Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144562.roa
File:                     AS144562.roa (raw, json)
Hash identifier:          lQNij+LhXmYV9+T7VagRDhQ0/3bD51eXU/KlUO6FOn0=
Subject key identifier:   FC:F1:1C:82:7F:A6:29:ED:12:9D:48:79:59:06:22:27:F3:5E:C6:BC
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       0F615DD0EEE24F8CCFF9BC9AC436238EDF8D2F6F
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144562.roa
Signing time:             Wed 04 Mar 2026 06:19:31 +0000
ROA not before:           Wed 04 Mar 2026 06:14:31 +0000
ROA not after:            Wed 03 Mar 2027 06:19:31 +0000
asID:                     144562
IP address blocks:        240a:a778::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:61:5d:d0:ee:e2:4f:8c:cf:f9:bc:9a:c4:36:23:8e:df:8d:2f:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:14:31 2026 GMT
            Not After : Mar  3 06:19:31 2027 GMT
        Subject: CN=FCF11C827FA629ED129D487959062227F35EC6BC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:26:21:e4:81:20:bf:3f:45:2e:19:4a:cf:cd:
                    5c:a4:6c:26:8f:1c:9c:d7:26:28:f9:74:a2:7c:5d:
                    0e:47:c8:81:1a:c1:a7:9d:41:50:59:8b:e0:d9:29:
                    29:d4:27:11:4e:59:f6:91:78:12:2c:a0:07:ac:72:
                    5e:45:a1:cb:35:a8:bf:00:9f:34:67:7e:60:fb:69:
                    82:cf:9e:9f:42:84:04:10:6f:b6:85:45:dc:7b:7c:
                    d4:31:aa:26:cb:e9:8e:a3:e1:80:47:03:a2:21:fc:
                    54:8b:81:3a:63:28:a1:e9:f5:cb:23:e0:7a:77:61:
                    e0:45:ee:77:b4:56:44:fc:04:9d:a4:ca:a0:23:aa:
                    d8:b8:ab:da:37:55:b0:c3:1d:1a:9f:35:40:d8:7e:
                    19:dc:bd:ca:1a:7f:45:e2:b8:23:08:98:2d:42:34:
                    8c:d4:38:c4:dc:9c:4c:4f:b8:0a:58:1c:69:ab:98:
                    92:77:ab:49:3e:21:b9:57:de:8c:e6:7c:a8:6a:b2:
                    9f:ef:81:cf:ac:8b:f2:d4:06:72:fa:4e:17:29:c2:
                    84:c8:bf:05:b3:69:51:69:5a:57:6c:9d:8e:b3:c2:
                    ae:2e:cd:24:90:76:af:e5:32:8f:cf:ce:1a:5f:a5:
                    bb:a2:ac:80:80:34:81:ff:88:9d:81:1b:39:d4:9e:
                    e1:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:F1:1C:82:7F:A6:29:ED:12:9D:48:79:59:06:22:27:F3:5E:C6:BC
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144562.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a778::/32

    Signature Algorithm: sha256WithRSAEncryption
         0c:5b:f1:99:a3:ae:c1:17:68:07:9e:ba:22:36:4f:81:d1:34:
         8c:bc:16:c6:f0:c4:9d:c1:af:53:91:08:be:4e:4d:53:77:e2:
         eb:99:96:2b:5e:b5:34:d7:e2:25:e0:15:d8:de:2a:59:8c:2e:
         38:d1:e0:74:f6:94:51:a3:b8:e9:05:0b:3c:69:b0:df:41:0d:
         2f:22:e3:14:42:f7:f2:f4:ab:dc:b5:82:e5:45:11:7e:e8:10:
         91:a5:2b:fa:b8:d8:8b:15:70:bc:fa:ca:df:c1:10:de:41:8b:
         f0:1e:93:1a:88:4e:1d:e8:8d:9a:62:5f:d5:92:02:5c:2f:ae:
         f8:e4:3a:18:e4:d8:bb:27:2a:de:52:fe:78:ea:82:da:b0:20:
         e1:82:77:8b:7f:a0:f2:7f:8c:b9:24:b4:74:d8:72:30:86:11:
         60:35:0f:57:14:cd:3f:07:1e:d2:34:ae:ac:80:a7:c7:bd:10:
         43:76:99:6f:12:42:cb:4d:d0:c7:1e:ff:04:d4:b2:6f:60:40:
         d3:1d:7e:58:ed:47:73:bd:43:a7:3d:ee:0a:13:e3:97:6f:c3:
         16:b7:64:54:d1:89:1d:0a:72:0e:c7:ba:75:4f:8d:73:2f:1a:
         f9:3c:20:d2:54:2a:4f:1a:09:cc:44:ba:3e:f1:fc:84:3d:67:
         90:26:45:b3
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUD2Fd0O7iT4zP+byaxDYjjt+NL28wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTQzMVoX
DTI3MDMwMzA2MTkzMVowMzExMC8GA1UEAxMoRkNGMTFDODI3RkE2MjlFRDEyOUQ0
ODc5NTkwNjIyMjdGMzVFQzZCQzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANgmIeSBIL8/RS4ZSs/NXKRsJo8cnNcmKPl0onxdDkfIgRrBp51BUFmL4Nkp
KdQnEU5Z9pF4EiygB6xyXkWhyzWovwCfNGd+YPtpgs+en0KEBBBvtoVF3Ht81DGq
JsvpjqPhgEcDoiH8VIuBOmMooen1yyPgendh4EXud7RWRPwEnaTKoCOq2Lir2jdV
sMMdGp81QNh+Gdy9yhp/ReK4IwiYLUI0jNQ4xNycTE+4ClgcaauYknerST4huVfe
jOZ8qGqyn++Bz6yL8tQGcvpOFynChMi/BbNpUWlaV2ydjrPCri7NJJB2r+Uyj8/O
Gl+lu6KsgIA0gf+InYEbOdSe4RECAwEAAaOCAcUwggHBMB0GA1UdDgQWBBT88RyC
f6Yp7RKdSHlZBiIn817GvDAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDU2Mi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
p3gwDQYJKoZIhvcNAQELBQADggEBAAxb8ZmjrsEXaAeeuiI2T4HRNIy8FsbwxJ3B
r1ORCL5OTVN34uuZlitetTTX4iXgFdjeKlmMLjjR4HT2lFGjuOkFCzxpsN9BDS8i
4xRC9/L0q9y1guVFEX7oEJGlK/q42IsVcLz6yt/BEN5Bi/AekxqITh3ojZpiX9WS
AlwvrvjkOhjk2LsnKt5S/njqgtqwIOGCd4t/oPJ/jLkktHTYcjCGEWA1D1cUzT8H
HtI0rqyAp8e9EEN2mW8SQstN0Mce/wTUsm9gQNMdfljtR3O9Q6c97goT45dvwxa3
ZFTRiR0Kcg7HunVPjXMvGvk8INJUKk8aCcxEuj7x/IQ9Z5AmRbM=
-----END CERTIFICATE-----