Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144636.roa
File:                     AS144636.roa (raw, json)
Hash identifier:          L/C0NRY4+tAdkYUhqZD8s1e15xB2RzRPbVpdGKFIub4=
Subject key identifier:   22:6C:74:BD:2E:CD:02:F3:31:FF:78:0F:46:68:FA:C4:BE:BD:A7:86
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       37A248DAAFCE8B4FA6D5985FB62ABF8071228F05
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144636.roa
Signing time:             Wed 04 Mar 2026 06:19:19 +0000
ROA not before:           Wed 04 Mar 2026 06:14:19 +0000
ROA not after:            Wed 03 Mar 2027 06:19:19 +0000
asID:                     144636
IP address blocks:        240a:a7c2::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:a2:48:da:af:ce:8b:4f:a6:d5:98:5f:b6:2a:bf:80:71:22:8f:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:14:19 2026 GMT
            Not After : Mar  3 06:19:19 2027 GMT
        Subject: CN=226C74BD2ECD02F331FF780F4668FAC4BEBDA786
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:97:d4:70:f2:3a:e7:5a:79:37:93:3b:fc:18:
                    bc:96:84:f6:3f:31:87:d1:71:48:f1:93:26:01:41:
                    1d:96:6d:1d:40:2d:e2:2d:98:93:a8:16:45:b0:72:
                    99:f4:60:a9:34:99:8b:51:cb:38:1e:91:88:81:4e:
                    6b:f3:0a:ca:ad:0c:52:f0:70:60:9e:12:07:27:7d:
                    d3:b6:f9:7a:b9:21:58:b2:a8:66:b7:c9:9a:64:35:
                    a3:44:47:15:d4:f2:57:c4:dc:11:08:f7:97:0c:cb:
                    dc:00:72:f2:cc:9c:20:6b:a1:a6:b4:c3:1d:ec:f8:
                    7c:5d:e3:b2:29:9e:7e:ed:d1:56:68:20:98:05:6b:
                    05:7f:3f:e6:5e:ae:37:25:23:ad:be:c0:c8:b6:55:
                    78:49:e6:49:8c:9e:30:71:f8:1b:61:6f:16:de:c7:
                    0a:9f:fe:fd:51:43:8b:9b:7c:25:d1:68:9c:74:1b:
                    86:4b:7d:98:65:23:ca:b0:36:55:69:e9:8d:d9:a7:
                    56:72:aa:20:05:1e:0d:05:a5:89:ba:4e:cb:e1:ad:
                    7a:74:c0:d1:cd:8e:b4:1e:77:0f:90:28:72:05:6b:
                    c4:99:34:00:c8:60:3b:ff:2f:3b:75:cc:cd:eb:ad:
                    1b:ea:da:1a:62:79:7b:22:7e:e4:0f:28:1a:b6:0f:
                    f2:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:6C:74:BD:2E:CD:02:F3:31:FF:78:0F:46:68:FA:C4:BE:BD:A7:86
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144636.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a7c2::/32

    Signature Algorithm: sha256WithRSAEncryption
         51:80:e2:9a:54:47:05:52:e3:8f:2f:de:d5:3f:00:7c:cf:2c:
         73:6f:a9:c8:75:60:2c:13:3a:92:70:61:bd:19:38:cd:7e:b8:
         22:3a:7d:9f:86:d9:ca:50:78:92:d1:c3:c7:d4:a9:de:72:75:
         e0:b8:ac:21:94:6d:48:96:56:5d:f7:60:ed:ee:3a:fe:7d:51:
         b5:ef:a8:0a:41:f5:32:49:f6:ce:d4:19:25:f3:9f:be:ae:26:
         60:5a:45:ef:0b:f6:96:e3:7b:55:e4:63:4a:fa:f0:a2:be:d5:
         ed:2a:4e:eb:9f:22:fa:e1:20:e4:3c:99:54:1d:c7:97:da:29:
         fe:ab:ab:e7:5e:85:4a:d0:c5:70:14:ff:7c:40:6d:a6:d4:db:
         4e:a2:96:67:c1:98:07:4c:92:b2:f6:71:94:e6:91:cc:95:fe:
         a9:e8:9b:c9:d5:b2:0d:92:ea:40:b1:d6:b1:bf:b3:83:01:99:
         cf:45:af:6c:17:52:55:13:21:58:3e:69:4e:dd:54:3f:3e:95:
         df:14:04:8c:9d:88:7e:57:f1:6d:67:83:8b:fc:c5:a8:4c:8a:
         49:06:c2:fd:be:35:7a:fb:85:ed:59:b8:b6:50:ff:96:e6:79:
         66:5d:c7:0d:a1:88:6d:4c:ad:09:df:60:f9:a3:c6:04:85:52:
         a1:9d:72:b2
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUN6JI2q/Oi0+m1Zhftiq/gHEijwUwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTQxOVoX
DTI3MDMwMzA2MTkxOVowMzExMC8GA1UEAxMoMjI2Qzc0QkQyRUNEMDJGMzMxRkY3
ODBGNDY2OEZBQzRCRUJEQTc4NjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJGX1HDyOudaeTeTO/wYvJaE9j8xh9FxSPGTJgFBHZZtHUAt4i2Yk6gWRbBy
mfRgqTSZi1HLOB6RiIFOa/MKyq0MUvBwYJ4SByd907b5erkhWLKoZrfJmmQ1o0RH
FdTyV8TcEQj3lwzL3ABy8sycIGuhprTDHez4fF3jsimefu3RVmggmAVrBX8/5l6u
NyUjrb7AyLZVeEnmSYyeMHH4G2FvFt7HCp/+/VFDi5t8JdFonHQbhkt9mGUjyrA2
VWnpjdmnVnKqIAUeDQWlibpOy+GtenTA0c2OtB53D5AocgVrxJk0AMhgO/8vO3XM
zeutG+raGmJ5eyJ+5A8oGrYP8j0CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQibHS9
Ls0C8zH/eA9GaPrEvr2nhjAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDYzNi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
p8IwDQYJKoZIhvcNAQELBQADggEBAFGA4ppURwVS448v3tU/AHzPLHNvqch1YCwT
OpJwYb0ZOM1+uCI6fZ+G2cpQeJLRw8fUqd5ydeC4rCGUbUiWVl33YO3uOv59UbXv
qApB9TJJ9s7UGSXzn76uJmBaRe8L9pbje1XkY0r68KK+1e0qTuufIvrhIOQ8mVQd
x5faKf6rq+dehUrQxXAU/3xAbabU206ilmfBmAdMkrL2cZTmkcyV/qnom8nVsg2S
6kCx1rG/s4MBmc9Fr2wXUlUTIVg+aU7dVD8+ld8UBIydiH5X8W1ng4v8xahMikkG
wv2+NXr7he1ZuLZQ/5bmeWZdxw2hiG1MrQnfYPmjxgSFUqGdcrI=
-----END CERTIFICATE-----