Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144465.roa
File:                     AS144465.roa (raw, json)
Hash identifier:          lAVwDl0W/N5EnRfr93eleAOujhV4l+ULFdcgTAjCUG0=
Subject key identifier:   CF:7B:FD:A5:09:9E:12:9B:09:63:08:ED:AB:B9:16:B3:F3:78:60:9D
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       4EB3AAFCE834652435D9D455276F97DDFFB83ACF
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144465.roa
Signing time:             Wed 04 Mar 2026 06:15:18 +0000
ROA not before:           Wed 04 Mar 2026 06:10:18 +0000
ROA not after:            Wed 03 Mar 2027 06:15:18 +0000
asID:                     144465
IP address blocks:        240a:a717::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4e:b3:aa:fc:e8:34:65:24:35:d9:d4:55:27:6f:97:dd:ff:b8:3a:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:10:18 2026 GMT
            Not After : Mar  3 06:15:18 2027 GMT
        Subject: CN=CF7BFDA5099E129B096308EDABB916B3F378609D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:27:3d:a1:89:39:73:f3:95:bf:33:16:57:48:
                    b0:71:28:eb:73:72:b8:f2:28:68:37:68:f4:db:a2:
                    7f:bd:03:d4:19:58:d4:aa:ac:71:73:73:f0:7a:2b:
                    64:5f:a8:9e:13:6b:bc:ab:8e:c3:b9:d0:d0:26:ab:
                    25:e1:45:e8:20:a8:7b:5f:35:87:69:27:c2:31:cf:
                    fa:93:d8:fa:86:a0:bc:12:f4:d7:54:c6:52:f3:47:
                    a7:6c:36:a7:45:6e:3a:41:a7:be:17:f9:d5:8a:1a:
                    ab:58:80:53:82:9d:0d:f6:b3:a1:2e:47:8c:db:5d:
                    19:f8:3a:12:46:9a:8b:01:de:11:76:20:59:da:64:
                    d8:f1:23:32:d2:ae:98:e4:a3:df:a5:9a:5b:2c:0a:
                    2b:16:9a:2d:91:52:35:02:30:33:f3:ed:d6:4d:be:
                    53:60:9e:48:de:7e:2d:7d:81:5c:51:11:9d:b7:1e:
                    7d:14:20:ee:6d:fe:22:1f:c2:8a:03:b6:c2:d0:e2:
                    e8:51:4c:9d:5d:e0:3f:33:7e:69:df:5c:87:36:73:
                    cc:cc:83:93:a8:e0:c2:9b:7b:b3:bf:49:94:48:11:
                    bc:c7:7c:0c:14:ca:a4:86:d0:23:50:b9:10:6b:92:
                    9f:2f:14:45:db:cf:96:51:74:7a:10:c4:2a:f3:35:
                    61:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:7B:FD:A5:09:9E:12:9B:09:63:08:ED:AB:B9:16:B3:F3:78:60:9D
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144465.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a717::/32

    Signature Algorithm: sha256WithRSAEncryption
         b9:12:2e:ff:7c:9a:37:6b:e3:4c:d7:e1:26:e4:7e:a5:ef:99:
         75:e6:05:ff:23:ae:70:14:7f:87:4e:1e:41:8c:54:76:b4:3c:
         70:41:63:04:ad:20:43:4c:cc:37:80:48:08:d9:23:ba:b2:52:
         7c:a4:0f:a1:53:0d:15:af:df:ff:3b:56:3e:41:7d:d0:16:e0:
         86:3a:ae:0e:df:f3:75:b5:f3:23:4c:8b:3b:d8:ae:61:ec:7c:
         41:23:97:bf:f0:6d:7e:e0:ae:92:b4:a4:b1:19:7d:d0:c2:da:
         86:29:3d:d2:f1:ab:28:df:ff:70:bc:e0:9d:41:aa:59:52:03:
         a8:46:90:47:bf:7d:24:57:16:d3:93:e2:5b:76:1d:0c:b6:31:
         81:0e:c8:2b:d5:7c:e9:2b:09:b5:16:10:58:c5:d4:fd:4c:cb:
         02:fd:98:91:b7:27:43:99:c2:1f:52:ef:07:ef:08:4d:a4:a1:
         37:68:be:76:36:ce:1c:db:c8:17:c9:fa:34:39:cd:cd:f6:71:
         2d:c2:9b:83:44:8f:79:a4:50:af:59:62:ad:eb:5e:f0:05:b2:
         03:e6:f2:bd:4c:5d:da:b1:f4:aa:67:05:9a:66:03:f0:0e:53:
         5e:09:5a:b6:20:b3:d8:a8:4c:d5:37:fa:c8:be:c9:51:67:50:
         2b:bd:15:83
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUTrOq/Og0ZSQ12dRVJ2+X3f+4Os8wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTAxOFoX
DTI3MDMwMzA2MTUxOFowMzExMC8GA1UEAxMoQ0Y3QkZEQTUwOTlFMTI5QjA5NjMw
OEVEQUJCOTE2QjNGMzc4NjA5RDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKAnPaGJOXPzlb8zFldIsHEo63NyuPIoaDdo9Nuif70D1BlY1KqscXNz8Hor
ZF+onhNrvKuOw7nQ0CarJeFF6CCoe181h2knwjHP+pPY+oagvBL011TGUvNHp2w2
p0VuOkGnvhf51Yoaq1iAU4KdDfazoS5HjNtdGfg6EkaaiwHeEXYgWdpk2PEjMtKu
mOSj36WaWywKKxaaLZFSNQIwM/Pt1k2+U2CeSN5+LX2BXFERnbcefRQg7m3+Ih/C
igO2wtDi6FFMnV3gPzN+ad9chzZzzMyDk6jgwpt7s79JlEgRvMd8DBTKpIbQI1C5
EGuSny8URdvPllF0ehDEKvM1Yb0CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBTPe/2l
CZ4SmwljCO2ruRaz83hgnTAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDQ2NS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
pxcwDQYJKoZIhvcNAQELBQADggEBALkSLv98mjdr40zX4SbkfqXvmXXmBf8jrnAU
f4dOHkGMVHa0PHBBYwStIENMzDeASAjZI7qyUnykD6FTDRWv3/87Vj5BfdAW4IY6
rg7f83W18yNMizvYrmHsfEEjl7/wbX7grpK0pLEZfdDC2oYpPdLxqyjf/3C84J1B
qllSA6hGkEe/fSRXFtOT4lt2HQy2MYEOyCvVfOkrCbUWEFjF1P1MywL9mJG3J0OZ
wh9S7wfvCE2koTdovnY2zhzbyBfJ+jQ5zc32cS3Cm4NEj3mkUK9ZYq3rXvAFsgPm
8r1MXdqx9KpnBZpmA/AOU14JWrYgs9ioTNU3+si+yVFnUCu9FYM=
-----END CERTIFICATE-----