Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144655.roa
File:                     AS144655.roa (raw, json)
Hash identifier:          h+IkL6zjNG6We5encC7cML8m6ON+Jn1NXdrbZOHHVYY=
Subject key identifier:   2C:06:99:89:F6:14:C2:E6:9C:6B:2A:72:A9:A2:23:57:C6:CC:1F:F1
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       656DE1E5A213B93535A234424E138F50294AD1A8
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144655.roa
Signing time:             Wed 04 Mar 2026 06:21:14 +0000
ROA not before:           Wed 04 Mar 2026 06:16:14 +0000
ROA not after:            Wed 03 Mar 2027 06:21:14 +0000
asID:                     144655
IP address blocks:        240a:a7d5::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            65:6d:e1:e5:a2:13:b9:35:35:a2:34:42:4e:13:8f:50:29:4a:d1:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:16:14 2026 GMT
            Not After : Mar  3 06:21:14 2027 GMT
        Subject: CN=2C069989F614C2E69C6B2A72A9A22357C6CC1FF1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f7:70:ed:44:8b:5b:1d:01:b0:e8:0d:1d:6d:8c:
                    ea:95:91:0f:61:97:c5:bb:81:44:95:2c:43:e8:6f:
                    70:6c:b3:7c:6e:6e:b4:60:4b:b8:67:fd:4c:d7:26:
                    41:78:b9:66:b4:4d:f7:3f:f3:9c:5d:60:ac:b8:b6:
                    79:27:5d:20:4c:77:ec:38:54:0a:09:a1:aa:29:54:
                    47:a9:02:3f:72:9a:ca:ea:4d:ea:8b:c6:de:27:e2:
                    20:53:47:1a:9e:63:6c:6e:63:f7:06:8c:8b:e1:74:
                    e0:fe:2c:dd:42:66:f6:16:5e:7a:8d:b0:23:79:71:
                    d1:bf:c4:68:0a:9f:1d:d7:e4:81:ea:95:e2:d1:b5:
                    35:7d:3d:e5:f9:6d:26:b9:40:17:58:b9:2a:92:96:
                    f9:bf:4e:cf:17:8e:b6:04:e9:b2:14:34:8c:b0:c1:
                    e2:c2:3c:6d:22:58:a2:95:71:6d:af:64:ae:d1:fa:
                    5d:89:c7:cb:e6:30:8f:11:b1:62:dc:7f:8d:39:66:
                    7a:52:85:51:11:69:05:94:3b:b4:37:07:f9:c2:5c:
                    15:66:33:4f:16:0d:ae:9e:bb:1d:1f:9a:f2:95:c1:
                    3a:00:58:3f:e8:e5:40:5a:89:78:e0:32:dc:f6:dd:
                    31:cf:d6:b0:36:11:c1:3b:dd:e0:06:69:3c:0f:49:
                    43:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:06:99:89:F6:14:C2:E6:9C:6B:2A:72:A9:A2:23:57:C6:CC:1F:F1
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144655.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a7d5::/32

    Signature Algorithm: sha256WithRSAEncryption
         66:b7:ab:ad:46:a9:31:78:2f:b8:33:36:df:47:f6:84:42:7a:
         e1:c3:9c:01:52:c0:98:a3:8b:6a:cb:e5:87:96:1e:71:d0:95:
         3c:9c:8b:59:93:6d:7a:b5:3f:d6:0e:b1:7f:0d:71:58:e6:c2:
         40:c6:2c:f0:b3:84:15:d6:1b:e0:7a:c7:86:dc:70:b3:b2:ee:
         bb:d8:3e:da:65:56:59:a6:c6:f8:b1:ec:87:15:2c:01:b2:ee:
         1a:e1:63:a1:c6:63:9d:bb:aa:85:46:94:6b:7e:19:bb:72:50:
         f4:e8:59:ae:23:ac:34:ab:eb:03:ec:45:c9:75:23:5d:5d:48:
         97:a9:8f:53:2c:91:bf:26:ec:1e:15:e3:2c:3d:55:6a:4d:b2:
         8c:b7:df:1f:16:cb:99:a2:77:ae:af:de:8b:d0:83:98:33:f5:
         2d:fa:db:f0:71:0a:d9:7f:66:27:2c:c7:2f:50:d3:68:58:e9:
         65:8a:20:3b:6d:78:5a:7d:eb:f8:6e:2f:2b:c1:bc:11:b0:60:
         c2:49:c7:09:76:30:db:2e:d5:32:c2:1d:e5:bd:6d:2a:6f:a9:
         6f:82:28:88:19:34:1c:74:5d:d0:a8:78:6e:17:d5:4f:01:6e:
         aa:bb:84:d1:4a:78:d0:8e:bc:ea:95:82:ee:a8:16:bf:0d:d4:
         3a:3e:7d:73
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUZW3h5aITuTU1ojRCThOPUClK0agwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTYxNFoX
DTI3MDMwMzA2MjExNFowMzExMC8GA1UEAxMoMkMwNjk5ODlGNjE0QzJFNjlDNkIy
QTcyQTlBMjIzNTdDNkNDMUZGMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAPdw7USLWx0BsOgNHW2M6pWRD2GXxbuBRJUsQ+hvcGyzfG5utGBLuGf9TNcm
QXi5ZrRN9z/znF1grLi2eSddIEx37DhUCgmhqilUR6kCP3KayupN6ovG3ifiIFNH
Gp5jbG5j9waMi+F04P4s3UJm9hZeeo2wI3lx0b/EaAqfHdfkgeqV4tG1NX095flt
JrlAF1i5KpKW+b9OzxeOtgTpshQ0jLDB4sI8bSJYopVxba9krtH6XYnHy+YwjxGx
Ytx/jTlmelKFURFpBZQ7tDcH+cJcFWYzTxYNrp67HR+a8pXBOgBYP+jlQFqJeOAy
3PbdMc/WsDYRwTvd4AZpPA9JQz0CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQsBpmJ
9hTC5pxrKnKpoiNXxswf8TAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDY1NS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
p9UwDQYJKoZIhvcNAQELBQADggEBAGa3q61GqTF4L7gzNt9H9oRCeuHDnAFSwJij
i2rL5YeWHnHQlTyci1mTbXq1P9YOsX8NcVjmwkDGLPCzhBXWG+B6x4bccLOy7rvY
PtplVlmmxvix7IcVLAGy7hrhY6HGY527qoVGlGt+GbtyUPToWa4jrDSr6wPsRcl1
I11dSJepj1Mskb8m7B4V4yw9VWpNsoy33x8Wy5mid66v3ovQg5gz9S362/BxCtl/
Zicsxy9Q02hY6WWKIDtteFp96/huLyvBvBGwYMJJxwl2MNsu1TLCHeW9bSpvqW+C
KIgZNBx0XdCoeG4X1U8Bbqq7hNFKeNCOvOqVgu6oFr8N1Do+fXM=
-----END CERTIFICATE-----