Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144462.roa
File:                     AS144462.roa (raw, json)
Hash identifier:          vXYbFVQHZwT5pZVS+JZK2MxgoQRAiHCmCteZ52oUmrE=
Subject key identifier:   C7:6B:24:BD:F0:67:E5:0A:B4:A4:1E:9C:CE:6A:E3:0D:41:F0:5D:7D
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       2E6548CA432CC215F4151887C9C1AF612F372B18
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144462.roa
Signing time:             Wed 04 Mar 2026 06:13:22 +0000
ROA not before:           Wed 04 Mar 2026 06:08:22 +0000
ROA not after:            Wed 03 Mar 2027 06:13:22 +0000
asID:                     144462
IP address blocks:        240a:a714::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2e:65:48:ca:43:2c:c2:15:f4:15:18:87:c9:c1:af:61:2f:37:2b:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:08:22 2026 GMT
            Not After : Mar  3 06:13:22 2027 GMT
        Subject: CN=C76B24BDF067E50AB4A41E9CCE6AE30D41F05D7D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:1c:64:f8:9d:5c:df:0d:0a:a8:f7:a7:d7:03:
                    5d:78:80:26:f9:d5:7c:f7:fd:25:cd:5c:65:37:e6:
                    ef:b4:90:fe:57:28:8f:8e:4c:f3:5e:33:bd:86:cf:
                    5a:4c:9e:db:d3:f3:6d:70:16:c3:c9:ab:a6:6a:8a:
                    e4:d2:21:c2:45:35:b5:bc:8c:b0:4a:6e:c7:3e:16:
                    af:3b:3a:3e:2b:53:61:a8:d5:09:50:63:5a:28:5e:
                    6b:92:f9:6b:16:34:e5:ab:1d:5c:7a:e5:a2:52:3f:
                    05:ed:a7:2b:39:b3:ed:f8:14:e1:ce:41:a7:b6:31:
                    f1:be:16:b0:7a:4f:84:74:d2:13:bd:2b:e1:f5:b0:
                    c1:cb:fa:42:f3:ba:f8:f3:f4:47:a9:56:86:fc:ca:
                    9e:63:eb:18:dc:96:ab:f3:f5:3d:b8:c6:09:b4:a2:
                    3d:53:88:62:46:1a:ba:13:09:c0:8c:48:dd:63:84:
                    ef:81:ad:e6:89:b1:96:a9:9e:05:f9:8d:52:49:e6:
                    80:eb:f0:b3:a2:2b:c4:57:0e:60:fa:3d:1a:a0:81:
                    c2:c3:a6:1c:23:65:fb:09:d8:91:30:ef:8b:91:8f:
                    35:db:88:27:84:db:96:cf:71:a7:9c:6b:cf:6b:58:
                    86:72:eb:f8:0e:38:c0:83:e2:d2:8c:cc:5e:c8:64:
                    a3:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:6B:24:BD:F0:67:E5:0A:B4:A4:1E:9C:CE:6A:E3:0D:41:F0:5D:7D
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144462.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a714::/32

    Signature Algorithm: sha256WithRSAEncryption
         64:d2:0d:ac:fe:89:ec:4f:be:91:05:28:79:86:18:e2:0f:af:
         14:31:48:3e:c6:ec:92:41:64:6e:1e:56:ec:35:74:63:a5:73:
         a7:eb:0a:b2:e4:27:59:72:2d:e1:5c:52:49:24:e8:7c:80:9d:
         c4:f7:49:22:eb:e5:8b:cb:4f:37:77:26:d3:d1:3f:b6:28:da:
         7c:b5:92:ea:98:c0:cd:5c:1c:e2:60:4e:59:f8:2f:76:c6:6b:
         3a:29:79:df:91:94:b1:bc:a8:b3:50:c3:63:fd:a8:ce:f0:8e:
         83:11:61:e5:1c:76:d3:b1:81:43:39:e8:54:4c:6a:5a:92:61:
         63:0b:bc:cb:2a:93:6f:4f:1f:a4:9b:ff:27:e2:1b:47:24:9b:
         a8:8e:83:c9:06:02:61:d5:81:d6:c3:cd:b0:77:d6:f5:28:b7:
         d9:7d:16:5a:93:b0:42:f6:5f:cd:24:84:49:83:86:fe:82:5e:
         f8:22:dd:49:95:6b:03:74:63:be:d2:9b:f6:d1:0f:5b:3c:e3:
         9d:92:cb:84:82:92:a1:9f:3c:85:ef:d9:79:19:0a:6b:6b:01:
         78:18:2c:6a:01:0e:90:18:6b:f8:5f:f3:3b:9e:44:8a:a8:53:
         57:c3:a8:ac:bf:bc:9b:cc:7b:97:5d:cd:62:6a:57:17:74:8d:
         8d:08:39:8e
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIULmVIykMswhX0FRiHycGvYS83KxgwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDgyMloX
DTI3MDMwMzA2MTMyMlowMzExMC8GA1UEAxMoQzc2QjI0QkRGMDY3RTUwQUI0QTQx
RTlDQ0U2QUUzMEQ0MUYwNUQ3RDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJ0cZPidXN8NCqj3p9cDXXiAJvnVfPf9Jc1cZTfm77SQ/lcoj45M814zvYbP
Wkye29PzbXAWw8mrpmqK5NIhwkU1tbyMsEpuxz4Wrzs6PitTYajVCVBjWihea5L5
axY05asdXHrlolI/Be2nKzmz7fgU4c5Bp7Yx8b4WsHpPhHTSE70r4fWwwcv6QvO6
+PP0R6lWhvzKnmPrGNyWq/P1PbjGCbSiPVOIYkYauhMJwIxI3WOE74Gt5omxlqme
BfmNUknmgOvws6IrxFcOYPo9GqCBwsOmHCNl+wnYkTDvi5GPNduIJ4Tbls9xp5xr
z2tYhnLr+A44wIPi0ozMXshko2ECAwEAAaOCAcUwggHBMB0GA1UdDgQWBBTHayS9
8GflCrSkHpzOauMNQfBdfTAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDQ2Mi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
pxQwDQYJKoZIhvcNAQELBQADggEBAGTSDaz+iexPvpEFKHmGGOIPrxQxSD7G7JJB
ZG4eVuw1dGOlc6frCrLkJ1lyLeFcUkkk6HyAncT3SSLr5YvLTzd3JtPRP7Yo2ny1
kuqYwM1cHOJgTln4L3bGazoped+RlLG8qLNQw2P9qM7wjoMRYeUcdtOxgUM56FRM
alqSYWMLvMsqk29PH6Sb/yfiG0ckm6iOg8kGAmHVgdbDzbB31vUot9l9FlqTsEL2
X80khEmDhv6CXvgi3UmVawN0Y77Sm/bRD1s8452Sy4SCkqGfPIXv2XkZCmtrAXgY
LGoBDpAYa/hf8zueRIqoU1fDqKy/vJvMe5ddzWJqVxd0jY0IOY4=
-----END CERTIFICATE-----