Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144595.roa
File:                     AS144595.roa (raw, json)
Hash identifier:          X6sbgntT9qzD2a7hqxRXhamfBLZVZkPqfjrlF30S1RI=
Subject key identifier:   C3:93:5D:CF:95:59:E6:0E:4F:8E:63:52:7A:3B:10:5B:6F:D5:45:D2
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       42B0B0EDF17CB80E8738C4E62F9706D23759792C
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144595.roa
Signing time:             Wed 04 Mar 2026 06:19:21 +0000
ROA not before:           Wed 04 Mar 2026 06:14:21 +0000
ROA not after:            Wed 03 Mar 2027 06:19:21 +0000
asID:                     144595
IP address blocks:        240a:a799::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            42:b0:b0:ed:f1:7c:b8:0e:87:38:c4:e6:2f:97:06:d2:37:59:79:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:14:21 2026 GMT
            Not After : Mar  3 06:19:21 2027 GMT
        Subject: CN=C3935DCF9559E60E4F8E63527A3B105B6FD545D2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:52:61:24:dc:62:77:50:24:53:19:cc:c4:e2:
                    30:42:7f:e6:e5:5d:3a:54:31:69:13:d8:e5:a9:a8:
                    0d:ef:2d:55:22:7c:9b:e4:76:61:b1:1d:1d:85:03:
                    82:ca:9a:0c:b1:63:0c:72:e0:79:9f:67:d0:cd:29:
                    0b:27:9f:4c:9e:f4:f9:c3:04:be:77:12:6f:db:7f:
                    6a:9d:8c:b4:4b:1a:8e:4c:f4:db:7f:66:f2:30:6b:
                    51:a0:92:80:c3:c4:cc:cd:18:b8:9b:bd:63:f0:e4:
                    88:99:6f:ba:48:62:7e:aa:87:fb:3c:d6:35:87:4d:
                    12:9f:0d:ea:91:f4:01:62:cd:8b:ae:60:75:d1:ac:
                    6a:48:1f:91:5f:a0:eb:25:6e:28:46:bc:5b:e9:dd:
                    aa:98:2b:35:30:e6:fc:a3:01:78:ae:aa:e8:61:8d:
                    a3:45:e5:e5:e0:c9:b6:f4:24:0f:f2:ef:43:ad:e9:
                    19:09:82:07:8e:26:49:dd:30:73:30:f1:f0:83:95:
                    7a:03:f8:a2:12:ec:cb:56:97:77:63:c7:fe:b0:05:
                    61:f0:2c:65:5a:54:2f:7a:0a:ce:a9:b1:60:17:87:
                    38:31:72:f2:8d:4c:2a:44:a3:e3:34:86:73:6f:f6:
                    9c:40:3e:cf:7b:65:db:60:9f:eb:c6:35:cc:2d:ad:
                    61:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:93:5D:CF:95:59:E6:0E:4F:8E:63:52:7A:3B:10:5B:6F:D5:45:D2
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144595.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a799::/32

    Signature Algorithm: sha256WithRSAEncryption
         6a:54:97:d6:dd:d8:cb:dd:4e:33:29:60:75:aa:65:aa:e8:39:
         32:66:5d:45:a3:cd:7c:21:b9:ba:77:e0:05:ac:ab:50:c0:55:
         25:67:b3:ef:b1:8e:3c:0b:89:51:e5:20:3b:2d:94:86:ab:33:
         ec:59:50:74:9c:52:8b:48:9b:10:9d:04:23:99:87:9f:8f:a0:
         7b:ea:fc:46:ad:7e:c2:d6:e8:94:a2:97:ae:7b:a8:e1:2e:31:
         12:b0:9a:4d:a9:39:f9:6d:44:47:7a:2b:82:93:f8:01:60:e6:
         8b:7b:4d:ee:af:0e:70:d6:41:1b:89:3f:99:ed:60:5e:e3:f7:
         22:a8:7e:84:22:fe:d6:ab:b0:97:3b:17:81:a5:24:b4:d5:10:
         bd:0c:87:42:38:be:00:de:de:93:58:7d:60:74:c7:df:be:4b:
         12:4d:0e:c1:a3:7a:d3:a8:6b:2a:2c:ec:ec:e6:e2:28:c9:32:
         e3:fa:e6:d3:b0:64:8e:6d:75:ec:1d:02:37:c7:e5:f8:54:74:
         f9:2d:c6:ca:d2:a5:99:79:a4:99:89:26:69:39:e7:f4:80:c5:
         46:68:d9:e8:d9:a6:14:32:bc:17:de:85:e5:e8:57:5f:10:c2:
         8d:4a:4b:23:e5:a7:31:1b:9f:4f:82:f2:ad:71:c4:61:33:ed:
         47:fd:50:2d
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUQrCw7fF8uA6HOMTmL5cG0jdZeSwwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTQyMVoX
DTI3MDMwMzA2MTkyMVowMzExMC8GA1UEAxMoQzM5MzVEQ0Y5NTU5RTYwRTRGOEU2
MzUyN0EzQjEwNUI2RkQ1NDVEMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMpSYSTcYndQJFMZzMTiMEJ/5uVdOlQxaRPY5amoDe8tVSJ8m+R2YbEdHYUD
gsqaDLFjDHLgeZ9n0M0pCyefTJ70+cMEvncSb9t/ap2MtEsajkz0239m8jBrUaCS
gMPEzM0YuJu9Y/DkiJlvukhifqqH+zzWNYdNEp8N6pH0AWLNi65gddGsakgfkV+g
6yVuKEa8W+ndqpgrNTDm/KMBeK6q6GGNo0Xl5eDJtvQkD/LvQ63pGQmCB44mSd0w
czDx8IOVegP4ohLsy1aXd2PH/rAFYfAsZVpUL3oKzqmxYBeHODFy8o1MKkSj4zSG
c2/2nEA+z3tl22Cf68Y1zC2tYS0CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBTDk13P
lVnmDk+OY1J6OxBbb9VF0jAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDU5NS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
p5kwDQYJKoZIhvcNAQELBQADggEBAGpUl9bd2MvdTjMpYHWqZaroOTJmXUWjzXwh
ubp34AWsq1DAVSVns++xjjwLiVHlIDstlIarM+xZUHScUotImxCdBCOZh5+PoHvq
/EatfsLW6JSil657qOEuMRKwmk2pOfltREd6K4KT+AFg5ot7Te6vDnDWQRuJP5nt
YF7j9yKofoQi/tarsJc7F4GlJLTVEL0Mh0I4vgDe3pNYfWB0x9++SxJNDsGjetOo
ayos7Ozm4ijJMuP65tOwZI5tdewdAjfH5fhUdPktxsrSpZl5pJmJJmk55/SAxUZo
2ejZphQyvBfeheXoV18Qwo1KSyPlpzEbn0+C8q1xxGEz7Uf9UC0=
-----END CERTIFICATE-----