Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144651.roa
File:                     AS144651.roa (raw, json)
Hash identifier:          FGRnAegacjuKjRg83YW1Lr4sRiB2i9AVT2S1mMV3szE=
Subject key identifier:   93:49:01:3F:A2:56:12:8E:3F:58:E2:46:5B:DF:A1:48:5D:4D:AF:32
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       3F22405C02DFD637AD3E207E05E23E0019798D7C
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144651.roa
Signing time:             Wed 04 Mar 2026 06:21:42 +0000
ROA not before:           Wed 04 Mar 2026 06:16:42 +0000
ROA not after:            Wed 03 Mar 2027 06:21:42 +0000
asID:                     144651
IP address blocks:        240a:a7d1::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3f:22:40:5c:02:df:d6:37:ad:3e:20:7e:05:e2:3e:00:19:79:8d:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:16:42 2026 GMT
            Not After : Mar  3 06:21:42 2027 GMT
        Subject: CN=9349013FA256128E3F58E2465BDFA1485D4DAF32
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:b0:11:b4:c2:bd:2e:30:63:d4:e8:21:23:10:
                    c7:1f:c9:df:69:70:53:bf:76:ee:dc:27:9d:3f:83:
                    e4:25:40:c4:c5:cf:6b:8f:5b:87:e7:99:8f:73:4a:
                    da:29:1d:e8:26:10:25:be:77:64:37:d2:b7:55:8b:
                    2b:8e:25:aa:5a:86:75:8e:56:0b:03:97:a8:58:14:
                    cd:8e:c9:c4:67:e9:08:d2:3e:f6:6f:e0:d0:45:94:
                    5a:25:a1:0c:8f:76:ac:88:a7:c1:a3:46:78:a5:c1:
                    ea:08:4f:2e:58:ae:16:27:bf:dc:44:ab:77:b2:b6:
                    96:93:6a:40:43:40:19:c3:07:0a:16:80:e0:da:e4:
                    c5:91:44:ca:e8:74:3a:68:64:b5:f9:9a:fa:49:d0:
                    5c:89:2a:c1:ac:9f:95:ba:48:36:af:74:0b:ec:80:
                    bb:d0:75:a0:86:f5:1a:60:49:80:4b:57:1c:cb:0d:
                    58:30:e6:8c:b9:e9:c6:ff:6c:99:6b:d0:7e:a7:74:
                    9d:00:34:f7:18:22:f6:11:90:cd:ff:69:75:e2:b6:
                    2d:79:1f:8f:e3:40:72:3b:5a:36:bb:95:9a:7d:27:
                    2e:5f:db:83:3e:22:98:ba:51:2a:eb:52:d2:dc:f3:
                    de:f0:29:33:2e:43:c7:92:48:58:90:7c:a8:90:77:
                    e5:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:49:01:3F:A2:56:12:8E:3F:58:E2:46:5B:DF:A1:48:5D:4D:AF:32
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144651.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a7d1::/32

    Signature Algorithm: sha256WithRSAEncryption
         d5:53:6d:57:bb:86:4f:4f:b6:46:bd:16:f5:60:33:db:9d:5e:
         81:cc:78:70:c1:76:59:f3:70:02:38:57:84:6e:65:bb:5f:18:
         dd:f9:44:fe:64:ae:ba:98:af:34:d4:d2:c8:a8:2b:a5:9b:4f:
         ad:e1:52:95:ef:40:e9:32:36:c6:0a:a0:9e:af:b2:1c:0d:ba:
         90:c0:87:86:db:85:cd:a2:ad:94:ef:99:5d:3d:ae:49:4e:9d:
         8c:f6:f9:19:fc:9f:43:08:7f:c7:b2:59:00:9f:68:a3:94:07:
         89:98:91:fb:b8:b0:f1:be:6b:6b:ba:6a:ef:31:ce:e0:a5:e0:
         d2:2e:ac:6c:34:e8:66:34:da:f3:f1:60:e7:7c:2c:0a:e7:56:
         d5:6d:ea:cc:f6:ea:82:27:81:cd:7f:b4:b9:b9:9c:32:b8:8f:
         4d:1d:40:d6:03:78:e9:f1:d3:13:b0:e1:2e:80:1b:94:81:af:
         2c:ba:ee:41:0a:25:4b:7f:de:70:07:36:63:27:7a:cb:ad:64:
         26:29:f5:9a:2f:32:3e:54:06:10:10:39:36:33:41:cf:a7:68:
         36:58:e7:c3:08:a4:6e:69:55:a5:da:4b:84:05:38:f9:78:4f:
         17:b4:13:5b:c9:c1:df:2b:74:21:91:de:62:69:4d:f8:05:a0:
         cc:80:63:f1
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUPyJAXALf1jetPiB+BeI+ABl5jXwwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTY0MloX
DTI3MDMwMzA2MjE0MlowMzExMC8GA1UEAxMoOTM0OTAxM0ZBMjU2MTI4RTNGNThF
MjQ2NUJERkExNDg1RDREQUYzMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMOwEbTCvS4wY9ToISMQxx/J32lwU7927twnnT+D5CVAxMXPa49bh+eZj3NK
2ikd6CYQJb53ZDfSt1WLK44lqlqGdY5WCwOXqFgUzY7JxGfpCNI+9m/g0EWUWiWh
DI92rIinwaNGeKXB6ghPLliuFie/3ESrd7K2lpNqQENAGcMHChaA4NrkxZFEyuh0
Omhktfma+knQXIkqwayflbpINq90C+yAu9B1oIb1GmBJgEtXHMsNWDDmjLnpxv9s
mWvQfqd0nQA09xgi9hGQzf9pdeK2LXkfj+NAcjtaNruVmn0nLl/bgz4imLpRKutS
0tzz3vApMy5Dx5JIWJB8qJB35bMCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBSTSQE/
olYSjj9Y4kZb36FIXU2vMjAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDY1MS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
p9EwDQYJKoZIhvcNAQELBQADggEBANVTbVe7hk9Ptka9FvVgM9udXoHMeHDBdlnz
cAI4V4RuZbtfGN35RP5krrqYrzTU0sioK6WbT63hUpXvQOkyNsYKoJ6vshwNupDA
h4bbhc2irZTvmV09rklOnYz2+Rn8n0MIf8eyWQCfaKOUB4mYkfu4sPG+a2u6au8x
zuCl4NIurGw06GY02vPxYOd8LArnVtVt6sz26oIngc1/tLm5nDK4j00dQNYDeOnx
0xOw4S6AG5SBryy67kEKJUt/3nAHNmMnesutZCYp9ZovMj5UBhAQOTYzQc+naDZY
58MIpG5pVaXaS4QFOPl4Txe0E1vJwd8rdCGR3mJpTfgFoMyAY/E=
-----END CERTIFICATE-----