Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144432.roa
File:                     AS144432.roa (raw, json)
Hash identifier:          RlXADepxqR19Zyj6wKgiMr46RFVpNvborMnybf9ADK4=
Subject key identifier:   EF:B3:01:B0:91:7B:D7:AD:3D:63:C2:E1:5F:EF:0D:A6:67:51:AE:B9
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       388C668EBC3F4DE2778A0BB7D15B032FA8157162
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144432.roa
Signing time:             Wed 04 Mar 2026 06:13:23 +0000
ROA not before:           Wed 04 Mar 2026 06:08:23 +0000
ROA not after:            Wed 03 Mar 2027 06:13:23 +0000
asID:                     144432
IP address blocks:        240a:a6f6::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            38:8c:66:8e:bc:3f:4d:e2:77:8a:0b:b7:d1:5b:03:2f:a8:15:71:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:08:23 2026 GMT
            Not After : Mar  3 06:13:23 2027 GMT
        Subject: CN=EFB301B0917BD7AD3D63C2E15FEF0DA66751AEB9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:2a:78:4a:c8:19:39:bd:34:b3:3a:41:da:4c:
                    09:09:0f:7a:48:86:bb:15:e6:05:2a:06:15:eb:b5:
                    f3:0f:cd:0d:7d:8e:7d:c7:5c:09:bd:08:06:6b:97:
                    39:20:c3:de:b7:b1:18:0d:a6:54:9b:48:3c:6d:0f:
                    55:59:6a:ac:18:4f:e2:d8:f1:92:da:e3:90:06:3f:
                    b0:82:8c:31:ba:57:c2:b4:0e:2f:02:ce:21:1e:98:
                    5a:39:5b:42:2f:99:9b:ba:cc:c3:30:5a:47:54:38:
                    1a:07:ae:9c:f5:23:e7:f9:32:32:b4:b4:00:e0:26:
                    26:ab:dc:3f:2d:fa:93:17:95:8d:73:30:54:86:11:
                    c8:3a:48:14:c3:79:01:69:1b:22:ee:92:bc:ec:96:
                    38:95:48:b1:92:4f:00:65:c5:bd:0e:06:4e:a1:1d:
                    93:71:79:3a:f5:35:ca:a7:c1:8c:05:7c:1c:b1:b7:
                    f7:f3:32:14:a7:d1:07:1a:6d:89:77:ee:ba:35:6d:
                    87:bc:aa:dc:e8:e3:0d:1f:0c:b8:68:3f:9f:61:7a:
                    c8:91:70:dc:17:0f:9a:8c:da:6e:86:3b:6a:6b:61:
                    4a:fe:de:f7:bc:51:f3:73:02:0d:8b:6f:f1:63:e0:
                    fc:04:08:c6:4d:9b:7e:b0:51:12:34:1c:84:67:fb:
                    93:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:B3:01:B0:91:7B:D7:AD:3D:63:C2:E1:5F:EF:0D:A6:67:51:AE:B9
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144432.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a6f6::/32

    Signature Algorithm: sha256WithRSAEncryption
         19:96:1e:30:f3:ed:67:39:41:68:ed:04:0f:35:ce:f9:a7:08:
         af:b4:62:8c:64:c5:8a:cc:58:79:96:7f:51:37:15:63:c2:25:
         88:7b:b1:e1:da:19:f8:55:06:31:f9:39:83:d6:df:e6:30:95:
         e2:0f:b1:67:d3:44:00:39:ed:13:77:c1:c8:ac:15:58:20:50:
         ee:ad:b1:50:5b:26:92:f4:ce:c7:16:30:f1:cb:ef:f0:a4:e5:
         b8:2b:94:d5:e3:52:fb:ec:e8:c3:05:bd:75:b0:93:57:9f:d2:
         22:64:0c:69:a8:cf:d9:e0:b0:b6:e8:df:14:ec:b3:cb:3f:03:
         a5:6b:56:fd:31:bf:93:34:9e:67:9d:32:af:19:d7:f8:d0:15:
         0a:48:a0:e3:73:18:b5:d1:e5:c4:b3:17:9c:25:6b:0a:af:a4:
         db:0c:d2:1c:bd:17:30:ce:e6:a9:86:a2:cf:71:d5:a7:2c:31:
         6d:c4:da:96:34:a8:5b:17:78:6b:e4:c1:c4:2b:73:aa:8b:ac:
         8f:b5:6b:59:99:22:27:18:35:6d:ce:55:82:c3:ab:bd:d2:50:
         03:8f:ea:43:d2:34:52:b4:46:a2:e5:f7:47:64:1c:10:c6:bc:
         11:c4:16:ea:c6:b9:be:18:86:74:e5:de:b8:7a:e9:26:ea:16:
         aa:fd:02:fa
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUOIxmjrw/TeJ3igu30VsDL6gVcWIwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDgyM1oX
DTI3MDMwMzA2MTMyM1owMzExMC8GA1UEAxMoRUZCMzAxQjA5MTdCRDdBRDNENjND
MkUxNUZFRjBEQTY2NzUxQUVCOTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMQqeErIGTm9NLM6QdpMCQkPekiGuxXmBSoGFeu18w/NDX2OfcdcCb0IBmuX
OSDD3rexGA2mVJtIPG0PVVlqrBhP4tjxktrjkAY/sIKMMbpXwrQOLwLOIR6YWjlb
Qi+Zm7rMwzBaR1Q4GgeunPUj5/kyMrS0AOAmJqvcPy36kxeVjXMwVIYRyDpIFMN5
AWkbIu6SvOyWOJVIsZJPAGXFvQ4GTqEdk3F5OvU1yqfBjAV8HLG39/MyFKfRBxpt
iXfuujVth7yq3OjjDR8MuGg/n2F6yJFw3BcPmozaboY7amthSv7e97xR83MCDYtv
8WPg/AQIxk2bfrBREjQchGf7k20CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBTvswGw
kXvXrT1jwuFf7w2mZ1GuuTAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDQzMi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
pvYwDQYJKoZIhvcNAQELBQADggEBABmWHjDz7Wc5QWjtBA81zvmnCK+0YoxkxYrM
WHmWf1E3FWPCJYh7seHaGfhVBjH5OYPW3+YwleIPsWfTRAA57RN3wcisFVggUO6t
sVBbJpL0zscWMPHL7/Ck5bgrlNXjUvvs6MMFvXWwk1ef0iJkDGmoz9ngsLbo3xTs
s8s/A6VrVv0xv5M0nmedMq8Z1/jQFQpIoONzGLXR5cSzF5wlawqvpNsM0hy9FzDO
5qmGos9x1acsMW3E2pY0qFsXeGvkwcQrc6qLrI+1a1mZIicYNW3OVYLDq73SUAOP
6kPSNFK0RqLl90dkHBDGvBHEFurGub4YhnTl3rh66SbqFqr9Avo=
-----END CERTIFICATE-----