Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144589.roa
File:                     AS144589.roa (raw, json)
Hash identifier:          nEBiLK4o3SszKmyFQV1n98EmvmO7/w+Z2svsdaWRu7A=
Subject key identifier:   C6:3F:A1:59:12:BC:14:C8:36:CD:C6:A4:A6:40:59:6C:B0:3C:88:96
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       2567AC476C8AE2DADC68CB35E68BB08E6230CE40
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144589.roa
Signing time:             Wed 04 Mar 2026 06:21:11 +0000
ROA not before:           Wed 04 Mar 2026 06:16:11 +0000
ROA not after:            Wed 03 Mar 2027 06:21:11 +0000
asID:                     144589
IP address blocks:        240a:a793::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:67:ac:47:6c:8a:e2:da:dc:68:cb:35:e6:8b:b0:8e:62:30:ce:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:16:11 2026 GMT
            Not After : Mar  3 06:21:11 2027 GMT
        Subject: CN=C63FA15912BC14C836CDC6A4A640596CB03C8896
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:7c:e4:30:f6:f6:eb:56:ab:52:1a:89:80:3f:
                    c0:5d:3b:98:74:c7:0c:6a:f0:d4:a7:ec:b2:c2:8d:
                    ac:6d:da:7e:77:45:36:1f:a1:57:66:cb:4e:f9:ab:
                    74:4b:fa:21:9a:92:d9:af:2b:1d:de:77:f4:52:9c:
                    78:96:4b:43:3b:0c:e6:d0:f7:e3:40:fe:82:ce:33:
                    be:99:2f:6b:c3:6f:0e:f9:ef:90:14:f8:30:32:f3:
                    dc:12:92:70:4a:91:3e:96:7d:27:df:f4:d8:92:d5:
                    28:90:88:cc:d5:40:12:d3:28:91:06:47:c7:e9:4b:
                    ff:af:f3:0d:8d:b3:f9:b1:d5:eb:89:b1:52:04:28:
                    66:9f:9a:94:b7:89:60:7e:6b:55:f0:e7:66:48:87:
                    86:2a:07:05:4d:44:22:d1:cb:b4:2e:b4:2b:f4:be:
                    0a:a9:ed:4c:5d:3b:72:c8:ec:42:95:16:b2:ab:fa:
                    8a:ca:93:d0:99:e2:0f:05:e9:1b:b0:eb:d5:1a:3a:
                    2b:f4:65:4a:84:73:7b:d4:9a:55:78:3a:1c:3d:f3:
                    b1:9d:3b:54:99:7b:87:5f:8a:e9:39:0d:87:c9:63:
                    d7:b9:f5:f0:35:7f:7d:cf:e9:5f:91:3c:8b:a3:4e:
                    41:e0:27:ee:12:50:ae:0f:58:88:c7:52:42:ef:2a:
                    2f:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:3F:A1:59:12:BC:14:C8:36:CD:C6:A4:A6:40:59:6C:B0:3C:88:96
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144589.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a793::/32

    Signature Algorithm: sha256WithRSAEncryption
         69:5e:c9:6c:e1:48:87:5b:60:20:df:b8:11:5c:77:7c:40:d1:
         2d:11:2a:c0:6b:94:3e:22:29:91:ca:30:5b:e3:3c:20:be:78:
         32:cc:de:09:1c:50:1e:a2:a8:26:03:39:5c:6d:ef:d9:0e:a5:
         69:6e:e1:03:d5:36:23:5a:98:3b:15:12:ae:90:2c:c9:b1:95:
         da:09:30:ac:b6:89:69:b0:af:c9:33:ee:92:fe:7b:4c:d0:aa:
         a4:2d:bf:37:bd:88:17:80:f2:59:3b:17:3d:e7:ff:31:a4:83:
         ed:32:5a:12:f7:a8:fc:a0:ac:33:d2:0a:15:c4:a2:73:77:bf:
         38:f6:96:61:df:1a:81:6c:f4:a1:42:9f:68:78:f2:c5:be:1f:
         2a:40:a7:0b:37:80:0d:ab:de:a3:6e:da:e1:3d:40:2d:d6:35:
         33:9b:46:5f:d6:bd:f8:29:84:aa:c9:0d:da:7e:ec:3e:12:6d:
         31:77:33:af:49:e1:b8:bd:63:23:68:67:92:03:a2:cb:a0:1b:
         d7:66:8c:50:8c:e8:07:53:90:3a:7e:fb:a6:65:8a:a0:22:63:
         1e:8e:a8:1e:2d:c2:8d:4b:52:33:6e:31:7c:84:2c:da:44:95:
         5f:f5:3a:5b:90:c5:98:fe:f1:16:7b:79:5a:0c:88:4e:9e:6a:
         27:37:70:2e
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUJWesR2yK4trcaMs15ouwjmIwzkAwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTYxMVoX
DTI3MDMwMzA2MjExMVowMzExMC8GA1UEAxMoQzYzRkExNTkxMkJDMTRDODM2Q0RD
NkE0QTY0MDU5NkNCMDNDODg5NjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAIp85DD29utWq1IaiYA/wF07mHTHDGrw1KfsssKNrG3afndFNh+hV2bLTvmr
dEv6IZqS2a8rHd539FKceJZLQzsM5tD340D+gs4zvpkva8NvDvnvkBT4MDLz3BKS
cEqRPpZ9J9/02JLVKJCIzNVAEtMokQZHx+lL/6/zDY2z+bHV64mxUgQoZp+alLeJ
YH5rVfDnZkiHhioHBU1EItHLtC60K/S+CqntTF07csjsQpUWsqv6isqT0JniDwXp
G7Dr1Ro6K/RlSoRze9SaVXg6HD3zsZ07VJl7h1+K6TkNh8lj17n18DV/fc/pX5E8
i6NOQeAn7hJQrg9YiMdSQu8qLwkCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBTGP6FZ
ErwUyDbNxqSmQFlssDyIljAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDU4OS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
p5MwDQYJKoZIhvcNAQELBQADggEBAGleyWzhSIdbYCDfuBFcd3xA0S0RKsBrlD4i
KZHKMFvjPCC+eDLM3gkcUB6iqCYDOVxt79kOpWlu4QPVNiNamDsVEq6QLMmxldoJ
MKy2iWmwr8kz7pL+e0zQqqQtvze9iBeA8lk7Fz3n/zGkg+0yWhL3qPygrDPSChXE
onN3vzj2lmHfGoFs9KFCn2h48sW+HypApws3gA2r3qNu2uE9QC3WNTObRl/Wvfgp
hKrJDdp+7D4SbTF3M69J4bi9YyNoZ5IDosugG9dmjFCM6AdTkDp++6ZliqAiYx6O
qB4two1LUjNuMXyELNpElV/1OluQxZj+8RZ7eVoMiE6eaic3cC4=
-----END CERTIFICATE-----