Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144441.roa
File:                     AS144441.roa (raw, json)
Hash identifier:          X7tOTC5aJYLuJH5qh64OanHf4QsyTMK7GmjSOlTBDVE=
Subject key identifier:   C7:92:50:E6:57:1F:FB:D5:B0:5B:F5:A9:3D:36:05:94:7E:F3:07:44
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       7A5E2DC2C052962B88E0C7E1CD421F70273A6AB6
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144441.roa
Signing time:             Wed 04 Mar 2026 06:12:51 +0000
ROA not before:           Wed 04 Mar 2026 06:07:51 +0000
ROA not after:            Wed 03 Mar 2027 06:12:51 +0000
asID:                     144441
IP address blocks:        240a:a6ff::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7a:5e:2d:c2:c0:52:96:2b:88:e0:c7:e1:cd:42:1f:70:27:3a:6a:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:07:51 2026 GMT
            Not After : Mar  3 06:12:51 2027 GMT
        Subject: CN=C79250E6571FFBD5B05BF5A93D3605947EF30744
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:a0:f4:8f:6f:5f:94:62:cc:65:af:ca:69:61:
                    da:4c:5b:1e:33:10:5a:8d:c4:0b:5a:9b:8f:96:78:
                    5b:b8:25:53:21:09:13:5a:96:c0:2d:65:0b:a1:e6:
                    28:ae:cb:e5:52:ec:80:be:ad:16:b8:be:01:79:e9:
                    58:2b:4c:b8:6e:58:0f:c9:56:e0:5f:e6:58:ba:39:
                    73:85:3c:fa:b6:23:8f:59:fb:d9:09:33:26:00:91:
                    83:ce:09:e8:96:54:0b:5c:89:32:d6:00:1a:f9:2d:
                    36:ff:42:f0:3d:e6:2f:41:2a:b5:13:c3:21:1f:a5:
                    ca:d6:d0:92:07:d2:c2:03:3b:a9:22:f7:8f:fd:d8:
                    c1:7a:ff:04:d9:92:4b:e2:7b:b9:9b:18:91:4c:bf:
                    e2:33:ce:b4:fa:94:04:45:c7:0b:02:0e:9e:c2:ce:
                    6c:2d:fa:2c:bb:13:3a:62:5e:bc:15:b5:2f:92:b5:
                    53:59:8d:8f:c5:66:96:ea:30:4d:88:90:86:66:66:
                    4c:42:c7:16:fa:81:ec:a4:ee:1c:e1:da:36:09:22:
                    f9:84:2c:40:44:28:c5:08:a8:58:bb:71:11:03:fb:
                    4b:0d:2a:0d:c9:91:b6:2f:dc:0d:c7:f1:b4:3b:6a:
                    71:2b:89:50:41:54:aa:eb:49:a6:fb:ea:ed:ce:97:
                    f7:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:92:50:E6:57:1F:FB:D5:B0:5B:F5:A9:3D:36:05:94:7E:F3:07:44
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144441.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a6ff::/32

    Signature Algorithm: sha256WithRSAEncryption
         1e:bb:df:4f:25:bd:38:32:b2:be:8a:98:2d:12:6d:f3:a0:70:
         50:ec:93:22:f6:f7:f8:7d:34:07:ba:90:d6:3f:38:5d:6f:7d:
         c3:ab:59:2e:4d:e1:56:7f:51:22:12:40:06:d0:1a:67:d1:c3:
         2c:db:0b:d7:f0:0b:5b:e6:5f:20:dd:65:1f:dd:7c:52:2c:a9:
         2c:a0:9d:88:7a:10:8c:1a:2e:9d:da:27:65:4c:1b:9a:7f:74:
         8a:7e:c5:67:bd:b0:b1:00:f5:1c:2b:a5:25:63:64:a5:92:4a:
         f1:2f:85:39:d7:97:6a:67:9f:fc:13:d4:17:b8:b2:b5:9d:a2:
         ad:6c:46:5c:6d:57:83:f0:eb:7f:2a:35:ca:00:ec:fd:6d:df:
         c8:31:d6:47:0b:2e:73:54:a9:3d:fb:db:6c:47:65:4d:4b:9b:
         9e:cd:9d:d3:ff:5c:fe:55:08:18:50:09:86:58:ec:d2:1c:06:
         d4:b6:1b:ef:74:35:da:8d:a8:89:cc:a1:7b:20:7e:c0:a6:99:
         7f:08:c2:26:9b:76:be:4d:ac:bd:23:a0:8d:27:e9:24:d7:76:
         c9:14:4e:18:57:21:56:1b:5d:9d:10:0d:a4:84:51:48:df:80:
         4a:ad:44:cf:ba:43:0a:b2:cf:e9:40:51:e6:9e:b8:89:a5:9d:
         d2:6f:3f:5f
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUel4twsBSliuI4MfhzUIfcCc6arYwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDc1MVoX
DTI3MDMwMzA2MTI1MVowMzExMC8GA1UEAxMoQzc5MjUwRTY1NzFGRkJENUIwNUJG
NUE5M0QzNjA1OTQ3RUYzMDc0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJSg9I9vX5RizGWvymlh2kxbHjMQWo3EC1qbj5Z4W7glUyEJE1qWwC1lC6Hm
KK7L5VLsgL6tFri+AXnpWCtMuG5YD8lW4F/mWLo5c4U8+rYjj1n72QkzJgCRg84J
6JZUC1yJMtYAGvktNv9C8D3mL0EqtRPDIR+lytbQkgfSwgM7qSL3j/3YwXr/BNmS
S+J7uZsYkUy/4jPOtPqUBEXHCwIOnsLObC36LLsTOmJevBW1L5K1U1mNj8Vmluow
TYiQhmZmTELHFvqB7KTuHOHaNgki+YQsQEQoxQioWLtxEQP7Sw0qDcmRti/cDcfx
tDtqcSuJUEFUqutJpvvq7c6X92cCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBTHklDm
Vx/71bBb9ak9NgWUfvMHRDAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDQ0MS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
pv8wDQYJKoZIhvcNAQELBQADggEBAB67308lvTgysr6KmC0SbfOgcFDskyL29/h9
NAe6kNY/OF1vfcOrWS5N4VZ/USISQAbQGmfRwyzbC9fwC1vmXyDdZR/dfFIsqSyg
nYh6EIwaLp3aJ2VMG5p/dIp+xWe9sLEA9RwrpSVjZKWSSvEvhTnXl2pnn/wT1Be4
srWdoq1sRlxtV4Pw638qNcoA7P1t38gx1kcLLnNUqT3722xHZU1Lm57NndP/XP5V
CBhQCYZY7NIcBtS2G+90NdqNqInMoXsgfsCmmX8Iwiabdr5NrL0joI0n6STXdskU
ThhXIVYbXZ0QDaSEUUjfgEqtRM+6Qwqyz+lAUeaeuImlndJvP18=
-----END CERTIFICATE-----