Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144430.roa
File:                     AS144430.roa (raw, json)
Hash identifier:          uyJdoCGX4DM1FSDzzhxIue325H8lLTfBSd5V4BtUHRs=
Subject key identifier:   E2:20:B3:27:95:29:70:01:EE:5B:00:86:B6:A3:91:9F:56:D8:09:5B
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       420F9E148FBEEA6C8A12663E4A7EA500022200C1
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144430.roa
Signing time:             Wed 04 Mar 2026 06:14:56 +0000
ROA not before:           Wed 04 Mar 2026 06:09:56 +0000
ROA not after:            Wed 03 Mar 2027 06:14:56 +0000
asID:                     144430
IP address blocks:        240a:a6f4::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            42:0f:9e:14:8f:be:ea:6c:8a:12:66:3e:4a:7e:a5:00:02:22:00:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:09:56 2026 GMT
            Not After : Mar  3 06:14:56 2027 GMT
        Subject: CN=E220B32795297001EE5B0086B6A3919F56D8095B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:6e:d3:0c:77:fa:34:49:f6:37:4f:3c:84:32:
                    2d:6c:28:df:6b:8f:21:7c:d4:d3:2a:7e:7d:e9:1a:
                    90:f1:67:a6:7a:ad:31:6e:a0:b6:21:77:e7:a2:a9:
                    78:dc:8e:7f:a8:bc:39:78:26:d2:71:6b:9a:cd:df:
                    b6:0d:25:9b:77:10:ae:7d:96:b9:e5:10:bc:93:ad:
                    57:c9:9b:29:6e:49:38:8c:a8:4e:90:a2:18:4e:93:
                    2d:00:5a:02:ce:18:1f:64:4b:c2:e4:4a:0f:5e:65:
                    05:63:7c:d0:63:07:99:dd:08:f4:5f:79:af:77:51:
                    f2:8c:fc:26:f2:ab:47:79:11:b9:92:4a:da:d6:a6:
                    24:43:13:95:0b:59:c6:90:0f:32:2e:d4:f3:52:54:
                    3b:aa:b1:ac:07:44:1b:f1:fe:56:0d:40:c5:32:3e:
                    37:ff:eb:19:ac:6e:61:76:6a:5a:89:f6:22:d6:4d:
                    34:f2:01:a9:c5:27:d4:57:b8:8b:07:fc:db:98:e6:
                    85:b4:b6:66:07:94:90:fc:94:df:25:d3:63:a0:9f:
                    d4:af:00:a0:0b:97:43:30:cc:6e:63:68:d7:7c:59:
                    d4:0a:3a:3d:44:8b:06:70:93:b8:53:42:2b:b1:bf:
                    73:50:59:41:32:d9:3d:92:cc:17:dc:4c:9a:a5:05:
                    76:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:20:B3:27:95:29:70:01:EE:5B:00:86:B6:A3:91:9F:56:D8:09:5B
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144430.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a6f4::/32

    Signature Algorithm: sha256WithRSAEncryption
         d4:b4:a4:83:52:1b:ca:84:ac:83:d7:9c:01:03:e3:e7:6d:e1:
         c1:18:03:02:bd:31:5f:cf:df:f3:4b:51:4e:fd:e6:ca:f1:35:
         7e:70:c0:d5:1a:78:0d:29:0e:0f:4d:a5:88:ff:d2:f6:00:aa:
         de:81:75:ae:19:58:05:9d:28:50:68:3b:c5:26:7f:73:2c:41:
         39:29:76:11:24:10:37:10:61:91:e1:6b:68:db:b7:5c:e7:81:
         cb:40:2c:ce:e2:13:73:60:e7:31:e3:00:15:a3:5f:47:db:14:
         11:a1:a3:fe:27:5d:7a:bf:4f:34:3a:9b:48:af:8b:f7:5d:2c:
         ff:7a:58:4d:69:e0:ba:cf:31:ba:57:43:ea:f8:6b:19:c9:de:
         8f:ae:1b:48:c7:38:33:ab:eb:d7:c3:5b:ef:b3:f5:ad:ec:97:
         c2:b2:dc:3d:92:7a:e2:e4:40:a3:1c:41:86:40:ce:1d:ed:ed:
         32:90:48:ac:d2:d9:f2:49:f7:f2:72:d3:11:74:b9:28:5a:8b:
         1d:1d:34:48:59:16:9f:0f:64:ce:f8:5f:7e:24:f7:62:b3:88:
         37:d6:9f:f8:a3:23:dd:54:d9:10:89:96:a2:5d:62:e5:a8:8a:
         30:7c:50:41:27:df:6a:e0:c8:9f:66:88:c9:81:76:1d:d8:ea:
         4f:12:41:dc
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUQg+eFI++6myKEmY+Sn6lAAIiAMEwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDk1NloX
DTI3MDMwMzA2MTQ1NlowMzExMC8GA1UEAxMoRTIyMEIzMjc5NTI5NzAwMUVFNUIw
MDg2QjZBMzkxOUY1NkQ4MDk1QjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOFu0wx3+jRJ9jdPPIQyLWwo32uPIXzU0yp+fekakPFnpnqtMW6gtiF356Kp
eNyOf6i8OXgm0nFrms3ftg0lm3cQrn2WueUQvJOtV8mbKW5JOIyoTpCiGE6TLQBa
As4YH2RLwuRKD15lBWN80GMHmd0I9F95r3dR8oz8JvKrR3kRuZJK2tamJEMTlQtZ
xpAPMi7U81JUO6qxrAdEG/H+Vg1AxTI+N//rGaxuYXZqWon2ItZNNPIBqcUn1Fe4
iwf825jmhbS2ZgeUkPyU3yXTY6Cf1K8AoAuXQzDMbmNo13xZ1Ao6PUSLBnCTuFNC
K7G/c1BZQTLZPZLMF9xMmqUFdoECAwEAAaOCAcUwggHBMB0GA1UdDgQWBBTiILMn
lSlwAe5bAIa2o5GfVtgJWzAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDQzMC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
pvQwDQYJKoZIhvcNAQELBQADggEBANS0pINSG8qErIPXnAED4+dt4cEYAwK9MV/P
3/NLUU795srxNX5wwNUaeA0pDg9NpYj/0vYAqt6Bda4ZWAWdKFBoO8Umf3MsQTkp
dhEkEDcQYZHha2jbt1zngctALM7iE3Ng5zHjABWjX0fbFBGho/4nXXq/TzQ6m0iv
i/ddLP96WE1p4LrPMbpXQ+r4axnJ3o+uG0jHODOr69fDW++z9a3sl8Ky3D2SeuLk
QKMcQYZAzh3t7TKQSKzS2fJJ9/Jy0xF0uShaix0dNEhZFp8PZM74X34k92KziDfW
n/ijI91U2RCJlqJdYuWoijB8UEEn32rgyJ9miMmBdh3Y6k8SQdw=
-----END CERTIFICATE-----