Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144539.roa
File:                     AS144539.roa (raw, json)
Hash identifier:          jwhsIWNLqNzZJ8VRJOmFSb67t2YxEzJlw2MlIVAc5LI=
Subject key identifier:   3A:0E:D2:05:CE:60:83:BB:4E:AD:05:9A:49:53:7A:A8:3B:82:BC:16
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       4DC11A332325B014595C429DA5ED58E441DFBE85
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144539.roa
Signing time:             Wed 04 Mar 2026 06:22:22 +0000
ROA not before:           Wed 04 Mar 2026 06:17:22 +0000
ROA not after:            Wed 03 Mar 2027 06:22:22 +0000
asID:                     144539
IP address blocks:        240a:a761::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:c1:1a:33:23:25:b0:14:59:5c:42:9d:a5:ed:58:e4:41:df:be:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:17:22 2026 GMT
            Not After : Mar  3 06:22:22 2027 GMT
        Subject: CN=3A0ED205CE6083BB4EAD059A49537AA83B82BC16
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:69:96:a9:10:e3:a9:9b:a5:cd:e7:ae:60:69:
                    d3:9a:62:f9:59:cd:9b:20:66:ae:23:ff:29:87:a8:
                    73:d3:82:02:00:16:c1:10:c3:c5:91:33:e5:a6:bc:
                    35:90:eb:99:6d:44:58:b4:2d:ad:30:71:a1:4d:4f:
                    91:76:b7:bf:c2:b0:0a:45:70:75:d8:1a:06:75:a6:
                    df:4e:93:5a:e8:79:a0:11:44:a9:96:68:48:96:7b:
                    09:c5:7e:31:05:53:ee:68:d0:38:ec:f3:9a:c9:08:
                    65:9d:20:45:d1:33:28:d9:c0:9c:a0:d3:2e:55:37:
                    95:8d:10:51:23:59:2d:7b:f9:41:fb:a0:fa:7a:dd:
                    16:c5:92:86:64:a8:e8:f4:6d:ba:77:6e:f3:38:b5:
                    bb:f0:b8:b3:f9:d5:d4:5d:76:29:b4:da:55:a6:bc:
                    e8:ae:9a:c6:c7:e0:02:f7:4b:e2:f5:ac:25:a7:5f:
                    7d:6f:a4:82:9e:a6:80:50:93:0b:c2:0e:f6:9a:3e:
                    65:6a:5a:0f:e2:a9:15:e9:1c:b7:38:37:3e:5c:23:
                    5b:81:9b:06:93:96:b6:ed:c9:38:12:d1:4c:78:8f:
                    5c:72:4c:56:d1:09:37:52:3b:10:e4:f2:ca:76:2c:
                    c1:6e:e3:ac:2a:f3:44:87:6b:fe:ea:4b:93:8b:1a:
                    63:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:0E:D2:05:CE:60:83:BB:4E:AD:05:9A:49:53:7A:A8:3B:82:BC:16
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144539.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a761::/32

    Signature Algorithm: sha256WithRSAEncryption
         77:1e:24:90:2b:61:38:58:90:3d:f4:a5:df:a5:a0:05:64:31:
         46:f7:4e:7e:81:17:39:49:53:14:62:b4:48:4a:5f:e2:f3:ab:
         c2:f4:f5:24:aa:37:6d:90:30:f9:01:f5:0b:06:d1:c1:49:b1:
         c3:ec:83:c6:b4:ab:b5:c8:fa:55:02:44:55:1c:ba:41:01:8e:
         e6:f2:32:60:d4:71:66:65:fd:61:6a:26:30:63:b7:9b:7b:ea:
         87:88:6f:85:60:28:f9:54:5f:c0:ad:37:fc:90:70:e6:2d:de:
         5b:a7:75:9d:a7:64:db:f9:16:1a:8d:79:84:46:4a:05:fb:b7:
         f5:bc:18:64:6d:2a:29:d8:f1:28:25:7d:5c:ac:45:d1:2f:fc:
         cd:b3:69:d0:a4:a1:35:c1:4d:59:05:47:48:bb:39:d4:c1:44:
         20:38:0d:b9:0a:35:06:83:dd:da:87:68:82:25:7a:0d:2b:29:
         ca:3f:af:a6:c8:15:22:c1:7b:35:87:2c:01:97:5d:b2:f6:aa:
         33:c4:80:1d:cf:48:05:55:85:89:27:61:9b:26:a9:2e:d3:0b:
         ec:92:73:bc:a4:b7:df:05:be:d1:82:0f:e7:b0:03:20:da:73:
         b4:9d:57:30:af:9b:89:b1:bd:53:8f:bc:e6:4f:1c:24:a5:b7:
         77:f3:24:18
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUTcEaMyMlsBRZXEKdpe1Y5EHfvoUwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTcyMloX
DTI3MDMwMzA2MjIyMlowMzExMC8GA1UEAxMoM0EwRUQyMDVDRTYwODNCQjRFQUQw
NTlBNDk1MzdBQTgzQjgyQkMxNjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOVplqkQ46mbpc3nrmBp05pi+VnNmyBmriP/KYeoc9OCAgAWwRDDxZEz5aa8
NZDrmW1EWLQtrTBxoU1PkXa3v8KwCkVwddgaBnWm306TWuh5oBFEqZZoSJZ7CcV+
MQVT7mjQOOzzmskIZZ0gRdEzKNnAnKDTLlU3lY0QUSNZLXv5Qfug+nrdFsWShmSo
6PRtundu8zi1u/C4s/nV1F12KbTaVaa86K6axsfgAvdL4vWsJadffW+kgp6mgFCT
C8IO9po+ZWpaD+KpFekctzg3PlwjW4GbBpOWtu3JOBLRTHiPXHJMVtEJN1I7EOTy
ynYswW7jrCrzRIdr/upLk4saY5sCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQ6DtIF
zmCDu06tBZpJU3qoO4K8FjAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDUzOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
p2EwDQYJKoZIhvcNAQELBQADggEBAHceJJArYThYkD30pd+loAVkMUb3Tn6BFzlJ
UxRitEhKX+Lzq8L09SSqN22QMPkB9QsG0cFJscPsg8a0q7XI+lUCRFUcukEBjuby
MmDUcWZl/WFqJjBjt5t76oeIb4VgKPlUX8CtN/yQcOYt3lundZ2nZNv5FhqNeYRG
SgX7t/W8GGRtKinY8SglfVysRdEv/M2zadCkoTXBTVkFR0i7OdTBRCA4DbkKNQaD
3dqHaIIleg0rKco/r6bIFSLBezWHLAGXXbL2qjPEgB3PSAVVhYknYZsmqS7TC+yS
c7ykt98FvtGCD+ewAyDac7SdVzCvm4mxvVOPvOZPHCSlt3fzJBg=
-----END CERTIFICATE-----