Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144566.roa
File:                     AS144566.roa (raw, json)
Hash identifier:          kBLxXFxt4Jc2zSFD2HT8uE/mcYVu+wWmuSI7VU/jzoM=
Subject key identifier:   0B:E1:B3:70:B7:55:2B:EB:44:71:7D:B2:27:33:22:D4:F6:08:75:78
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       21E01F7E08734125FAE107716CAD6F5F8FB2CDB6
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144566.roa
Signing time:             Wed 04 Mar 2026 06:22:24 +0000
ROA not before:           Wed 04 Mar 2026 06:17:24 +0000
ROA not after:            Wed 03 Mar 2027 06:22:24 +0000
asID:                     144566
IP address blocks:        240a:a77c::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:e0:1f:7e:08:73:41:25:fa:e1:07:71:6c:ad:6f:5f:8f:b2:cd:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:17:24 2026 GMT
            Not After : Mar  3 06:22:24 2027 GMT
        Subject: CN=0BE1B370B7552BEB44717DB2273322D4F6087578
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:85:a6:70:4d:27:fb:5b:10:d9:b6:07:20:4f:
                    55:2d:44:68:9e:63:88:3d:e9:64:6b:50:30:52:40:
                    9b:0d:72:fc:2a:a8:09:ee:b4:ec:b2:90:5b:21:e5:
                    40:57:3e:45:06:32:a9:55:da:2b:67:c5:8c:f3:94:
                    13:cb:8f:22:b9:81:27:32:d4:9a:3d:0a:18:3d:b1:
                    05:34:7b:99:0c:73:18:fb:5a:c7:19:67:82:b4:8a:
                    14:68:97:47:0d:a2:60:e7:c3:a6:9d:82:cc:26:aa:
                    a7:79:86:78:aa:3e:21:69:9e:0d:3c:65:f0:e4:d6:
                    f8:bf:e0:77:3c:95:9b:c2:82:5b:0e:57:88:33:7b:
                    d9:0e:dc:cf:3e:bb:7c:4d:98:5c:72:86:d6:7f:99:
                    6b:20:80:65:d2:33:4b:a4:7c:f9:09:b5:e6:a6:ac:
                    66:06:1d:b5:a6:ec:36:33:c7:77:e4:8b:eb:82:45:
                    14:22:57:b4:26:72:19:ef:16:27:56:74:b1:b9:31:
                    e2:f6:a5:e0:50:23:19:e7:63:2a:de:14:d8:db:ad:
                    ec:2d:6f:2b:8d:1a:8a:2a:dd:38:34:80:13:97:e1:
                    71:b8:aa:bc:3e:68:2f:13:52:a4:ca:91:a7:56:d4:
                    0f:11:fa:c3:10:a4:0e:72:4c:65:30:35:28:c3:f9:
                    9e:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:E1:B3:70:B7:55:2B:EB:44:71:7D:B2:27:33:22:D4:F6:08:75:78
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144566.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a77c::/32

    Signature Algorithm: sha256WithRSAEncryption
         55:05:ca:21:dd:eb:3f:99:66:25:b5:b1:5c:c4:4a:57:68:2f:
         ec:4f:8c:aa:4c:40:44:1a:37:91:0a:87:d3:98:30:db:b9:86:
         5c:85:39:b0:62:71:0f:42:60:42:55:63:ba:2a:d7:a7:42:78:
         a2:c3:5a:19:57:6f:24:87:e3:4e:1b:b7:e0:a3:c6:f5:76:e2:
         23:7c:68:a8:07:35:0a:fe:21:08:b0:5c:97:e1:1e:eb:ce:f4:
         88:45:fd:c6:af:40:25:01:61:3b:a3:1f:63:ed:73:0a:e2:82:
         9e:95:6c:9d:42:14:d3:b5:04:20:a4:0e:6c:d9:21:d4:96:a0:
         24:b6:bc:34:4a:97:83:63:a4:a9:1d:0e:0c:c0:4d:30:82:b7:
         50:05:ef:1e:50:77:50:53:33:0c:6e:8c:d1:99:09:30:bd:34:
         d5:8e:1a:5c:26:24:c6:e1:3d:e0:e3:7c:ce:e9:33:58:dd:76:
         e3:bf:89:0a:15:6a:1c:e9:f1:68:b9:7f:1b:cf:67:f6:92:d8:
         1d:bd:a1:59:64:a4:a5:a6:6e:2b:3b:08:d4:1c:6f:55:c2:bc:
         76:c7:2a:58:d3:ef:3a:ee:8b:da:6c:aa:6a:fa:a3:e7:d8:b4:
         ab:94:bd:76:c8:68:2b:51:ba:7c:e6:96:5d:2b:16:7a:7f:c7:
         8b:39:a0:9e
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUIeAffghzQSX64QdxbK1vX4+yzbYwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTcyNFoX
DTI3MDMwMzA2MjIyNFowMzExMC8GA1UEAxMoMEJFMUIzNzBCNzU1MkJFQjQ0NzE3
REIyMjczMzIyRDRGNjA4NzU3ODCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKWFpnBNJ/tbENm2ByBPVS1EaJ5jiD3pZGtQMFJAmw1y/CqoCe607LKQWyHl
QFc+RQYyqVXaK2fFjPOUE8uPIrmBJzLUmj0KGD2xBTR7mQxzGPtaxxlngrSKFGiX
Rw2iYOfDpp2CzCaqp3mGeKo+IWmeDTxl8OTW+L/gdzyVm8KCWw5XiDN72Q7czz67
fE2YXHKG1n+ZayCAZdIzS6R8+Qm15qasZgYdtabsNjPHd+SL64JFFCJXtCZyGe8W
J1Z0sbkx4val4FAjGedjKt4U2Nut7C1vK40aiirdODSAE5fhcbiqvD5oLxNSpMqR
p1bUDxH6wxCkDnJMZTA1KMP5nl0CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQL4bNw
t1Ur60RxfbInMyLU9gh1eDAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDU2Ni5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
p3wwDQYJKoZIhvcNAQELBQADggEBAFUFyiHd6z+ZZiW1sVzESldoL+xPjKpMQEQa
N5EKh9OYMNu5hlyFObBicQ9CYEJVY7oq16dCeKLDWhlXbySH404bt+CjxvV24iN8
aKgHNQr+IQiwXJfhHuvO9IhF/cavQCUBYTujH2Ptcwrigp6VbJ1CFNO1BCCkDmzZ
IdSWoCS2vDRKl4NjpKkdDgzATTCCt1AF7x5Qd1BTMwxujNGZCTC9NNWOGlwmJMbh
PeDjfM7pM1jdduO/iQoVahzp8Wi5fxvPZ/aS2B29oVlkpKWmbis7CNQcb1XCvHbH
KljT7zrui9psqmr6o+fYtKuUvXbIaCtRunzmll0rFnp/x4s5oJ4=
-----END CERTIFICATE-----