Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144628.roa
File:                     AS144628.roa (raw, json)
Hash identifier:          2ppB8ILej3O6yYkvZaACCqEgbAC8iypSqIEZZWgxH1g=
Subject key identifier:   AA:3C:34:65:FE:13:91:43:E9:F2:8E:48:C0:B8:86:E2:04:5D:F9:E1
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       43BC76B14FDFE6E63FFD61E0EA9415396EF10FD8
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144628.roa
Signing time:             Wed 04 Mar 2026 06:20:41 +0000
ROA not before:           Wed 04 Mar 2026 06:15:41 +0000
ROA not after:            Wed 03 Mar 2027 06:20:41 +0000
asID:                     144628
IP address blocks:        240a:a7ba::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:bc:76:b1:4f:df:e6:e6:3f:fd:61:e0:ea:94:15:39:6e:f1:0f:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:15:41 2026 GMT
            Not After : Mar  3 06:20:41 2027 GMT
        Subject: CN=AA3C3465FE139143E9F28E48C0B886E2045DF9E1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:8c:28:61:20:2c:dc:41:b7:c8:0b:45:cc:80:
                    c4:9e:1b:29:87:42:08:d9:d6:0e:5a:98:c6:d3:10:
                    64:d1:fb:b0:ef:17:07:de:84:28:1a:45:1c:15:6c:
                    38:88:fb:3a:d7:82:df:98:79:71:9a:32:86:af:a6:
                    99:78:ca:dd:34:15:54:61:97:65:87:8b:94:ed:41:
                    61:7f:18:10:75:3b:79:36:c5:eb:1c:76:ce:08:41:
                    0d:1a:59:53:c8:08:69:90:75:aa:4a:ef:e7:26:e6:
                    2a:fe:59:bf:b2:7d:58:3a:25:31:f0:9e:97:74:d5:
                    bb:98:1a:b0:b5:46:e9:cc:c5:11:0a:0a:49:7c:24:
                    62:76:6a:4d:db:cc:3c:3f:14:6e:58:9b:e5:9b:43:
                    e7:eb:76:f7:11:27:12:e4:5f:94:b6:46:17:58:85:
                    ec:57:5a:b9:dd:e6:43:64:18:c6:18:aa:1b:d8:e9:
                    43:5b:c6:8e:6b:a8:0c:98:0e:bc:d2:21:1d:47:8e:
                    e6:4f:66:85:cd:e1:2f:02:a8:95:9c:0c:03:13:fa:
                    da:2f:42:e8:c5:20:92:e0:6b:e5:d0:36:c4:33:c9:
                    dc:d7:ed:99:aa:2c:5a:6a:c1:02:50:40:0d:d9:10:
                    6f:fc:65:be:1d:f5:9b:9b:cf:6e:3d:97:db:75:66:
                    b5:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:3C:34:65:FE:13:91:43:E9:F2:8E:48:C0:B8:86:E2:04:5D:F9:E1
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144628.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a7ba::/32

    Signature Algorithm: sha256WithRSAEncryption
         3b:68:bd:ca:cd:29:be:37:1a:de:dc:ee:38:7d:64:fc:fb:fc:
         28:70:63:a2:3d:af:52:dc:e5:a3:99:f6:5b:18:08:0d:a3:c4:
         1b:14:64:49:16:50:e0:b1:c8:f9:19:cf:1a:08:51:71:28:45:
         f0:6e:28:00:a1:b0:8e:b7:09:cb:83:4a:8f:07:9b:10:90:de:
         c1:6b:23:08:36:88:15:98:4a:f6:de:70:16:13:ac:f0:f6:d6:
         fa:d9:81:10:31:fd:44:07:05:6e:76:38:84:69:9e:ee:4c:3a:
         80:c0:5d:37:2b:c4:08:ff:3b:90:6d:2f:6f:68:b8:ca:50:68:
         33:3d:23:70:9a:84:cf:b3:c8:b6:22:7a:59:79:ab:9c:71:fe:
         c5:71:64:43:79:e5:88:a3:dc:11:30:fd:99:0a:b9:6e:03:83:
         e3:b2:c0:73:77:53:44:dd:de:29:b8:43:d1:42:a2:ce:39:c0:
         4b:34:e2:81:bf:8f:9f:f0:aa:59:6d:74:f7:7f:e4:72:96:c8:
         d1:8a:28:0a:47:e3:43:b4:92:54:5c:b2:3d:51:4b:a8:f0:2d:
         70:fc:2a:44:92:08:1f:8f:d4:36:a0:9b:e5:02:b9:52:80:bb:
         40:ab:4c:82:9c:d5:39:57:f8:60:c1:be:20:95:b2:d2:1a:2e:
         ad:8e:b3:09
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUQ7x2sU/f5uY//WHg6pQVOW7xD9gwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTU0MVoX
DTI3MDMwMzA2MjA0MVowMzExMC8GA1UEAxMoQUEzQzM0NjVGRTEzOTE0M0U5RjI4
RTQ4QzBCODg2RTIwNDVERjlFMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALqMKGEgLNxBt8gLRcyAxJ4bKYdCCNnWDlqYxtMQZNH7sO8XB96EKBpFHBVs
OIj7OteC35h5cZoyhq+mmXjK3TQVVGGXZYeLlO1BYX8YEHU7eTbF6xx2zghBDRpZ
U8gIaZB1qkrv5ybmKv5Zv7J9WDolMfCel3TVu5gasLVG6czFEQoKSXwkYnZqTdvM
PD8Ublib5ZtD5+t29xEnEuRflLZGF1iF7Fdaud3mQ2QYxhiqG9jpQ1vGjmuoDJgO
vNIhHUeO5k9mhc3hLwKolZwMAxP62i9C6MUgkuBr5dA2xDPJ3NftmaosWmrBAlBA
DdkQb/xlvh31m5vPbj2X23VmtYECAwEAAaOCAcUwggHBMB0GA1UdDgQWBBSqPDRl
/hORQ+nyjkjAuIbiBF354TAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDYyOC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
p7owDQYJKoZIhvcNAQELBQADggEBADtovcrNKb43Gt7c7jh9ZPz7/ChwY6I9r1Lc
5aOZ9lsYCA2jxBsUZEkWUOCxyPkZzxoIUXEoRfBuKAChsI63CcuDSo8HmxCQ3sFr
Iwg2iBWYSvbecBYTrPD21vrZgRAx/UQHBW52OIRpnu5MOoDAXTcrxAj/O5BtL29o
uMpQaDM9I3CahM+zyLYiell5q5xx/sVxZEN55Yij3BEw/ZkKuW4Dg+OywHN3U0Td
3im4Q9FCos45wEs04oG/j5/wqlltdPd/5HKWyNGKKApH40O0klRcsj1RS6jwLXD8
KkSSCB+P1Dagm+UCuVKAu0CrTIKc1TlX+GDBviCVstIaLq2Oswk=
-----END CERTIFICATE-----