Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144518.roa
File:                     AS144518.roa (raw, json)
Hash identifier:          PZ0EglQ//0Cs7vwfO0JpipBGoet2RyWuaq/jlk5EZqY=
Subject key identifier:   29:48:0F:9D:36:62:21:6A:01:5E:33:DE:70:DF:EE:D7:77:AB:8C:F1
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       686AA3FEFCD8775C91C6163C3AA693AC98DEC90D
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144518.roa
Signing time:             Wed 04 Mar 2026 06:21:43 +0000
ROA not before:           Wed 04 Mar 2026 06:16:43 +0000
ROA not after:            Wed 03 Mar 2027 06:21:43 +0000
asID:                     144518
IP address blocks:        240a:a74c::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:6a:a3:fe:fc:d8:77:5c:91:c6:16:3c:3a:a6:93:ac:98:de:c9:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:16:43 2026 GMT
            Not After : Mar  3 06:21:43 2027 GMT
        Subject: CN=29480F9D3662216A015E33DE70DFEED777AB8CF1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:2e:cd:dc:1d:6e:0c:46:35:eb:43:32:e8:5a:
                    03:36:cc:e1:1b:31:3a:87:63:6b:46:51:f4:2c:9d:
                    6d:94:6d:71:47:1b:c2:01:75:7d:f5:14:a6:fd:bc:
                    2b:c2:51:56:ea:7d:94:63:66:62:d8:82:07:52:99:
                    27:75:92:cb:89:0e:e8:0e:81:12:0d:c8:96:c1:e3:
                    ce:43:d9:85:5f:42:96:7b:42:b0:4a:43:36:70:5c:
                    94:f5:f4:5f:36:a3:a9:dc:2f:4e:ad:53:80:63:7e:
                    d1:d1:96:ed:24:50:c7:80:38:83:f5:dc:a5:94:43:
                    ef:45:51:9e:ed:e3:86:ab:23:41:94:9c:8b:e6:fe:
                    e2:f9:fc:d2:0a:b1:f3:f1:b1:6f:32:cd:02:e7:5b:
                    4b:d9:64:e5:69:d0:c1:cf:52:79:81:64:93:c9:52:
                    cd:f3:5b:cb:bf:05:12:77:9a:1e:d9:f4:0b:78:e0:
                    9e:43:b5:2c:85:fb:eb:9d:27:e7:88:cb:29:1b:6c:
                    ca:13:64:b4:0d:bc:f3:af:4f:60:f4:74:1f:41:18:
                    5f:a9:c4:ce:5e:5b:a5:d1:0b:e6:ce:26:8e:fb:33:
                    51:1a:03:3c:bc:5e:45:98:a1:a0:77:a9:9b:ce:e2:
                    e8:1c:70:22:e4:aa:93:7f:92:ef:ee:41:28:e6:9d:
                    90:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:48:0F:9D:36:62:21:6A:01:5E:33:DE:70:DF:EE:D7:77:AB:8C:F1
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144518.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a74c::/32

    Signature Algorithm: sha256WithRSAEncryption
         a5:ef:e5:ae:23:7c:16:6f:5a:83:e5:44:29:d5:30:ac:ac:da:
         de:a3:5e:6c:fe:d1:da:30:78:f5:68:81:db:db:f9:5b:a7:7a:
         11:68:ad:ab:d4:38:ea:47:9f:6a:fc:a3:a8:27:73:bc:72:c3:
         34:6e:5a:45:0e:0c:d8:d3:2c:05:ad:04:b0:ce:ac:cb:86:e2:
         e4:99:70:ef:50:c4:68:29:1c:44:55:1a:ae:cc:96:c4:33:ff:
         40:07:af:5c:2d:67:8c:0c:56:91:66:3b:0c:9b:7d:9f:38:1d:
         0f:ec:69:5e:29:e7:c3:65:83:f2:a1:80:8a:7e:db:32:0e:48:
         5c:b4:22:6e:61:5a:27:4e:82:4b:97:6c:63:79:41:52:ca:02:
         59:2b:09:33:18:d3:8f:9a:4f:27:99:0c:61:03:44:cc:80:d6:
         ad:41:c9:2a:13:d7:8d:df:1d:8e:2e:e9:f2:05:32:63:68:dc:
         f9:da:e2:73:e1:76:49:d9:e1:e3:b3:c2:6d:93:2f:db:d2:43:
         ef:7d:53:fc:eb:4a:df:81:a0:ca:ca:6e:f3:80:85:49:a9:e5:
         52:53:84:34:2a:a3:a2:c1:fb:83:16:6f:b3:d9:1b:cb:77:8d:
         88:e8:9b:44:0e:5d:83:6d:4a:dd:99:b3:ca:96:76:21:ef:79:
         05:10:75:dd
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUaGqj/vzYd1yRxhY8OqaTrJjeyQ0wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTY0M1oX
DTI3MDMwMzA2MjE0M1owMzExMC8GA1UEAxMoMjk0ODBGOUQzNjYyMjE2QTAxNUUz
M0RFNzBERkVFRDc3N0FCOENGMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJEuzdwdbgxGNetDMuhaAzbM4RsxOodja0ZR9CydbZRtcUcbwgF1ffUUpv28
K8JRVup9lGNmYtiCB1KZJ3WSy4kO6A6BEg3IlsHjzkPZhV9ClntCsEpDNnBclPX0
XzajqdwvTq1TgGN+0dGW7SRQx4A4g/XcpZRD70VRnu3jhqsjQZSci+b+4vn80gqx
8/GxbzLNAudbS9lk5WnQwc9SeYFkk8lSzfNby78FEneaHtn0C3jgnkO1LIX7650n
54jLKRtsyhNktA28869PYPR0H0EYX6nEzl5bpdEL5s4mjvszURoDPLxeRZihoHep
m87i6BxwIuSqk3+S7+5BKOadkDkCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQpSA+d
NmIhagFeM95w3+7Xd6uM8TAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDUxOC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
p0wwDQYJKoZIhvcNAQELBQADggEBAKXv5a4jfBZvWoPlRCnVMKys2t6jXmz+0dow
ePVogdvb+VunehForavUOOpHn2r8o6gnc7xywzRuWkUODNjTLAWtBLDOrMuG4uSZ
cO9QxGgpHERVGq7MlsQz/0AHr1wtZ4wMVpFmOwybfZ84HQ/saV4p58Nlg/KhgIp+
2zIOSFy0Im5hWidOgkuXbGN5QVLKAlkrCTMY04+aTyeZDGEDRMyA1q1BySoT143f
HY4u6fIFMmNo3Pna4nPhdknZ4eOzwm2TL9vSQ+99U/zrSt+BoMrKbvOAhUmp5VJT
hDQqo6LB+4MWb7PZG8t3jYjom0QOXYNtSt2Zs8qWdiHveQUQdd0=
-----END CERTIFICATE-----