Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144673.roa
File:                     AS144673.roa (raw, json)
Hash identifier:          W1VBx5p6VS7VBtZ0obmczQrxRUywgVkaXkboEMCm3bI=
Subject key identifier:   CF:A6:AC:AF:88:67:96:B0:B8:5E:AE:BC:CC:79:E6:99:81:7B:21:85
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       2383297CF7AFBD81CE77EB191E1B5DBE28EC67E6
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144673.roa
Signing time:             Wed 04 Mar 2026 06:19:30 +0000
ROA not before:           Wed 04 Mar 2026 06:14:30 +0000
ROA not after:            Wed 03 Mar 2027 06:19:30 +0000
asID:                     144673
IP address blocks:        240a:a7e7::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            23:83:29:7c:f7:af:bd:81:ce:77:eb:19:1e:1b:5d:be:28:ec:67:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:14:30 2026 GMT
            Not After : Mar  3 06:19:30 2027 GMT
        Subject: CN=CFA6ACAF886796B0B85EAEBCCC79E699817B2185
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:af:3b:02:09:6b:79:6a:fd:a5:83:66:3d:55:
                    f8:e0:d8:c4:c2:c4:9d:df:f8:3c:c9:f9:d3:bb:0d:
                    6f:a4:d5:a8:cc:90:b0:c4:dc:5c:da:ea:74:f7:7e:
                    8f:c0:53:81:55:e6:10:31:48:72:02:2c:88:40:d2:
                    a9:f6:17:c1:74:7d:0c:ad:bf:b3:36:ae:1d:46:ca:
                    9f:e0:85:e5:57:93:2f:d2:eb:72:76:b3:27:7f:74:
                    0b:ef:b5:d5:94:4a:43:51:1c:f0:da:bd:8d:7d:55:
                    e0:5e:28:75:eb:9a:57:73:b0:28:2c:40:3c:0e:0b:
                    91:96:d5:fa:13:32:a4:80:c0:b9:03:ff:f5:d0:0e:
                    5e:ae:43:fe:4e:f1:e1:39:b2:7c:44:59:85:41:ac:
                    43:ca:07:c2:13:0a:fa:cc:39:cb:55:02:32:f1:94:
                    bc:9b:03:34:22:7e:46:82:f1:ca:ca:77:bc:6e:90:
                    14:d0:56:e2:cc:24:84:a3:42:64:48:03:ff:65:3e:
                    49:4b:65:c2:e6:1d:c5:aa:44:ed:64:3e:f6:3f:aa:
                    ab:d9:92:44:70:ac:a9:14:b4:ee:a9:97:4d:26:9a:
                    5d:80:87:80:5b:1c:ec:ee:87:29:18:ec:e3:b8:3a:
                    bc:37:f3:0b:88:0b:e0:bf:3e:37:58:9c:c2:72:a3:
                    97:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:A6:AC:AF:88:67:96:B0:B8:5E:AE:BC:CC:79:E6:99:81:7B:21:85
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144673.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a7e7::/32

    Signature Algorithm: sha256WithRSAEncryption
         d7:50:c6:e7:cb:ac:66:2f:5c:5e:d6:da:4e:79:b2:d1:8a:74:
         f9:63:ad:48:de:d1:b5:fc:06:06:7b:9a:81:2f:03:4a:62:9b:
         89:de:36:c4:db:24:20:c1:c6:42:51:6c:84:85:f2:9c:f1:99:
         e9:06:5b:4c:4e:42:8b:72:18:c2:79:70:2e:db:74:b1:38:25:
         9c:45:e3:f5:dd:70:ce:a7:5e:d1:96:b1:75:9f:b5:5b:d4:c6:
         1d:8e:a1:71:67:27:e7:e4:8e:ed:96:dc:06:30:ea:e2:85:a7:
         4b:c2:b2:b9:db:98:85:ce:72:f4:5e:1b:9e:d1:1c:84:d5:c3:
         bd:97:87:8f:84:bc:1d:e8:1c:f8:22:89:08:1a:eb:f5:71:e6:
         ea:61:47:67:1f:05:69:06:6d:1b:b0:f9:84:2d:41:66:e7:0e:
         97:99:76:f5:0a:c0:8a:ee:c3:a6:29:72:36:41:8c:b4:ec:7f:
         66:86:76:1e:ff:b5:bf:f0:32:49:9b:7f:ea:f4:0b:d8:2b:33:
         4a:4e:09:b6:cd:4a:c3:06:47:4d:3f:06:ca:d7:52:ed:a5:ee:
         e3:0b:4a:d5:65:e2:25:28:1e:42:52:02:41:d6:ba:d0:68:39:
         1b:4d:fe:17:0a:fc:83:d4:8c:8b:e5:d4:6e:7c:ff:37:b3:9e:
         eb:6e:60:00
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUI4MpfPevvYHOd+sZHhtdvijsZ+YwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTQzMFoX
DTI3MDMwMzA2MTkzMFowMzExMC8GA1UEAxMoQ0ZBNkFDQUY4ODY3OTZCMEI4NUVB
RUJDQ0M3OUU2OTk4MTdCMjE4NTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALOvOwIJa3lq/aWDZj1V+ODYxMLEnd/4PMn507sNb6TVqMyQsMTcXNrqdPd+
j8BTgVXmEDFIcgIsiEDSqfYXwXR9DK2/szauHUbKn+CF5VeTL9LrcnazJ390C++1
1ZRKQ1Ec8Nq9jX1V4F4odeuaV3OwKCxAPA4LkZbV+hMypIDAuQP/9dAOXq5D/k7x
4TmyfERZhUGsQ8oHwhMK+sw5y1UCMvGUvJsDNCJ+RoLxysp3vG6QFNBW4swkhKNC
ZEgD/2U+SUtlwuYdxapE7WQ+9j+qq9mSRHCsqRS07qmXTSaaXYCHgFsc7O6HKRjs
47g6vDfzC4gL4L8+N1icwnKjlzkCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBTPpqyv
iGeWsLherrzMeeaZgXshhTAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDY3My5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
p+cwDQYJKoZIhvcNAQELBQADggEBANdQxufLrGYvXF7W2k55stGKdPljrUje0bX8
BgZ7moEvA0pim4neNsTbJCDBxkJRbISF8pzxmekGW0xOQotyGMJ5cC7bdLE4JZxF
4/XdcM6nXtGWsXWftVvUxh2OoXFnJ+fkju2W3AYw6uKFp0vCsrnbmIXOcvReG57R
HITVw72Xh4+EvB3oHPgiiQga6/Vx5uphR2cfBWkGbRuw+YQtQWbnDpeZdvUKwIru
w6YpcjZBjLTsf2aGdh7/tb/wMkmbf+r0C9grM0pOCbbNSsMGR00/BsrXUu2l7uML
StVl4iUoHkJSAkHWutBoORtN/hcK/IPUjIvl1G58/zeznutuYAA=
-----END CERTIFICATE-----