Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144613.roa
File:                     AS144613.roa (raw, json)
Hash identifier:          N6RBRmNAJqluuPFgngaewOKKLIXx9dkmvdxNCVEdD2w=
Subject key identifier:   E1:9A:8E:86:7B:A5:0E:F9:DB:E8:92:86:7F:D3:A1:9D:76:30:26:40
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       029A88D2344D91CB3D35550C95A514FC9125F544
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144613.roa
Signing time:             Wed 04 Mar 2026 06:22:15 +0000
ROA not before:           Wed 04 Mar 2026 06:17:15 +0000
ROA not after:            Wed 03 Mar 2027 06:22:15 +0000
asID:                     144613
IP address blocks:        240a:a7ab::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:9a:88:d2:34:4d:91:cb:3d:35:55:0c:95:a5:14:fc:91:25:f5:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:17:15 2026 GMT
            Not After : Mar  3 06:22:15 2027 GMT
        Subject: CN=E19A8E867BA50EF9DBE892867FD3A19D76302640
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:62:ba:3f:bb:20:87:c7:8c:d1:72:a6:c4:33:
                    d2:f1:5b:ad:42:6b:9c:7a:66:52:e0:b1:8b:3f:b1:
                    dc:66:80:ec:ac:07:fd:55:cb:6f:46:f4:42:c1:f9:
                    ff:7f:22:42:01:60:70:87:fc:7a:e2:29:f7:5d:1b:
                    bd:2a:0b:dd:d8:c7:5b:bc:12:14:77:6e:19:08:c2:
                    8a:f5:25:ba:77:da:09:94:1c:72:00:ad:3f:55:c3:
                    95:ca:52:8d:dc:18:2c:99:d1:31:d1:00:15:da:76:
                    50:90:f0:40:8e:b7:ec:31:b5:2f:50:b2:a7:5e:61:
                    9f:58:90:3f:5a:ca:ec:00:68:aa:1f:f9:43:ef:e7:
                    28:19:32:76:54:17:85:3e:e3:4e:28:f9:c1:74:d7:
                    86:a9:9e:e7:6f:71:e9:87:7f:19:a5:f9:0e:b2:e2:
                    8c:6a:7c:db:54:29:9b:8e:af:90:f9:67:b8:28:fb:
                    8e:2f:86:7c:04:ac:fb:44:c8:c6:16:5c:a0:1c:9b:
                    c4:05:44:d2:0a:b6:35:04:ba:7f:2d:ed:e9:97:ce:
                    23:9f:8f:15:0a:da:63:18:98:82:0c:52:f1:0f:91:
                    b3:1d:ea:b8:fe:23:8d:59:df:e3:97:44:23:ef:18:
                    e9:ae:05:b4:27:22:96:18:22:3b:86:8a:6b:9c:cc:
                    2d:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:9A:8E:86:7B:A5:0E:F9:DB:E8:92:86:7F:D3:A1:9D:76:30:26:40
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144613.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a7ab::/32

    Signature Algorithm: sha256WithRSAEncryption
         39:4f:11:23:b3:be:e6:b0:93:a0:d9:ed:0f:c8:f2:ed:8a:30:
         30:35:bb:78:44:90:e0:7b:84:8a:a2:0d:d6:b7:42:27:4f:7c:
         11:1d:f4:1e:c7:e8:93:e2:8e:46:98:8b:56:83:cc:2c:ed:b2:
         ce:92:0a:63:30:76:e2:e9:75:e1:89:7d:c0:c5:16:49:40:cd:
         ab:72:ba:6e:22:d7:c7:c1:c8:9f:6f:e3:2d:7b:05:9b:87:4b:
         b2:bf:1d:28:e3:1a:9f:de:66:98:07:76:14:ee:17:4b:94:78:
         fa:b9:00:7e:d5:f8:29:ed:a1:84:55:1e:a1:be:a2:2f:52:3b:
         6e:e6:7b:c9:a8:ba:51:d1:c1:eb:4f:0e:c9:4a:26:fd:51:54:
         5b:6a:7f:83:39:03:c9:49:c3:cf:18:cc:ab:05:8c:65:96:40:
         f2:4f:62:7a:f0:4c:5a:48:f7:1b:2d:67:63:2b:b9:bd:30:43:
         0a:cf:47:77:77:94:d3:a5:fa:f5:25:90:5c:70:ea:d7:2f:15:
         00:c2:63:44:56:ef:95:07:86:4d:db:ac:05:4f:47:f1:4b:fe:
         7a:3c:e8:f8:9c:bd:88:84:c5:19:13:06:ac:14:20:40:da:0a:
         10:67:b8:bc:16:a1:1c:38:b1:d2:2f:e4:6c:9e:74:7e:60:0d:
         97:62:a2:b8
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUApqI0jRNkcs9NVUMlaUU/JEl9UQwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTcxNVoX
DTI3MDMwMzA2MjIxNVowMzExMC8GA1UEAxMoRTE5QThFODY3QkE1MEVGOURCRTg5
Mjg2N0ZEM0ExOUQ3NjMwMjY0MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALZiuj+7IIfHjNFypsQz0vFbrUJrnHpmUuCxiz+x3GaA7KwH/VXLb0b0QsH5
/38iQgFgcIf8euIp910bvSoL3djHW7wSFHduGQjCivUlunfaCZQccgCtP1XDlcpS
jdwYLJnRMdEAFdp2UJDwQI637DG1L1Cyp15hn1iQP1rK7ABoqh/5Q+/nKBkydlQX
hT7jTij5wXTXhqme529x6Yd/GaX5DrLijGp821Qpm46vkPlnuCj7ji+GfASs+0TI
xhZcoBybxAVE0gq2NQS6fy3t6ZfOI5+PFQraYxiYggxS8Q+Rsx3quP4jjVnf45dE
I+8Y6a4FtCcilhgiO4aKa5zMLb8CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBThmo6G
e6UO+dvokoZ/06GddjAmQDAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDYxMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
p6swDQYJKoZIhvcNAQELBQADggEBADlPESOzvuawk6DZ7Q/I8u2KMDA1u3hEkOB7
hIqiDda3QidPfBEd9B7H6JPijkaYi1aDzCztss6SCmMwduLpdeGJfcDFFklAzaty
um4i18fByJ9v4y17BZuHS7K/HSjjGp/eZpgHdhTuF0uUePq5AH7V+CntoYRVHqG+
oi9SO27me8moulHRwetPDslKJv1RVFtqf4M5A8lJw88YzKsFjGWWQPJPYnrwTFpI
9xstZ2Mrub0wQwrPR3d3lNOl+vUlkFxw6tcvFQDCY0RW75UHhk3brAVPR/FL/no8
6PicvYiExRkTBqwUIEDaChBnuLwWoRw4sdIv5GyedH5gDZdiorg=
-----END CERTIFICATE-----