECVvNHEmntMDusEhNNE
WiB1emP6aFm2eOtlv7skfeu4mb7QxU0sh7JHNb/0ORNv7lpiHn9B/pJg7IYpoeee
05o9oXpjfxsYZY8XYcnJXV2qv/89P3q84LKkF9btIIvZQatmvf2We9601qGq5mMN
qCZC5XjSsWmah0MlZNxcMWI1s80CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBRBT3aZ
BDcEGuCaK2+kBvnu6XB0IDAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDQyNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
pvEwDQYJKoZIhvcNAQELBQADggEBAC1XALvyVxHG40YP8j7UNlUgpFnFKAWAPCtY
DVXx08TP6/imqb0/OwixGq8T/zZb/bq+7loEPAcSIY0wbgZB8dysaiPXUfYXFCT2
GlWW2RJpktChH72dHGmMrT1zleHB90brpFVuNwmfxFyEPKZb1T6Kp8FgBrQfIgVE
szt+OWNScqPjlnQ3qs5x3BuoC939yCA+RrvEWOdVfLPisKwDKViebe6m8nG6RJ/M
cs760taCq3ei2QRrWjGguzUiSlrespx3yzVmHrxZyRadNARD1N9Y5nVMIBzFf5m+
A1qz6TzPfPe+ad1AAkPjkjxb9LncHkWr/mu8Ic0w+/ntHPkO6Ek=
-----END CERTIFICATE-----