Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144608.roa
File:                     AS144608.roa (raw, json)
Hash identifier:          6IB7andpE+c+5ljOzmQ5EVAxEOepgwWOz7iYnejSnVU=
Subject key identifier:   8E:1D:CF:D8:78:00:BE:07:B1:B5:86:8A:23:26:9D:F7:29:A5:77:FE
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       481170B7A30303564D01B4302BB1EE34F0790475
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144608.roa
Signing time:             Wed 04 Mar 2026 06:21:13 +0000
ROA not before:           Wed 04 Mar 2026 06:16:13 +0000
ROA not after:            Wed 03 Mar 2027 06:21:13 +0000
asID:                     144608
IP address blocks:        240a:a7a6::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            48:11:70:b7:a3:03:03:56:4d:01:b4:30:2b:b1:ee:34:f0:79:04:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:16:13 2026 GMT
            Not After : Mar  3 06:21:13 2027 GMT
        Subject: CN=8E1DCFD87800BE07B1B5868A23269DF729A577FE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:74:dc:ac:c8:57:66:e4:c5:8d:87:7a:36:f6:
                    82:d9:e6:c3:24:4b:35:cb:a5:aa:b0:42:d7:45:df:
                    bf:45:53:7d:8c:17:06:57:d6:2b:32:d0:86:ea:2c:
                    26:36:49:c9:dd:83:c3:63:72:20:03:c3:1e:c1:28:
                    40:4a:98:1f:c8:8c:26:cd:d6:75:39:6c:dd:03:da:
                    ec:28:52:87:12:06:8d:83:2a:fa:48:33:cf:26:0a:
                    61:e0:84:12:39:82:c4:1b:f9:b9:a1:5a:f3:0d:1d:
                    f9:4a:89:57:fa:d2:d1:a1:36:b4:ae:3c:a0:96:6b:
                    32:a9:90:e3:b5:37:a5:4a:22:0e:a7:58:66:59:76:
                    08:c6:59:5a:8a:77:cf:2b:03:77:5e:e2:a3:2c:d5:
                    74:dd:57:fd:b1:9b:23:7d:ff:b0:64:88:b6:d7:ae:
                    ee:39:e9:c4:8b:47:45:b3:75:f5:f5:b8:ae:a8:20:
                    02:f4:26:8c:fd:db:20:de:15:f1:73:be:08:90:a4:
                    5c:43:1e:66:5a:20:5c:3c:4b:3a:bd:92:2c:96:e8:
                    b8:57:81:83:a1:9f:c1:ee:55:59:1a:fd:82:86:a8:
                    ff:52:f4:1a:11:2b:e1:ae:c0:7c:5e:ce:7e:67:73:
                    7b:77:89:8a:94:ba:60:0c:32:44:31:a5:ed:13:86:
                    80:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:1D:CF:D8:78:00:BE:07:B1:B5:86:8A:23:26:9D:F7:29:A5:77:FE
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144608.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a7a6::/32

    Signature Algorithm: sha256WithRSAEncryption
         d4:88:70:d1:3f:61:de:4f:79:75:a2:0d:9f:87:36:3f:80:9f:
         18:99:fb:6c:de:3f:51:83:c7:22:1d:1d:18:dd:f0:f8:8e:3a:
         9d:69:8f:e0:57:fb:88:8d:ca:3e:9d:a9:ea:94:fa:d3:13:da:
         e3:cf:13:7e:de:7f:c6:c8:00:fe:89:94:ea:0f:78:86:eb:32:
         b6:09:f9:41:25:f5:78:33:76:50:e9:16:a3:09:01:86:5c:f4:
         a9:3c:5e:b9:28:41:9c:d0:b3:c6:11:9b:d2:04:20:8a:6a:d2:
         3e:42:53:69:03:34:11:e7:74:c3:b8:32:b5:7d:6d:6c:ab:f4:
         c7:ea:6f:6d:86:02:f1:9b:7b:6b:2b:2b:c2:76:dd:93:b4:27:
         6e:5d:be:46:93:b3:a2:2f:53:98:73:68:25:31:ac:ac:b8:35:
         dc:8a:cf:f7:a4:7e:ec:e2:e0:98:57:5e:af:87:11:44:5f:38:
         e2:32:2f:73:51:88:4a:9e:92:90:f3:99:26:e5:aa:c4:95:b9:
         c6:a4:d3:94:fe:9a:b5:48:41:5d:2b:0d:79:13:98:f7:1f:83:
         38:84:0f:c5:a3:63:42:89:4e:28:d3:5e:ee:d6:a8:eb:09:d9:
         cc:a6:ef:ea:ed:20:3b:5f:d7:c2:16:6c:84:d7:59:fd:f6:f2:
         37:90:33:ae
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUSBFwt6MDA1ZNAbQwK7HuNPB5BHUwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTYxM1oX
DTI3MDMwMzA2MjExM1owMzExMC8GA1UEAxMoOEUxRENGRDg3ODAwQkUwN0IxQjU4
NjhBMjMyNjlERjcyOUE1NzdGRTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAId03KzIV2bkxY2Hejb2gtnmwyRLNculqrBC10Xfv0VTfYwXBlfWKzLQhuos
JjZJyd2Dw2NyIAPDHsEoQEqYH8iMJs3WdTls3QPa7ChShxIGjYMq+kgzzyYKYeCE
EjmCxBv5uaFa8w0d+UqJV/rS0aE2tK48oJZrMqmQ47U3pUoiDqdYZll2CMZZWop3
zysDd17ioyzVdN1X/bGbI33/sGSItteu7jnpxItHRbN19fW4rqggAvQmjP3bIN4V
8XO+CJCkXEMeZlogXDxLOr2SLJbouFeBg6Gfwe5VWRr9goao/1L0GhEr4a7AfF7O
fmdze3eJipS6YAwyRDGl7ROGgPUCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBSOHc/Y
eAC+B7G1hoojJp33KaV3/jAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDYwOC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
p6YwDQYJKoZIhvcNAQELBQADggEBANSIcNE/Yd5PeXWiDZ+HNj+AnxiZ+2zeP1GD
xyIdHRjd8PiOOp1pj+BX+4iNyj6dqeqU+tMT2uPPE37ef8bIAP6JlOoPeIbrMrYJ
+UEl9XgzdlDpFqMJAYZc9Kk8XrkoQZzQs8YRm9IEIIpq0j5CU2kDNBHndMO4MrV9
bWyr9Mfqb22GAvGbe2srK8J23ZO0J25dvkaTs6IvU5hzaCUxrKy4NdyKz/ekfuzi
4JhXXq+HEURfOOIyL3NRiEqekpDzmSblqsSVucak05T+mrVIQV0rDXkTmPcfgziE
D8WjY0KJTijTXu7WqOsJ2cym7+rtIDtf18IWbITXWf328jeQM64=
-----END CERTIFICATE-----