Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144626.roa
File:                     AS144626.roa (raw, json)
Hash identifier:          hWm9hmVsV7T+C8Brtg8SFYu+XpgnrczmrPWDQT/O6Ww=
Subject key identifier:   2B:66:57:97:39:02:5B:F4:B1:D6:D1:DD:DC:D2:F4:7F:83:C8:15:CB
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       171BF68D2182B361965D7B91AEC064ECEE432702
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144626.roa
Signing time:             Wed 04 Mar 2026 06:19:24 +0000
ROA not before:           Wed 04 Mar 2026 06:14:24 +0000
ROA not after:            Wed 03 Mar 2027 06:19:24 +0000
asID:                     144626
IP address blocks:        240a:a7b8::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:1b:f6:8d:21:82:b3:61:96:5d:7b:91:ae:c0:64:ec:ee:43:27:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:14:24 2026 GMT
            Not After : Mar  3 06:19:24 2027 GMT
        Subject: CN=2B66579739025BF4B1D6D1DDDCD2F47F83C815CB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:21:32:bc:15:6f:b8:e2:90:4e:94:dd:97:54:
                    7a:97:bc:94:8f:2d:bc:10:82:41:11:45:2f:73:fc:
                    79:be:bf:f6:f7:a7:ad:45:03:42:9d:cf:57:bf:bd:
                    88:56:29:b1:24:da:42:56:1a:27:5e:98:98:9b:77:
                    c3:4d:69:2a:66:37:f5:7b:97:4e:2a:03:dc:0a:9f:
                    d2:a6:ec:53:b1:44:f2:7b:e1:ef:f4:54:38:09:51:
                    47:0c:78:5a:53:21:1d:c6:ce:94:b3:35:5b:86:25:
                    3d:de:e3:e3:56:40:6d:37:b7:43:ba:92:7f:6f:63:
                    7a:de:a3:a0:ba:ec:4e:4c:1b:a2:76:59:66:26:d6:
                    8d:02:b8:e8:0f:5b:90:e0:40:18:0e:29:44:7c:b5:
                    eb:3e:81:64:08:f6:16:f8:c1:b8:fe:7f:f9:be:1c:
                    d2:4a:22:eb:c3:e7:53:fe:f9:c8:ff:45:91:84:d4:
                    97:93:63:13:1b:9a:06:97:72:51:92:05:30:70:c4:
                    bd:5c:c7:57:3e:d4:84:50:0b:64:92:93:d8:86:33:
                    d4:a2:a2:a4:0c:9f:c2:67:c1:a2:39:81:47:ca:11:
                    03:b5:07:18:2a:eb:35:57:be:f9:21:3d:3f:d5:21:
                    20:06:e5:77:04:c1:db:16:9b:e7:a2:7a:85:04:8a:
                    2b:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:66:57:97:39:02:5B:F4:B1:D6:D1:DD:DC:D2:F4:7F:83:C8:15:CB
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144626.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a7b8::/32

    Signature Algorithm: sha256WithRSAEncryption
         2a:55:13:7e:63:77:4c:7e:a5:67:f8:23:ee:87:25:ed:97:c2:
         00:3f:a7:31:cf:33:14:fe:9c:3a:7f:c9:4b:eb:1c:1e:02:d1:
         30:34:5c:07:ff:e4:69:ad:05:af:22:28:0e:9b:43:0d:6a:0e:
         0e:5d:ab:34:0e:fa:7e:0b:5f:69:ed:4e:e7:9c:9e:64:35:c0:
         f0:0d:48:d5:43:37:69:2f:e8:fb:ef:b2:23:fa:6f:72:86:85:
         8c:49:49:78:a7:be:34:a2:c7:f3:f9:a6:c8:65:9f:a9:8f:d0:
         f4:23:4d:75:cd:e3:12:47:2c:53:01:f7:5a:c3:ed:58:9d:10:
         76:03:34:47:13:a8:96:e0:8f:18:c2:da:ac:5a:11:35:e7:be:
         16:7f:4c:b8:b7:90:33:55:fb:d3:5d:33:0d:8e:0b:d3:92:ce:
         0f:75:35:78:ed:e4:fd:ed:85:4f:84:7b:2f:77:b9:78:90:e5:
         d0:55:f9:47:a0:a5:ac:39:88:32:96:e8:9f:41:ab:c9:1a:d5:
         a9:cb:12:03:d0:2d:c4:dd:b1:c7:1d:53:4b:d3:64:ee:55:23:
         6f:17:8d:a6:24:b8:11:aa:d4:21:5c:af:eb:16:b8:68:1d:97:
         7e:6a:14:b4:f7:a3:1c:e7:04:6b:a3:1d:56:44:41:97:8f:6d:
         ad:05:bd:4f
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUFxv2jSGCs2GWXXuRrsBk7O5DJwIwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTQyNFoX
DTI3MDMwMzA2MTkyNFowMzExMC8GA1UEAxMoMkI2NjU3OTczOTAyNUJGNEIxRDZE
MURERENEMkY0N0Y4M0M4MTVDQjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAM8hMrwVb7jikE6U3ZdUepe8lI8tvBCCQRFFL3P8eb6/9venrUUDQp3PV7+9
iFYpsSTaQlYaJ16YmJt3w01pKmY39XuXTioD3Aqf0qbsU7FE8nvh7/RUOAlRRwx4
WlMhHcbOlLM1W4YlPd7j41ZAbTe3Q7qSf29jet6joLrsTkwbonZZZibWjQK46A9b
kOBAGA4pRHy16z6BZAj2FvjBuP5/+b4c0koi68PnU/75yP9FkYTUl5NjExuaBpdy
UZIFMHDEvVzHVz7UhFALZJKT2IYz1KKipAyfwmfBojmBR8oRA7UHGCrrNVe++SE9
P9UhIAbldwTB2xab56J6hQSKK2MCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQrZleX
OQJb9LHW0d3c0vR/g8gVyzAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDYyNi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
p7gwDQYJKoZIhvcNAQELBQADggEBACpVE35jd0x+pWf4I+6HJe2XwgA/pzHPMxT+
nDp/yUvrHB4C0TA0XAf/5GmtBa8iKA6bQw1qDg5dqzQO+n4LX2ntTuecnmQ1wPAN
SNVDN2kv6PvvsiP6b3KGhYxJSXinvjSix/P5pshln6mP0PQjTXXN4xJHLFMB91rD
7VidEHYDNEcTqJbgjxjC2qxaETXnvhZ/TLi3kDNV+9NdMw2OC9OSzg91NXjt5P3t
hU+Eey93uXiQ5dBV+Uegpaw5iDKW6J9Bq8ka1anLEgPQLcTdsccdU0vTZO5VI28X
jaYkuBGq1CFcr+sWuGgdl35qFLT3oxznBGujHVZEQZePba0FvU8=
-----END CERTIFICATE-----