Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144472.roa
File:                     AS144472.roa (raw, json)
Hash identifier:          Qf671TcAnuWIh3cDp1iaLGAC9nKkSub5rW28GuSWLcA=
Subject key identifier:   C1:79:3E:7A:B5:C2:5F:19:68:57:3E:98:26:C2:19:D8:C4:C4:A0:BC
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       64D1BFC26A45EC1C3CF4D1F7C4AA8B08A93BD8D2
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144472.roa
Signing time:             Wed 04 Mar 2026 06:13:35 +0000
ROA not before:           Wed 04 Mar 2026 06:08:35 +0000
ROA not after:            Wed 03 Mar 2027 06:13:35 +0000
asID:                     144472
IP address blocks:        240a:a71e::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            64:d1:bf:c2:6a:45:ec:1c:3c:f4:d1:f7:c4:aa:8b:08:a9:3b:d8:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:08:35 2026 GMT
            Not After : Mar  3 06:13:35 2027 GMT
        Subject: CN=C1793E7AB5C25F1968573E9826C219D8C4C4A0BC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f4:4c:9c:f8:45:11:30:d3:49:8b:e0:a8:5c:9e:
                    71:e4:71:28:b1:26:3b:92:1d:65:2e:46:9d:6d:4e:
                    c9:26:2d:7c:03:de:17:21:e9:10:60:29:1c:60:e9:
                    d0:16:6a:92:b7:bf:29:f1:7c:b7:e6:88:57:41:e4:
                    d0:86:ef:6a:41:17:97:f7:87:1b:ce:c2:e4:78:7a:
                    d9:09:df:21:da:86:bc:b4:97:02:e7:3e:0a:3d:bf:
                    7b:07:cd:f0:54:d3:73:dc:03:b0:03:aa:21:5b:67:
                    48:70:55:bf:10:48:c7:bd:28:fd:e0:28:c4:27:a3:
                    7c:f5:90:e1:11:0d:b5:7d:3f:00:1b:42:30:eb:de:
                    cf:52:99:0c:f6:84:fd:c8:74:92:1d:a8:0a:9c:ac:
                    40:ed:29:dd:39:c0:d0:77:76:10:aa:86:2b:c6:24:
                    b2:fa:30:b9:f8:6d:86:ee:d3:e6:07:19:c9:51:db:
                    60:66:df:98:1e:29:f4:ba:52:78:5d:9e:39:7b:56:
                    d1:e4:d5:d1:a7:91:0b:0c:4a:ab:bb:a5:e0:f8:de:
                    99:92:40:2d:5d:3c:55:61:45:b0:1a:9b:1c:98:9d:
                    45:53:1e:ca:c0:56:f6:94:12:ee:67:75:14:d3:9a:
                    bc:84:0a:83:9c:29:24:2a:b0:b7:80:7e:82:d2:34:
                    97:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:79:3E:7A:B5:C2:5F:19:68:57:3E:98:26:C2:19:D8:C4:C4:A0:BC
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144472.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a71e::/32

    Signature Algorithm: sha256WithRSAEncryption
         75:93:31:fd:fb:87:a9:18:44:92:a6:db:42:8f:23:ac:48:df:
         5a:2b:c9:99:f5:47:43:7c:b7:c5:6a:f0:03:2f:2a:3e:15:ae:
         54:89:f9:3b:b2:ad:45:a0:fa:25:8e:2f:17:03:ec:dd:6f:50:
         25:bd:3b:f1:85:21:1c:a6:ff:2d:b9:20:72:96:17:93:05:e3:
         69:fd:af:26:3f:91:f6:35:2b:c0:c3:71:05:ab:fa:1a:a4:c6:
         6f:6b:af:82:30:cf:de:3c:04:d4:dc:a2:38:b4:19:25:85:ba:
         fe:43:3d:2c:a0:55:a8:dc:95:13:0c:28:ab:fb:55:0e:9f:42:
         67:3e:18:f0:9a:96:41:43:8c:02:ea:52:e7:16:f4:ce:3b:0c:
         88:c6:8e:74:c9:96:69:4a:c5:22:96:5e:8d:77:25:f9:8c:03:
         f9:ec:aa:92:e7:d0:72:bd:43:7d:e8:e4:1a:cc:1b:f4:61:e0:
         32:62:c3:f3:39:8b:2d:aa:ee:12:9a:d5:fc:2a:68:5c:07:69:
         f3:89:4d:de:30:fb:e3:c9:f0:57:5c:2f:df:0d:c2:ce:c3:14:
         e6:40:64:fb:c9:3a:6b:58:d9:bb:3f:4f:57:03:b4:e5:bb:11:
         4b:34:c1:dd:de:8f:59:40:0e:ce:b4:dd:57:19:bb:d7:76:5e:
         85:d2:4a:49
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUZNG/wmpF7Bw89NH3xKqLCKk72NIwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDgzNVoX
DTI3MDMwMzA2MTMzNVowMzExMC8GA1UEAxMoQzE3OTNFN0FCNUMyNUYxOTY4NTcz
RTk4MjZDMjE5RDhDNEM0QTBCQzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAPRMnPhFETDTSYvgqFyeceRxKLEmO5IdZS5GnW1OySYtfAPeFyHpEGApHGDp
0BZqkre/KfF8t+aIV0Hk0IbvakEXl/eHG87C5Hh62QnfIdqGvLSXAuc+Cj2/ewfN
8FTTc9wDsAOqIVtnSHBVvxBIx70o/eAoxCejfPWQ4RENtX0/ABtCMOvez1KZDPaE
/ch0kh2oCpysQO0p3TnA0Hd2EKqGK8Yksvowufhthu7T5gcZyVHbYGbfmB4p9LpS
eF2eOXtW0eTV0aeRCwxKq7ul4PjemZJALV08VWFFsBqbHJidRVMeysBW9pQS7md1
FNOavIQKg5wpJCqwt4B+gtI0lz8CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBTBeT56
tcJfGWhXPpgmwhnYxMSgvDAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDQ3Mi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
px4wDQYJKoZIhvcNAQELBQADggEBAHWTMf37h6kYRJKm20KPI6xI31oryZn1R0N8
t8Vq8AMvKj4VrlSJ+TuyrUWg+iWOLxcD7N1vUCW9O/GFIRym/y25IHKWF5MF42n9
ryY/kfY1K8DDcQWr+hqkxm9rr4Iwz948BNTcoji0GSWFuv5DPSygVajclRMMKKv7
VQ6fQmc+GPCalkFDjALqUucW9M47DIjGjnTJlmlKxSKWXo13JfmMA/nsqpLn0HK9
Q33o5BrMG/Rh4DJiw/M5iy2q7hKa1fwqaFwHafOJTd4w++PJ8FdcL98Nws7DFOZA
ZPvJOmtY2bs/T1cDtOW7EUs0wd3ej1lADs603VcZu9d2XoXSSkk=
-----END CERTIFICATE-----