Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144645.roa
File:                     AS144645.roa (raw, json)
Hash identifier:          IdZwoZF523TNspk1Vw3/7Pe9eRlbholWHv0887V25SU=
Subject key identifier:   B3:CF:EA:3C:23:36:3B:FE:B4:C7:23:D2:04:5D:59:EA:79:5D:E6:19
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       49664F7BDDA1D573994DD55BCCF7CD1B1BD42E3A
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144645.roa
Signing time:             Wed 04 Mar 2026 06:22:02 +0000
ROA not before:           Wed 04 Mar 2026 06:17:02 +0000
ROA not after:            Wed 03 Mar 2027 06:22:02 +0000
asID:                     144645
IP address blocks:        240a:a7cb::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            49:66:4f:7b:dd:a1:d5:73:99:4d:d5:5b:cc:f7:cd:1b:1b:d4:2e:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:17:02 2026 GMT
            Not After : Mar  3 06:22:02 2027 GMT
        Subject: CN=B3CFEA3C23363BFEB4C723D2045D59EA795DE619
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:c7:01:87:3d:d2:99:b0:76:65:3e:2a:e7:ff:
                    61:d5:74:2e:be:73:88:69:f0:34:66:ca:78:6c:01:
                    31:82:b0:b6:5e:5a:63:c0:38:c6:3d:c8:27:f0:df:
                    d1:1e:29:9a:10:f4:95:45:c7:87:6c:fc:42:cf:36:
                    24:30:a0:f9:29:3a:fb:00:1d:f8:9d:fc:ec:5e:9e:
                    c0:24:90:01:9a:93:e5:e8:26:f8:f5:0b:25:7c:eb:
                    df:d1:1f:34:1b:23:0d:00:6c:c1:ff:bc:6d:b6:33:
                    99:71:63:53:1b:ef:e1:57:da:a5:3b:de:62:17:9d:
                    7b:03:ff:f0:5f:99:f5:da:40:89:6f:35:1f:98:54:
                    f5:06:37:7b:e5:02:ab:92:54:f6:23:b6:d2:66:76:
                    67:78:5e:15:76:1d:60:9f:1e:bd:80:27:41:11:4d:
                    8f:6a:f2:11:3f:3a:56:b1:98:ae:4f:70:d3:28:1c:
                    c6:a9:6d:73:22:e5:30:a9:1c:2d:e4:02:91:b1:77:
                    0f:7b:fb:68:dd:d4:86:28:c0:f0:a2:9c:cb:6e:c6:
                    b8:a2:66:4f:0e:1f:88:16:70:0a:31:0f:49:72:12:
                    45:9c:1a:b3:73:d8:2b:b6:a9:e4:4b:72:4c:48:59:
                    88:45:c6:45:3a:54:d9:d8:1d:55:06:dc:df:d5:a8:
                    70:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:CF:EA:3C:23:36:3B:FE:B4:C7:23:D2:04:5D:59:EA:79:5D:E6:19
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144645.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a7cb::/32

    Signature Algorithm: sha256WithRSAEncryption
         02:11:26:05:8c:d4:3a:ac:f4:79:00:f6:d4:71:e1:1b:d5:e6:
         cb:55:24:91:92:0c:b7:c4:6d:6a:7c:64:b2:f6:78:a1:4f:8e:
         a1:36:37:59:e3:5e:aa:7d:fd:d2:8a:42:2c:f3:a6:e6:18:fa:
         e4:f3:5c:07:24:07:2d:81:30:86:d4:32:e4:5e:55:6c:7f:5b:
         eb:2c:42:f4:8d:c8:2f:6a:75:79:f4:59:3f:30:73:be:46:1c:
         05:d0:27:57:9f:0e:e2:8c:9d:a8:c0:d4:35:ec:08:35:13:06:
         bd:ba:be:15:16:58:6a:77:1e:b2:4b:3b:a5:44:de:17:c5:22:
         6b:d8:c1:43:73:60:de:61:7d:0f:7d:9c:a8:a0:6b:99:80:57:
         b4:a5:91:40:24:4a:24:ae:75:f1:80:a7:33:98:29:6c:e2:82:
         26:71:e3:2a:cd:f0:5c:db:87:39:12:97:0e:74:69:fc:c1:6b:
         16:6c:0c:8c:93:66:db:ca:90:f7:ad:f7:b7:0c:15:b9:c2:03:
         38:47:f1:30:b6:97:c0:65:3a:35:ea:51:3a:b3:5a:7d:e6:7a:
         57:fa:b2:c4:4e:3e:da:2d:f5:64:1b:ee:19:1e:91:4b:bd:05:
         ee:c1:fd:31:7b:07:c4:12:b7:9d:0b:26:61:4c:59:38:e2:e1:
         ea:f7:40:73
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUSWZPe92h1XOZTdVbzPfNGxvULjowDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTcwMloX
DTI3MDMwMzA2MjIwMlowMzExMC8GA1UEAxMoQjNDRkVBM0MyMzM2M0JGRUI0Qzcy
M0QyMDQ1RDU5RUE3OTVERTYxOTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJfHAYc90pmwdmU+Kuf/YdV0Lr5ziGnwNGbKeGwBMYKwtl5aY8A4xj3IJ/Df
0R4pmhD0lUXHh2z8Qs82JDCg+Sk6+wAd+J387F6ewCSQAZqT5egm+PULJXzr39Ef
NBsjDQBswf+8bbYzmXFjUxvv4VfapTveYhedewP/8F+Z9dpAiW81H5hU9QY3e+UC
q5JU9iO20mZ2Z3heFXYdYJ8evYAnQRFNj2ryET86VrGYrk9w0ygcxqltcyLlMKkc
LeQCkbF3D3v7aN3UhijA8KKcy27GuKJmTw4fiBZwCjEPSXISRZwas3PYK7ap5Ety
TEhZiEXGRTpU2dgdVQbc39WocKMCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBSzz+o8
IzY7/rTHI9IEXVnqeV3mGTAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDY0NS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
p8swDQYJKoZIhvcNAQELBQADggEBAAIRJgWM1Dqs9HkA9tRx4RvV5stVJJGSDLfE
bWp8ZLL2eKFPjqE2N1njXqp9/dKKQizzpuYY+uTzXAckBy2BMIbUMuReVWx/W+ss
QvSNyC9qdXn0WT8wc75GHAXQJ1efDuKMnajA1DXsCDUTBr26vhUWWGp3HrJLO6VE
3hfFImvYwUNzYN5hfQ99nKiga5mAV7SlkUAkSiSudfGApzOYKWzigiZx4yrN8Fzb
hzkSlw50afzBaxZsDIyTZtvKkPet97cMFbnCAzhH8TC2l8BlOjXqUTqzWn3melf6
ssROPtot9WQb7hkekUu9Be7B/TF7B8QSt50LJmFMWTji4er3QHM=
-----END CERTIFICATE-----