Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144561.roa
File:                     AS144561.roa (raw, json)
Hash identifier:          jHE2VVbUG3IWeYztZIXNGsdkb01QB4jyX8hox0qfc88=
Subject key identifier:   09:3B:94:B7:0C:64:3B:C0:38:79:9F:53:C2:BA:37:FC:6E:53:31:3E
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       5721A35AF35A22927DDA129FE9EB960AFC8ACCBB
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144561.roa
Signing time:             Wed 04 Mar 2026 06:21:09 +0000
ROA not before:           Wed 04 Mar 2026 06:16:09 +0000
ROA not after:            Wed 03 Mar 2027 06:21:09 +0000
asID:                     144561
IP address blocks:        240a:a777::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            57:21:a3:5a:f3:5a:22:92:7d:da:12:9f:e9:eb:96:0a:fc:8a:cc:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:16:09 2026 GMT
            Not After : Mar  3 06:21:09 2027 GMT
        Subject: CN=093B94B70C643BC038799F53C2BA37FC6E53313E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:9a:22:35:30:d2:7d:60:23:e9:ef:86:68:90:
                    04:ef:24:08:be:47:17:19:09:ea:c8:90:5b:8e:d8:
                    ab:8a:37:4a:ee:b1:1a:a3:ab:9c:78:ff:f1:d0:d2:
                    fb:9b:76:b2:86:7a:c3:37:94:8b:dd:42:00:6f:f5:
                    c9:66:ec:28:29:4c:a4:6c:80:76:9d:66:ed:25:a4:
                    74:35:7f:a3:25:33:cc:2c:81:36:d7:d1:2a:69:f7:
                    c7:a7:b2:f4:84:43:5d:ed:43:f4:66:64:0f:59:5e:
                    95:f9:5b:66:26:f4:f3:4c:83:4e:d0:36:3e:13:a9:
                    49:fa:45:53:2c:d8:a2:3c:f2:d2:30:3b:e9:33:ea:
                    b4:72:78:6b:31:78:35:c6:32:18:ce:6c:cd:66:30:
                    d0:e0:aa:76:2b:0e:d1:09:c6:aa:f7:6b:5f:62:0d:
                    1e:86:2b:9f:ce:70:0a:4c:08:fc:13:26:00:bb:79:
                    e0:cb:38:c2:e7:c0:55:a9:19:8f:ba:d5:8d:f4:ac:
                    c7:09:35:9a:a0:4a:53:f8:92:c9:dd:a8:8b:a2:c6:
                    39:0f:a1:47:22:66:7c:40:9e:bf:7c:3a:94:2d:de:
                    b8:e4:00:d1:f3:a7:3d:27:f3:28:a1:da:50:ae:66:
                    d4:38:91:64:39:56:55:78:20:9c:d5:33:3f:f3:55:
                    03:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:3B:94:B7:0C:64:3B:C0:38:79:9F:53:C2:BA:37:FC:6E:53:31:3E
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144561.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a777::/32

    Signature Algorithm: sha256WithRSAEncryption
         4c:b7:78:0b:33:ee:7d:47:e1:c1:da:e3:6c:6e:41:c3:fc:16:
         c9:3f:8f:77:dd:dc:55:23:f6:ef:2f:58:83:8a:c8:bf:3a:72:
         ca:4d:97:bb:4f:01:5e:16:8b:c6:4d:0d:37:2d:4d:f5:86:a9:
         95:79:a1:56:57:8c:e7:fd:38:bd:9c:66:42:c5:05:d4:9f:00:
         2f:96:51:f7:f9:28:ab:b1:6e:51:3c:97:cc:b9:aa:de:f6:f5:
         c4:33:84:65:ce:51:7a:c1:54:6a:15:38:99:86:0f:6d:6a:20:
         b9:f2:18:26:3b:27:b1:6d:e3:78:bc:53:0d:df:47:e3:1d:52:
         04:b6:5a:13:fa:4d:14:ec:ba:a4:8b:97:ae:29:7b:c0:49:39:
         d7:7e:1c:cd:60:88:e7:ba:53:0b:23:7c:aa:f4:d0:b1:e2:b6:
         bc:60:32:f5:7a:83:1c:31:76:db:32:ed:b3:89:9f:62:b1:51:
         ed:f6:b1:8f:ef:40:93:5d:0a:c0:f5:37:9a:82:56:e3:98:4c:
         72:d3:ba:a8:7d:e2:cf:bd:3b:d5:97:bb:25:25:5d:4d:75:8d:
         2e:cb:6d:ff:97:81:32:dd:88:3f:6f:12:03:0d:aa:18:5b:76:
         06:83:59:6e:e8:36:c7:f7:03:62:f1:03:a1:1a:72:72:b7:5c:
         48:fc:cc:cf
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUVyGjWvNaIpJ92hKf6euWCvyKzLswDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTYwOVoX
DTI3MDMwMzA2MjEwOVowMzExMC8GA1UEAxMoMDkzQjk0QjcwQzY0M0JDMDM4Nzk5
RjUzQzJCQTM3RkM2RTUzMzEzRTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOqaIjUw0n1gI+nvhmiQBO8kCL5HFxkJ6siQW47Yq4o3Su6xGqOrnHj/8dDS
+5t2soZ6wzeUi91CAG/1yWbsKClMpGyAdp1m7SWkdDV/oyUzzCyBNtfRKmn3x6ey
9IRDXe1D9GZkD1lelflbZib080yDTtA2PhOpSfpFUyzYojzy0jA76TPqtHJ4azF4
NcYyGM5szWYw0OCqdisO0QnGqvdrX2INHoYrn85wCkwI/BMmALt54Ms4wufAVakZ
j7rVjfSsxwk1mqBKU/iSyd2oi6LGOQ+hRyJmfECev3w6lC3euOQA0fOnPSfzKKHa
UK5m1DiRZDlWVXggnNUzP/NVA1MCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQJO5S3
DGQ7wDh5n1PCujf8blMxPjAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDU2MS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
p3cwDQYJKoZIhvcNAQELBQADggEBAEy3eAsz7n1H4cHa42xuQcP8Fsk/j3fd3FUj
9u8vWIOKyL86cspNl7tPAV4Wi8ZNDTctTfWGqZV5oVZXjOf9OL2cZkLFBdSfAC+W
Uff5KKuxblE8l8y5qt729cQzhGXOUXrBVGoVOJmGD21qILnyGCY7J7Ft43i8Uw3f
R+MdUgS2WhP6TRTsuqSLl64pe8BJOdd+HM1giOe6UwsjfKr00LHitrxgMvV6gxwx
dtsy7bOJn2KxUe32sY/vQJNdCsD1N5qCVuOYTHLTuqh94s+9O9WXuyUlXU11jS7L
bf+XgTLdiD9vEgMNqhhbdgaDWW7oNsf3A2LxA6EacnK3XEj8zM8=
-----END CERTIFICATE-----