Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144489.roa
File:                     AS144489.roa (raw, json)
Hash identifier:          ZKS/PTyvJ/qjAV5mH20snpQymVZcl1N0HjeZ4HYyOt8=
Subject key identifier:   B2:28:A6:61:0F:11:38:94:5C:18:29:5F:6B:EE:4E:5D:A5:90:2F:88
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       224EF16B8A727B3C86E2D57A8E467E8770434226
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144489.roa
Signing time:             Wed 04 Mar 2026 06:13:46 +0000
ROA not before:           Wed 04 Mar 2026 06:08:46 +0000
ROA not after:            Wed 03 Mar 2027 06:13:46 +0000
asID:                     144489
IP address blocks:        240a:a72f::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:4e:f1:6b:8a:72:7b:3c:86:e2:d5:7a:8e:46:7e:87:70:43:42:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:08:46 2026 GMT
            Not After : Mar  3 06:13:46 2027 GMT
        Subject: CN=B228A6610F1138945C18295F6BEE4E5DA5902F88
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:cd:61:93:a3:c2:5b:ea:46:c2:5e:12:12:3b:
                    b4:f0:0b:4a:d5:d0:07:1e:c3:72:41:f0:6e:dd:31:
                    66:9c:fc:af:b5:62:e2:c1:ee:bd:06:3b:60:c7:48:
                    70:8c:0a:57:dc:cf:5d:9a:06:ae:6e:e8:56:c4:de:
                    e8:2a:5c:6e:2c:77:fb:58:57:f0:69:e6:66:96:42:
                    b1:af:a6:74:ac:35:63:66:60:11:74:ef:54:e4:d2:
                    7b:ad:06:11:d1:e3:85:3a:d4:2e:b8:e0:a6:36:9d:
                    a2:f4:dd:71:9a:8e:e2:6b:93:cc:5e:02:a9:d3:10:
                    e6:18:b2:a1:d7:2c:7f:eb:a1:b4:f8:6d:86:ae:82:
                    d2:c2:bb:2a:e8:12:6a:6e:a0:a5:17:c3:22:da:b6:
                    b2:b4:6f:12:a0:88:6c:1c:ed:25:d2:ea:df:0c:53:
                    58:b8:bf:07:3e:0c:dc:ca:19:6e:01:17:9a:1a:ec:
                    33:55:c2:eb:3d:a2:ff:b5:95:55:e7:7d:2b:a8:78:
                    5c:e7:09:c8:6e:8b:9f:a2:b2:7c:86:51:0a:99:a2:
                    a6:03:46:c4:8f:a5:17:18:01:3e:df:76:f1:c0:2f:
                    f7:82:c6:77:15:40:41:f4:46:36:ea:90:a4:c2:20:
                    04:ea:1c:b9:c1:c6:ed:d9:21:11:82:a3:19:c8:d2:
                    b5:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:28:A6:61:0F:11:38:94:5C:18:29:5F:6B:EE:4E:5D:A5:90:2F:88
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144489.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a72f::/32

    Signature Algorithm: sha256WithRSAEncryption
         2f:f9:23:2a:6b:cb:c8:99:90:13:59:4b:ee:85:9b:54:70:37:
         ef:17:40:dc:0b:61:4c:3f:d0:34:14:c5:67:1d:77:58:ef:f8:
         35:79:69:3e:62:b5:dd:28:11:50:3f:19:3f:38:b9:36:bb:9b:
         d6:cf:23:80:7a:5f:9f:5f:65:ab:df:c2:df:b8:7c:dc:b3:8e:
         7c:fc:6a:15:73:88:a0:3d:05:be:04:53:d7:4b:fb:f6:8b:29:
         82:42:1b:59:15:be:fb:54:3e:71:77:c5:4d:b6:b6:01:2a:6f:
         77:82:d4:9f:b7:99:7c:9d:c9:ae:ed:3a:8b:d2:e2:af:0e:ff:
         98:5a:5d:fa:ce:6f:23:12:46:0c:4b:5a:db:cf:ec:39:0c:41:
         5b:1f:61:cb:ef:c8:2d:25:b5:2e:bf:fd:21:8d:0c:e1:9b:54:
         bb:02:38:f9:8a:f2:4f:95:4e:f0:db:8f:92:8f:00:90:e5:6f:
         85:87:16:93:c0:34:11:19:95:39:d1:e4:29:eb:75:b4:83:53:
         4a:57:87:6f:98:b6:a7:5e:a7:0a:11:99:36:75:51:24:21:57:
         b1:ac:4c:2b:39:ac:da:d9:8c:d0:ea:e5:76:9c:f9:58:7b:4b:
         db:9a:d2:c0:07:eb:75:ca:62:4e:15:60:8d:8c:16:06:19:27:
         b9:49:15:6f
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUIk7xa4pyezyG4tV6jkZ+h3BDQiYwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MDg0NloX
DTI3MDMwMzA2MTM0NlowMzExMC8GA1UEAxMoQjIyOEE2NjEwRjExMzg5NDVDMTgy
OTVGNkJFRTRFNURBNTkwMkY4ODCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANzNYZOjwlvqRsJeEhI7tPALStXQBx7DckHwbt0xZpz8r7Vi4sHuvQY7YMdI
cIwKV9zPXZoGrm7oVsTe6Cpcbix3+1hX8GnmZpZCsa+mdKw1Y2ZgEXTvVOTSe60G
EdHjhTrULrjgpjadovTdcZqO4muTzF4CqdMQ5hiyodcsf+uhtPhthq6C0sK7KugS
am6gpRfDItq2srRvEqCIbBztJdLq3wxTWLi/Bz4M3MoZbgEXmhrsM1XC6z2i/7WV
Ved9K6h4XOcJyG6Ln6KyfIZRCpmipgNGxI+lFxgBPt928cAv94LGdxVAQfRGNuqQ
pMIgBOocucHG7dkhEYKjGcjStTMCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBSyKKZh
DxE4lFwYKV9r7k5dpZAviDAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDQ4OS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
py8wDQYJKoZIhvcNAQELBQADggEBAC/5Iypry8iZkBNZS+6Fm1RwN+8XQNwLYUw/
0DQUxWcdd1jv+DV5aT5itd0oEVA/GT84uTa7m9bPI4B6X59fZavfwt+4fNyzjnz8
ahVziKA9Bb4EU9dL+/aLKYJCG1kVvvtUPnF3xU22tgEqb3eC1J+3mXydya7tOovS
4q8O/5haXfrObyMSRgxLWtvP7DkMQVsfYcvvyC0ltS6//SGNDOGbVLsCOPmK8k+V
TvDbj5KPAJDlb4WHFpPANBEZlTnR5CnrdbSDU0pXh2+YtqdepwoRmTZ1USQhV7Gs
TCs5rNrZjNDq5Xac+Vh7S9ua0sAH63XKYk4VYI2MFgYZJ7lJFW8=
-----END CERTIFICATE-----