Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144548.roa
File:                     AS144548.roa (raw, json)
Hash identifier:          iNAVtkKaDgz/YMvxh2lsL65E1UwZMYxbDh9Jpdhk9jg=
Subject key identifier:   9C:51:A8:A4:B6:89:7D:D5:AA:13:CF:DC:33:3C:4D:D2:B0:69:53:05
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       2C454A5ED4F283AACC2048BB0F9FAF3A7DF87AA3
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144548.roa
Signing time:             Wed 04 Mar 2026 06:19:38 +0000
ROA not before:           Wed 04 Mar 2026 06:14:38 +0000
ROA not after:            Wed 03 Mar 2027 06:19:38 +0000
asID:                     144548
IP address blocks:        240a:a76a::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2c:45:4a:5e:d4:f2:83:aa:cc:20:48:bb:0f:9f:af:3a:7d:f8:7a:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:14:38 2026 GMT
            Not After : Mar  3 06:19:38 2027 GMT
        Subject: CN=9C51A8A4B6897DD5AA13CFDC333C4DD2B0695305
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:0c:66:81:48:57:92:00:3d:9b:9a:df:0b:24:
                    83:e2:d7:38:3a:62:a8:30:4e:63:ab:21:28:0b:9a:
                    bd:db:63:50:8d:d9:4e:6a:6f:27:28:e3:01:18:8d:
                    47:43:8b:f3:bb:14:25:3b:f0:86:f4:65:55:fd:ec:
                    2d:2c:8a:16:b5:4e:5b:7e:00:55:ff:da:6d:8a:5c:
                    77:27:d3:32:40:29:d9:73:86:49:03:99:73:29:a8:
                    e7:23:c6:bd:92:b7:35:07:cb:cc:11:88:d7:9b:1e:
                    4d:a4:ed:40:5a:c4:9b:c6:f8:3a:c1:f4:bf:d9:9f:
                    f5:7b:07:68:09:b4:bf:9b:2b:db:15:bf:9d:53:7f:
                    61:76:9c:2f:2e:e6:d0:20:eb:06:5a:00:b7:de:aa:
                    fd:8f:35:3b:79:ab:23:cd:57:cb:f7:00:a8:57:70:
                    1b:99:2b:02:4c:f6:73:3d:89:1d:4a:f2:d5:34:c0:
                    b7:18:5f:d9:1a:db:af:d9:d0:4e:29:e9:0e:ff:0d:
                    39:44:e5:9e:36:57:58:ba:e5:98:87:36:46:80:62:
                    46:d5:c1:c0:b4:f7:f3:12:4f:f1:f6:1b:ac:96:29:
                    81:52:47:1c:4b:0f:a6:5e:73:ba:18:5a:ea:90:f5:
                    75:62:6d:3d:30:08:6f:21:3b:54:ec:32:5e:e7:a1:
                    d4:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:51:A8:A4:B6:89:7D:D5:AA:13:CF:DC:33:3C:4D:D2:B0:69:53:05
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144548.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a76a::/32

    Signature Algorithm: sha256WithRSAEncryption
         3e:86:4e:74:d0:a0:72:6f:17:43:ab:0f:a1:75:db:4e:6c:52:
         87:eb:db:ba:0b:b3:2c:31:9c:44:30:9e:c6:37:d0:aa:44:bc:
         f0:86:18:57:04:14:10:32:9e:98:60:a8:c4:c3:b3:b8:af:db:
         13:53:fb:f5:71:60:1a:27:29:20:3b:4d:4e:be:65:ac:b2:ab:
         b6:57:5e:33:f8:0c:2f:3c:81:2a:36:e6:72:a5:5f:4d:30:ab:
         83:a1:75:78:e8:cc:e2:e0:f0:a4:77:8e:75:9e:eb:1b:5c:77:
         c1:53:3e:62:bd:e2:e8:de:39:27:03:cb:cb:5f:c3:61:39:67:
         d2:d9:f6:21:ad:7d:50:16:27:48:0e:6a:99:f9:5c:30:85:90:
         0d:bc:54:2f:96:85:8d:e3:75:49:7d:bb:b8:15:4e:9e:fb:d0:
         ff:d3:4d:24:cf:21:15:95:f4:4e:0b:1b:c2:5b:2a:f4:cb:b2:
         20:44:ae:4e:1e:0d:91:0d:50:11:a6:40:de:bd:e8:e9:d4:a5:
         1c:0f:ba:23:c8:c2:51:bb:cd:df:07:cf:04:8f:fc:1e:1e:fc:
         8a:81:72:8e:77:83:ae:74:59:8d:30:50:10:2e:3a:63:90:60:
         32:bb:21:41:09:b9:cb:71:64:75:e2:a6:27:fc:bd:8f:a0:8d:
         06:7c:be:26
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIULEVKXtTyg6rMIEi7D5+vOn34eqMwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTQzOFoX
DTI3MDMwMzA2MTkzOFowMzExMC8GA1UEAxMoOUM1MUE4QTRCNjg5N0RENUFBMTND
RkRDMzMzQzRERDJCMDY5NTMwNTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAM0MZoFIV5IAPZua3wskg+LXODpiqDBOY6shKAuavdtjUI3ZTmpvJyjjARiN
R0OL87sUJTvwhvRlVf3sLSyKFrVOW34AVf/abYpcdyfTMkAp2XOGSQOZcymo5yPG
vZK3NQfLzBGI15seTaTtQFrEm8b4OsH0v9mf9XsHaAm0v5sr2xW/nVN/YXacLy7m
0CDrBloAt96q/Y81O3mrI81Xy/cAqFdwG5krAkz2cz2JHUry1TTAtxhf2Rrbr9nQ
TinpDv8NOUTlnjZXWLrlmIc2RoBiRtXBwLT38xJP8fYbrJYpgVJHHEsPpl5zuhha
6pD1dWJtPTAIbyE7VOwyXueh1DECAwEAAaOCAcUwggHBMB0GA1UdDgQWBBScUaik
tol91aoTz9wzPE3SsGlTBTAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDU0OC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
p2owDQYJKoZIhvcNAQELBQADggEBAD6GTnTQoHJvF0OrD6F1205sUofr27oLsywx
nEQwnsY30KpEvPCGGFcEFBAynphgqMTDs7iv2xNT+/VxYBonKSA7TU6+Zayyq7ZX
XjP4DC88gSo25nKlX00wq4OhdXjozOLg8KR3jnWe6xtcd8FTPmK94ujeOScDy8tf
w2E5Z9LZ9iGtfVAWJ0gOapn5XDCFkA28VC+WhY3jdUl9u7gVTp770P/TTSTPIRWV
9E4LG8JbKvTLsiBErk4eDZENUBGmQN696OnUpRwPuiPIwlG7zd8HzwSP/B4e/IqB
co53g650WY0wUBAuOmOQYDK7IUEJuctxZHXipif8vY+gjQZ8viY=
-----END CERTIFICATE-----