Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144456.roa
File:                     AS144456.roa (raw, json)
Hash identifier:          ghfkVqCv2SemqBGvaXX/N1yTPoIuOxRl/dyxkup5gjU=
Subject key identifier:   F5:5E:4C:94:59:B0:8B:49:BD:7B:BF:6E:CB:E2:37:F8:46:0F:CF:2B
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       28D4D43A05F27A5244A73B95FE8553BB181D592B
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144456.roa
Signing time:             Wed 04 Mar 2026 06:12:59 +0000
ROA not before:           Wed 04 Mar 2026 06:07:59 +0000
ROA not after:            Wed 03 Mar 2027 06:12:59 +0000
asID:                     144456
IP address blocks:        240a:a70e::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:d4:d4:3a:05:f2:7a:52:44:a7:3b:95:fe:85:53:bb:18:1d:59:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:07:59 2026 GMT
            Not After : Mar  3 06:12:59 2027 GMT
        Subject: CN=F55E4C9459B08B49BD7BBF6ECBE237F8460FCF2B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:cc:51:51:32:c2:3e:bb:e2:d5:56:01:98:13:
                    ed:e3:5d:16:5b:a5:d0:52:0b:9d:44:62:7f:47:32:
                    66:ac:27:c0:4d:76:73:4b:16:30:ab:f3:9d:f1:8c:
                    f2:e1:8d:ea:ba:60:75:4a:f8:e7:0b:77:6a:50:98:
                    95:c6:cd:96:73:f7:a2:b7:70:a7:16:77:4c:ea:4e:
                    5a:5a:a3:e0:bd:35:6a:61:fa:53:d2:36:21:78:46:
                    cb:91:f6:d3:65:c9:73:ba:13:cd:36:db:89:6a:bc:
                    05:59:e2:7a:e4:08:7f:ab:c6:e7:be:fc:89:57:dd:
                    7c:59:0a:02:7c:b0:73:e5:48:82:71:fe:39:a6:33:
                    48:23:ae:1e:45:55:62:6c:87:03:f0:75:82:58:9c:
                    10:23:b7:da:c0:e5:dd:0e:9b:d6:2e:0e:42:69:1d:
                    2b:f3:f6:15:b6:76:77:d3:6a:5d:01:13:ec:dd:89:
                    d8:2d:9a:65:67:a7:a6:b3:40:98:b9:bb:3a:f5:a9:
                    27:11:3f:05:16:1c:7a:37:4b:46:fe:de:83:8b:3f:
                    d1:35:e8:fe:ae:4f:f5:fd:80:41:a1:31:1a:44:a8:
                    40:95:1c:2b:13:f8:2f:0c:8e:74:6a:c9:44:19:ce:
                    97:ec:26:df:3b:84:ea:03:d6:68:ed:0b:56:ff:79:
                    03:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:5E:4C:94:59:B0:8B:49:BD:7B:BF:6E:CB:E2:37:F8:46:0F:CF:2B
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144456.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a70e::/32

    Signature Algorithm: sha256WithRSAEncryption
         46:5f:90:21:be:06:e7:46:cb:d0:d8:d2:b2:10:2f:44:87:8a:
         92:08:09:10:d5:9f:5b:2b:14:69:61:66:35:22:f0:0f:39:0e:
         6f:18:cd:aa:b6:b3:58:83:36:33:6f:bf:88:bc:b5:f8:38:41:
         1b:93:98:0b:69:22:00:ff:ab:a2:6d:c5:da:b8:81:44:2c:7d:
         1e:ad:e7:2f:60:61:3d:a0:43:73:03:03:7d:74:72:62:e1:9c:
         2e:4c:e5:25:d5:93:75:c9:c9:66:30:fc:86:c2:61:1c:a4:4e:
         22:1a:9d:45:fa:f2:5f:46:f5:e5:e8:48:71:2e:8b:51:33:36:
         c6:db:f1:56:eb:e4:57:0d:2b:c0:55:04:70:f2:17:ac:4a:6c:
         c1:32:b7:33:33:90:7c:8b:a0:73:53:27:9f:48:97:36:3a:58:
         7b:87:56:18:5d:86:32:cc:ff:07:7a:cd:0f:db:e4:11:cb:34:
         c8:9c:d8:3e:8d:90:14:31:0b:ef:3b:d2:f1:2f:06:ef:51:fb:
         a8:77:57:d4:46:48:71:01:a6:1b:ee:30:9e:df:45:39:5e:8e:
         b1:71:f4:42:70:69:7c:f5:cf:17:9d:22:38:2f:0a:f4:5a:a7:
         89:42:42:6b:a7:2e:bd:27:3b:f8:dd:4d:6e:9d:dd:3c:d3:6e:
         2d:c9:dc:d1
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUKNTUOgXyelJEpzuV/oVTuxgdWSswDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDc1OVoX
DTI3MDMwMzA2MTI1OVowMzExMC8GA1UEAxMoRjU1RTRDOTQ1OUIwOEI0OUJEN0JC
RjZFQ0JFMjM3Rjg0NjBGQ0YyQjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMnMUVEywj674tVWAZgT7eNdFlul0FILnURif0cyZqwnwE12c0sWMKvznfGM
8uGN6rpgdUr45wt3alCYlcbNlnP3ordwpxZ3TOpOWlqj4L01amH6U9I2IXhGy5H2
02XJc7oTzTbbiWq8BVnieuQIf6vG5778iVfdfFkKAnywc+VIgnH+OaYzSCOuHkVV
YmyHA/B1glicECO32sDl3Q6b1i4OQmkdK/P2FbZ2d9NqXQET7N2J2C2aZWenprNA
mLm7OvWpJxE/BRYcejdLRv7eg4s/0TXo/q5P9f2AQaExGkSoQJUcKxP4LwyOdGrJ
RBnOl+wm3zuE6gPWaO0LVv95A1MCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBT1XkyU
WbCLSb17v27L4jf4Rg/PKzAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDQ1Ni5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
pw4wDQYJKoZIhvcNAQELBQADggEBAEZfkCG+BudGy9DY0rIQL0SHipIICRDVn1sr
FGlhZjUi8A85Dm8Yzaq2s1iDNjNvv4i8tfg4QRuTmAtpIgD/q6Jtxdq4gUQsfR6t
5y9gYT2gQ3MDA310cmLhnC5M5SXVk3XJyWYw/IbCYRykTiIanUX68l9G9eXoSHEu
i1EzNsbb8Vbr5FcNK8BVBHDyF6xKbMEytzMzkHyLoHNTJ59IlzY6WHuHVhhdhjLM
/wd6zQ/b5BHLNMic2D6NkBQxC+870vEvBu9R+6h3V9RGSHEBphvuMJ7fRTlejrFx
9EJwaXz1zxedIjgvCvRap4lCQmunLr0nO/jdTW6d3TzTbi3J3NE=
-----END CERTIFICATE-----