Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144524.roa
File:                     AS144524.roa (raw, json)
Hash identifier:          sApJUMEgVrZtfygHxMZGZ6QiaFEklVBtkmBKK5vy4oI=
Subject key identifier:   BB:E6:23:2B:24:29:66:41:AD:F1:D4:85:9C:AA:04:F7:49:DA:F8:5F
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       28AF5B2CA588EA92179B226CF67C5549796520D7
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144524.roa
Signing time:             Wed 04 Mar 2026 06:19:20 +0000
ROA not before:           Wed 04 Mar 2026 06:14:20 +0000
ROA not after:            Wed 03 Mar 2027 06:19:20 +0000
asID:                     144524
IP address blocks:        240a:a752::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:af:5b:2c:a5:88:ea:92:17:9b:22:6c:f6:7c:55:49:79:65:20:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:14:20 2026 GMT
            Not After : Mar  3 06:19:20 2027 GMT
        Subject: CN=BBE6232B24296641ADF1D4859CAA04F749DAF85F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:83:ed:4b:2d:a4:66:5e:4a:ed:7d:68:b5:99:
                    db:b2:a0:39:b0:db:83:27:b1:62:30:0f:47:92:31:
                    d4:aa:6f:a4:ec:cd:ac:c3:79:c6:26:62:b1:6b:b8:
                    23:d0:09:44:87:a4:6e:e8:b1:d1:d9:33:90:50:7d:
                    39:a7:a2:2a:16:06:76:47:26:ee:3f:34:70:53:71:
                    37:d8:62:36:29:8b:0b:68:77:a0:89:8f:7a:f4:f0:
                    f3:da:d7:dd:a1:f8:13:2c:70:48:3c:63:48:11:de:
                    49:dd:e1:55:b6:7e:2b:c2:72:52:19:f1:87:59:3b:
                    87:f1:cc:49:96:20:fb:12:8d:ea:57:e7:5d:ea:4a:
                    91:e2:b2:6e:8e:a0:34:8f:e5:88:8c:e7:31:43:fd:
                    0b:6b:df:fa:62:6d:c0:47:1c:0c:f3:2d:4b:ca:05:
                    f9:4f:a9:da:45:9f:44:22:1f:14:dc:ac:53:0c:77:
                    ea:a8:56:b2:81:0c:d0:56:43:ee:f4:13:34:e9:8d:
                    1a:c9:c0:b5:02:48:f6:9d:69:58:8c:8d:42:85:0c:
                    8e:76:09:7a:3f:cc:d9:69:86:99:f7:2e:ed:28:29:
                    92:3e:4f:8a:ab:98:b4:14:a6:ca:2c:62:76:a4:e7:
                    f7:e3:1f:a4:aa:09:5f:e8:bb:70:6c:02:03:40:f5:
                    cc:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:E6:23:2B:24:29:66:41:AD:F1:D4:85:9C:AA:04:F7:49:DA:F8:5F
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144524.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a752::/32

    Signature Algorithm: sha256WithRSAEncryption
         54:9d:a2:6e:a2:69:a1:63:67:ed:38:16:35:25:3b:67:31:83:
         97:3a:52:ea:e2:6b:4a:a9:f4:3c:de:db:7d:eb:74:2e:ed:b9:
         76:1d:14:d3:da:fe:e0:0a:c9:1d:86:17:0a:9b:1a:70:7f:89:
         b3:87:63:4a:c9:e0:e0:e2:b2:e0:e4:90:dc:6e:89:4d:78:9e:
         0d:9b:03:64:f2:83:c5:5f:99:10:ab:7d:08:f1:2e:ba:33:25:
         db:95:f5:9a:86:c2:53:69:19:79:98:3c:bc:8e:1d:ad:b4:16:
         24:25:55:f4:d1:9d:ba:10:a0:32:ce:02:63:c2:62:64:25:0e:
         c9:8e:b9:80:2f:c7:86:cc:51:3e:8d:ff:eb:14:19:49:a3:2e:
         93:bb:ed:e0:bd:61:a7:34:ed:60:88:e6:fe:f5:f1:c7:5a:78:
         d0:fa:19:d2:d0:b5:46:d6:8e:83:33:96:ef:21:36:1b:53:ce:
         ca:35:21:00:ac:68:f2:54:cb:4d:db:14:28:b0:fc:fc:26:d0:
         5e:a4:c1:25:60:e1:30:23:42:93:68:9e:7e:2c:cb:3e:f4:a5:
         b7:10:7a:1a:57:28:59:20:f6:b2:42:87:f4:ca:3d:94:8e:37:
         7c:3e:eb:2f:e8:54:0a:90:ec:03:e6:74:b4:f0:5a:0e:ff:2f:
         9f:11:d8:20
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUKK9bLKWI6pIXmyJs9nxVSXllINcwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTQyMFoX
DTI3MDMwMzA2MTkyMFowMzExMC8GA1UEAxMoQkJFNjIzMkIyNDI5NjY0MUFERjFE
NDg1OUNBQTA0Rjc0OURBRjg1RjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMyD7UstpGZeSu19aLWZ27KgObDbgyexYjAPR5Ix1KpvpOzNrMN5xiZisWu4
I9AJRIekbuix0dkzkFB9OaeiKhYGdkcm7j80cFNxN9hiNimLC2h3oImPevTw89rX
3aH4EyxwSDxjSBHeSd3hVbZ+K8JyUhnxh1k7h/HMSZYg+xKN6lfnXepKkeKybo6g
NI/liIznMUP9C2vf+mJtwEccDPMtS8oF+U+p2kWfRCIfFNysUwx36qhWsoEM0FZD
7vQTNOmNGsnAtQJI9p1pWIyNQoUMjnYJej/M2WmGmfcu7Sgpkj5PiquYtBSmyixi
dqTn9+MfpKoJX+i7cGwCA0D1zJ8CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBS75iMr
JClmQa3x1IWcqgT3Sdr4XzAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDUyNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
p1IwDQYJKoZIhvcNAQELBQADggEBAFSdom6iaaFjZ+04FjUlO2cxg5c6Uuria0qp
9Dze233rdC7tuXYdFNPa/uAKyR2GFwqbGnB/ibOHY0rJ4ODisuDkkNxuiU14ng2b
A2Tyg8VfmRCrfQjxLrozJduV9ZqGwlNpGXmYPLyOHa20FiQlVfTRnboQoDLOAmPC
YmQlDsmOuYAvx4bMUT6N/+sUGUmjLpO77eC9Yac07WCI5v718cdaeND6GdLQtUbW
joMzlu8hNhtTzso1IQCsaPJUy03bFCiw/Pwm0F6kwSVg4TAjQpNonn4syz70pbcQ
ehpXKFkg9rJCh/TKPZSON3w+6y/oVAqQ7APmdLTwWg7/L58R2CA=
-----END CERTIFICATE-----