Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144453.roa
File:                     AS144453.roa (raw, json)
Hash identifier:          dyuRGvLpIc2gCwhXOs3zJexrH7hakjlo+nvYNeKq/yU=
Subject key identifier:   B7:1B:CE:C4:DD:7F:5C:A9:75:0C:14:C8:1F:51:7F:C5:F3:35:71:98
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       3105BBB5F3765F2962D797C1AD595661546E860E
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144453.roa
Signing time:             Wed 04 Mar 2026 06:14:33 +0000
ROA not before:           Wed 04 Mar 2026 06:09:33 +0000
ROA not after:            Wed 03 Mar 2027 06:14:33 +0000
asID:                     144453
IP address blocks:        240a:a70b::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            31:05:bb:b5:f3:76:5f:29:62:d7:97:c1:ad:59:56:61:54:6e:86:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:09:33 2026 GMT
            Not After : Mar  3 06:14:33 2027 GMT
        Subject: CN=B71BCEC4DD7F5CA9750C14C81F517FC5F3357198
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:9b:14:8a:6c:e1:c5:61:75:a9:55:a7:e6:e1:
                    85:1d:71:10:c5:e7:94:4e:08:15:09:ec:09:0c:22:
                    2e:fa:ab:35:35:3a:77:9a:f5:73:df:9a:8b:fd:8b:
                    01:3e:0d:f0:eb:16:28:f8:2e:9e:43:3d:fa:47:68:
                    51:07:21:a5:14:7d:5e:66:e6:6f:1c:13:ae:12:03:
                    04:5a:82:6a:19:bf:72:f5:06:fc:3a:92:02:1b:61:
                    a0:18:a7:21:56:7e:de:7a:86:21:4c:46:0d:98:f2:
                    20:83:52:28:ac:49:69:86:77:a0:70:21:b7:2f:ab:
                    d8:50:06:f3:a8:46:58:2c:f4:22:54:23:a2:46:d1:
                    02:21:50:cc:5e:84:5f:af:de:92:7d:c5:bd:a5:ec:
                    5e:46:b8:b2:0b:0d:b7:7d:95:32:13:3e:c7:fb:b2:
                    6c:ff:77:8f:b2:8b:26:5e:44:eb:ec:aa:49:87:84:
                    9d:21:39:c1:2d:e2:ec:fc:2d:df:f9:c0:9b:fa:15:
                    60:ef:25:a4:bf:c8:84:c2:c0:c5:39:a6:56:21:7e:
                    23:4d:0e:07:44:8e:bc:09:bf:6c:58:ac:ca:b2:d3:
                    b9:3a:28:94:68:66:73:49:a7:36:3c:4a:4a:ec:ed:
                    74:dd:1a:12:44:bd:1a:5c:af:a5:b4:0a:a8:ae:37:
                    6c:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:1B:CE:C4:DD:7F:5C:A9:75:0C:14:C8:1F:51:7F:C5:F3:35:71:98
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144453.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a70b::/32

    Signature Algorithm: sha256WithRSAEncryption
         37:eb:92:e2:e5:f5:35:49:e5:27:dc:29:52:c3:3e:73:43:ed:
         ba:02:55:5f:3e:59:e5:07:ec:68:52:39:e4:3c:83:be:2e:4b:
         9f:c5:5d:fc:7a:f2:c5:0a:3f:5c:a7:2e:fa:8e:e3:d7:cb:2d:
         6c:43:4b:8a:a5:d1:94:09:66:62:3b:10:39:2b:6c:5e:fa:3e:
         32:9b:9d:29:0f:30:b9:31:22:be:6c:93:aa:6f:f7:7b:0b:c5:
         8a:af:d5:77:02:cc:08:b7:02:7b:f6:f4:18:21:57:9c:72:44:
         cb:cf:d8:b0:a4:6f:28:28:3a:00:2a:4c:fd:68:5b:b7:ca:34:
         a0:b9:49:6a:d7:46:fa:e4:ae:91:81:01:39:d6:22:9f:67:9f:
         c1:e1:23:0e:fc:02:2c:c3:c6:72:f8:6f:75:c1:b2:6f:1c:dc:
         10:6d:2e:88:7c:fe:1a:3b:98:06:3c:97:33:ec:db:ed:a7:c2:
         cf:58:aa:e0:0e:17:f9:36:36:be:8b:dc:c1:5d:63:5f:67:63:
         85:2c:92:ed:4f:75:dd:34:9a:af:eb:ad:d7:00:c0:c4:0a:b7:
         28:1b:79:f2:ab:5c:d9:03:7c:d0:b3:92:2d:9c:85:f4:20:ca:
         da:80:56:d7:77:91:bb:38:19:58:b6:95:b7:e9:bf:0c:67:f9:
         4f:86:bc:e1
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUMQW7tfN2Xyli15fBrVlWYVRuhg4wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDkzM1oX
DTI3MDMwMzA2MTQzM1owMzExMC8GA1UEAxMoQjcxQkNFQzRERDdGNUNBOTc1MEMx
NEM4MUY1MTdGQzVGMzM1NzE5ODCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJebFIps4cVhdalVp+bhhR1xEMXnlE4IFQnsCQwiLvqrNTU6d5r1c9+ai/2L
AT4N8OsWKPgunkM9+kdoUQchpRR9XmbmbxwTrhIDBFqCahm/cvUG/DqSAhthoBin
IVZ+3nqGIUxGDZjyIINSKKxJaYZ3oHAhty+r2FAG86hGWCz0IlQjokbRAiFQzF6E
X6/ekn3FvaXsXka4sgsNt32VMhM+x/uybP93j7KLJl5E6+yqSYeEnSE5wS3i7Pwt
3/nAm/oVYO8lpL/IhMLAxTmmViF+I00OB0SOvAm/bFisyrLTuToolGhmc0mnNjxK
SuztdN0aEkS9GlyvpbQKqK43bIECAwEAAaOCAcUwggHBMB0GA1UdDgQWBBS3G87E
3X9cqXUMFMgfUX/F8zVxmDAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDQ1My5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
pwswDQYJKoZIhvcNAQELBQADggEBADfrkuLl9TVJ5SfcKVLDPnND7boCVV8+WeUH
7GhSOeQ8g74uS5/FXfx68sUKP1ynLvqO49fLLWxDS4ql0ZQJZmI7EDkrbF76PjKb
nSkPMLkxIr5sk6pv93sLxYqv1XcCzAi3Anv29BghV5xyRMvP2LCkbygoOgAqTP1o
W7fKNKC5SWrXRvrkrpGBATnWIp9nn8HhIw78AizDxnL4b3XBsm8c3BBtLoh8/ho7
mAY8lzPs2+2nws9YquAOF/k2Nr6L3MFdY19nY4Usku1Pdd00mq/rrdcAwMQKtygb
efKrXNkDfNCzki2chfQgytqAVtd3kbs4GVi2lbfpvwxn+U+GvOE=
-----END CERTIFICATE-----