Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144602.roa
File:                     AS144602.roa (raw, json)
Hash identifier:          qxIsQqtKbmDV7c6gFg+aEmcQMwGa251WSUbMeZmVCq4=
Subject key identifier:   5A:B2:A6:29:3B:54:CB:33:5C:D8:ED:8A:51:A5:3B:5D:15:E9:E3:57
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       7AD8CA51CE9359C59E2FBF905D69E3B3B7157470
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144602.roa
Signing time:             Wed 04 Mar 2026 06:20:24 +0000
ROA not before:           Wed 04 Mar 2026 06:15:24 +0000
ROA not after:            Wed 03 Mar 2027 06:20:24 +0000
asID:                     144602
IP address blocks:        240a:a7a0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7a:d8:ca:51:ce:93:59:c5:9e:2f:bf:90:5d:69:e3:b3:b7:15:74:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:15:24 2026 GMT
            Not After : Mar  3 06:20:24 2027 GMT
        Subject: CN=5AB2A6293B54CB335CD8ED8A51A53B5D15E9E357
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:1d:8d:eb:4f:f1:d1:db:b1:44:cf:e1:90:d5:
                    a2:fd:da:b6:7d:78:a7:23:42:5a:bb:0b:bc:b5:4d:
                    b3:14:8b:78:bf:af:63:90:1f:87:4d:57:2b:f0:04:
                    d7:13:49:c4:da:c9:46:07:7a:92:60:b8:65:32:a3:
                    06:0c:b7:27:8b:5c:72:14:96:8f:ba:31:4f:30:c0:
                    31:ff:91:59:58:d2:36:b3:62:1a:9a:ae:e5:73:e5:
                    0d:58:b4:6a:a8:d1:1c:c8:f5:74:8b:99:39:60:d7:
                    01:0a:4c:6e:96:53:7b:fa:0f:3c:7a:3d:74:50:a4:
                    16:9e:3c:9c:93:1f:50:af:10:5b:63:5f:bb:2b:2e:
                    73:2c:6e:80:13:04:4f:cf:22:9c:b5:35:d4:a3:74:
                    38:a3:ee:ad:f5:4b:ec:41:f6:48:12:d7:3a:89:d6:
                    68:66:c5:1b:e2:e8:a6:f3:04:cc:9e:df:d6:8e:df:
                    8a:c5:cc:d9:fe:ae:52:c4:86:09:65:6c:b2:7e:4a:
                    d2:58:4f:35:a6:2f:00:3a:90:07:35:2e:c2:21:29:
                    bb:1f:33:a8:f7:8c:4b:7f:3b:c5:cf:6d:4c:c2:1a:
                    38:c2:4b:09:a5:84:a1:10:46:17:01:00:69:93:12:
                    59:60:e6:8e:a7:37:d6:17:a1:11:b7:f0:f9:4e:80:
                    7d:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:B2:A6:29:3B:54:CB:33:5C:D8:ED:8A:51:A5:3B:5D:15:E9:E3:57
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144602.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a7a0::/32

    Signature Algorithm: sha256WithRSAEncryption
         07:06:3a:f3:fb:d3:e8:78:f5:25:21:35:d1:f4:7c:54:7b:f2:
         93:f2:c5:3c:10:c8:1e:2f:66:fe:83:1c:03:1b:67:e7:bd:95:
         7d:92:5b:6e:b1:13:89:96:31:d0:be:00:b7:36:44:c9:c5:5b:
         5c:7c:4f:86:6b:11:de:f5:fe:ac:fa:0a:2e:12:34:f0:e4:0d:
         3b:2f:cc:8b:ea:a9:f6:fa:cf:56:f3:64:b5:70:d1:18:d9:35:
         07:4a:07:7b:1b:a6:4f:5b:8e:bb:d9:b4:1f:16:37:e9:f8:15:
         bb:ad:a7:1b:26:64:ad:1b:02:96:a9:1f:4d:9e:03:49:f9:9d:
         e5:da:60:6b:c8:8d:fb:0e:83:10:51:ad:29:48:68:19:76:65:
         df:5f:55:d9:23:d7:b8:ea:8a:a3:57:2d:b6:94:cc:2a:70:41:
         7b:27:a8:92:f5:52:24:f4:dc:7f:65:aa:da:bc:03:cd:04:68:
         7b:d3:57:26:5f:8b:0b:c9:e6:13:98:63:91:82:52:e9:2e:2b:
         e0:57:2f:00:81:fc:69:9f:b6:49:a2:8c:d1:f2:01:52:26:ed:
         ce:ef:b5:b5:2b:f2:37:e0:72:70:5b:f0:e7:be:89:c8:d1:f5:
         53:9b:37:f0:e4:2d:12:ad:59:76:92:dc:32:b5:1e:9e:6f:50:
         7c:74:a6:1f
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUetjKUc6TWcWeL7+QXWnjs7cVdHAwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTUyNFoX
DTI3MDMwMzA2MjAyNFowMzExMC8GA1UEAxMoNUFCMkE2MjkzQjU0Q0IzMzVDRDhF
RDhBNTFBNTNCNUQxNUU5RTM1NzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOodjetP8dHbsUTP4ZDVov3atn14pyNCWrsLvLVNsxSLeL+vY5Afh01XK/AE
1xNJxNrJRgd6kmC4ZTKjBgy3J4tcchSWj7oxTzDAMf+RWVjSNrNiGpqu5XPlDVi0
aqjRHMj1dIuZOWDXAQpMbpZTe/oPPHo9dFCkFp48nJMfUK8QW2NfuysucyxugBME
T88inLU11KN0OKPurfVL7EH2SBLXOonWaGbFG+LopvMEzJ7f1o7fisXM2f6uUsSG
CWVssn5K0lhPNaYvADqQBzUuwiEpux8zqPeMS387xc9tTMIaOMJLCaWEoRBGFwEA
aZMSWWDmjqc31hehEbfw+U6AfeMCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBRasqYp
O1TLM1zY7YpRpTtdFenjVzAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDYwMi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
p6AwDQYJKoZIhvcNAQELBQADggEBAAcGOvP70+h49SUhNdH0fFR78pPyxTwQyB4v
Zv6DHAMbZ+e9lX2SW26xE4mWMdC+ALc2RMnFW1x8T4ZrEd71/qz6Ci4SNPDkDTsv
zIvqqfb6z1bzZLVw0RjZNQdKB3sbpk9bjrvZtB8WN+n4FbutpxsmZK0bApapH02e
A0n5neXaYGvIjfsOgxBRrSlIaBl2Zd9fVdkj17jqiqNXLbaUzCpwQXsnqJL1UiT0
3H9lqtq8A80EaHvTVyZfiwvJ5hOYY5GCUukuK+BXLwCB/GmftkmijNHyAVIm7c7v
tbUr8jfgcnBb8Oe+icjR9VObN/DkLRKtWXaS3DK1Hp5vUHx0ph8=
-----END CERTIFICATE-----