Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144470.roa
File:                     AS144470.roa (raw, json)
Hash identifier:          yZIhC9/uiWLV3P9aduLcoEiSIKz/ZOyP74xSfQn6j+c=
Subject key identifier:   11:F1:BB:E1:62:E9:D0:5B:1D:BA:ED:BA:B2:98:D1:F4:1F:B9:AC:D9
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       01C20283B7F58B1D6866BF4A2E4FE3E6F5097149
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144470.roa
Signing time:             Wed 04 Mar 2026 06:14:27 +0000
ROA not before:           Wed 04 Mar 2026 06:09:27 +0000
ROA not after:            Wed 03 Mar 2027 06:14:27 +0000
asID:                     144470
IP address blocks:        240a:a71c::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:c2:02:83:b7:f5:8b:1d:68:66:bf:4a:2e:4f:e3:e6:f5:09:71:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:09:27 2026 GMT
            Not After : Mar  3 06:14:27 2027 GMT
        Subject: CN=11F1BBE162E9D05B1DBAEDBAB298D1F41FB9ACD9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:d1:70:46:cd:e1:9b:d0:df:50:2c:00:2b:ab:
                    67:73:85:bc:3c:1b:1b:6e:15:15:5e:a2:13:f4:ff:
                    37:1c:58:68:0b:24:6c:27:1a:d8:39:6c:c2:f7:33:
                    88:c1:0b:c9:7e:37:6d:61:90:50:eb:bb:03:aa:0f:
                    d5:8d:6b:6b:69:ab:a5:e7:be:d4:a8:e1:02:7e:d7:
                    6d:14:c0:71:ae:ae:50:25:cc:00:ee:5a:cc:1c:ec:
                    9d:91:d8:d9:b5:65:ea:a3:db:3d:1a:23:12:06:8e:
                    b2:0d:a6:24:75:4f:1c:ec:70:c1:36:f5:1e:bb:bc:
                    20:75:1b:44:92:f0:d3:2e:8d:9a:55:b0:3b:83:42:
                    31:24:9d:d0:8e:36:40:60:2b:79:b7:7e:af:18:b7:
                    eb:93:e4:d4:0d:f9:3e:7a:36:f8:1e:ba:66:79:18:
                    79:4e:9f:ca:11:20:8a:a3:a2:49:c3:f6:aa:1e:a3:
                    59:0e:80:d8:2e:b9:f4:12:c8:30:c8:e3:0e:fb:aa:
                    1f:4f:35:57:7a:d4:e6:8d:ef:8e:11:7f:48:36:82:
                    16:da:31:ba:5a:64:ef:e6:c3:41:09:da:23:fa:09:
                    2b:d0:e1:55:76:6e:32:48:fc:04:1b:98:94:e5:b7:
                    e3:ed:3d:86:c4:e3:59:86:87:7d:50:81:0f:e4:7a:
                    d8:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:F1:BB:E1:62:E9:D0:5B:1D:BA:ED:BA:B2:98:D1:F4:1F:B9:AC:D9
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144470.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a71c::/32

    Signature Algorithm: sha256WithRSAEncryption
         69:ca:61:ea:77:e5:f8:2c:91:93:1e:20:ae:18:ee:d2:41:db:
         96:52:52:8d:81:6a:ed:9b:4a:e0:3b:ec:3a:26:85:03:20:58:
         45:36:d6:9d:63:7d:61:74:73:ff:c2:a5:10:ae:62:ac:0d:29:
         0e:26:44:7a:c6:cd:68:59:91:46:6e:c0:e2:88:76:53:a9:f8:
         d2:dc:26:35:03:c1:ff:42:ab:d4:0e:f2:c2:c7:3b:a2:24:26:
         ce:94:0f:51:ff:79:3d:88:18:b9:b2:c8:08:d7:53:08:67:4b:
         19:07:2b:cb:3a:34:56:1a:6d:18:c5:92:8d:55:43:92:21:c1:
         e2:5a:9b:76:2c:fd:ad:d0:fc:ae:64:3a:79:28:e2:c6:b9:ec:
         f0:09:8d:25:67:e0:85:55:0a:0f:a3:31:28:8a:2c:14:b5:59:
         5a:ea:d9:c4:6e:09:5a:5f:1e:ad:85:b3:ea:56:92:f5:19:58:
         d5:a6:2e:c1:e1:f6:43:d4:84:dc:cb:36:be:f3:49:e9:74:fd:
         32:5d:fd:15:8f:8d:11:52:6c:29:c4:5b:ef:ad:db:e7:e1:67:
         74:76:37:47:b6:d4:cc:37:a9:d1:7e:b3:be:80:1d:e0:31:41:
         e5:8b:51:14:73:6f:96:2c:07:d2:37:eb:b3:d5:63:b1:4b:50:
         53:d6:cc:9b
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUAcICg7f1ix1oZr9KLk/j5vUJcUkwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDkyN1oX
DTI3MDMwMzA2MTQyN1owMzExMC8GA1UEAxMoMTFGMUJCRTE2MkU5RDA1QjFEQkFF
REJBQjI5OEQxRjQxRkI5QUNEOTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALvRcEbN4ZvQ31AsACurZ3OFvDwbG24VFV6iE/T/NxxYaAskbCca2Dlswvcz
iMELyX43bWGQUOu7A6oP1Y1ra2mrpee+1KjhAn7XbRTAca6uUCXMAO5azBzsnZHY
2bVl6qPbPRojEgaOsg2mJHVPHOxwwTb1Hru8IHUbRJLw0y6NmlWwO4NCMSSd0I42
QGArebd+rxi365Pk1A35Pno2+B66ZnkYeU6fyhEgiqOiScP2qh6jWQ6A2C659BLI
MMjjDvuqH081V3rU5o3vjhF/SDaCFtoxulpk7+bDQQnaI/oJK9DhVXZuMkj8BBuY
lOW34+09hsTjWYaHfVCBD+R62OUCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQR8bvh
YunQWx267bqymNH0H7ms2TAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDQ3MC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
pxwwDQYJKoZIhvcNAQELBQADggEBAGnKYep35fgskZMeIK4Y7tJB25ZSUo2Bau2b
SuA77DomhQMgWEU21p1jfWF0c//CpRCuYqwNKQ4mRHrGzWhZkUZuwOKIdlOp+NLc
JjUDwf9Cq9QO8sLHO6IkJs6UD1H/eT2IGLmyyAjXUwhnSxkHK8s6NFYabRjFko1V
Q5IhweJam3Ys/a3Q/K5kOnko4sa57PAJjSVn4IVVCg+jMSiKLBS1WVrq2cRuCVpf
Hq2Fs+pWkvUZWNWmLsHh9kPUhNzLNr7zSel0/TJd/RWPjRFSbCnEW++t2+fhZ3R2
N0e21Mw3qdF+s76AHeAxQeWLURRzb5YsB9I367PVY7FLUFPWzJs=
-----END CERTIFICATE-----