Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144677.roa
File:                     AS144677.roa (raw, json)
Hash identifier:          5591QnUwUvV+rLESpqweLcWKA4ARq0tJ3KTse3HgAiA=
Subject key identifier:   F5:91:14:9C:0B:40:60:93:47:2A:68:2D:08:F3:49:CA:3E:CA:04:8E
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       02937413BD2E8F1526567116605A6AF335EBD0F2
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144677.roa
Signing time:             Wed 04 Mar 2026 06:22:32 +0000
ROA not before:           Wed 04 Mar 2026 06:17:32 +0000
ROA not after:            Wed 03 Mar 2027 06:22:32 +0000
asID:                     144677
IP address blocks:        240a:a7eb::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:93:74:13:bd:2e:8f:15:26:56:71:16:60:5a:6a:f3:35:eb:d0:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:17:32 2026 GMT
            Not After : Mar  3 06:22:32 2027 GMT
        Subject: CN=F591149C0B406093472A682D08F349CA3ECA048E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:10:36:49:b7:81:46:0f:e3:e6:0e:02:6d:c6:
                    75:86:6b:12:b8:7f:f3:48:fc:c4:42:32:e3:2c:60:
                    4f:27:55:f6:dc:b9:85:c8:96:cd:c2:c8:3b:de:00:
                    23:fc:e5:13:05:98:8f:74:05:98:cf:ad:98:e5:ff:
                    e4:6b:9e:6b:33:12:d5:bf:e8:c7:49:93:df:c1:3b:
                    14:df:a7:06:5e:67:06:43:ad:ed:35:2a:90:c0:6f:
                    91:b0:6c:9b:64:32:07:18:ce:3b:52:c6:d7:1e:10:
                    50:50:4e:03:56:8a:99:b2:85:1c:9d:03:3d:e1:dc:
                    5d:67:c3:22:8b:41:58:02:4f:15:45:e0:a5:9c:f6:
                    e8:b4:f4:57:13:28:9f:5c:46:ef:a5:ec:b8:20:24:
                    f3:da:94:7b:d1:7e:b8:04:b1:31:a7:24:cc:e1:ea:
                    17:54:44:72:83:9e:23:c1:7b:43:91:28:28:17:55:
                    7e:e9:05:a9:59:cd:be:e1:fa:a1:25:e0:69:02:3b:
                    37:05:f2:a1:61:ca:df:13:78:cb:e1:d4:8a:fb:4f:
                    7e:46:f7:50:a9:17:72:09:88:7a:69:c3:79:c2:92:
                    b5:e1:63:8b:46:78:2d:4b:5e:97:ad:81:b7:11:7e:
                    14:dc:a9:39:25:2d:4f:0c:92:f1:ad:32:9d:d2:df:
                    8d:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:91:14:9C:0B:40:60:93:47:2A:68:2D:08:F3:49:CA:3E:CA:04:8E
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144677.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a7eb::/32

    Signature Algorithm: sha256WithRSAEncryption
         7f:ad:46:de:23:d4:64:d6:da:16:f2:dd:3b:be:0a:55:01:84:
         a3:01:ae:b1:38:a4:76:14:b2:e9:24:b0:c8:dd:ba:7c:50:ba:
         56:fd:67:cf:7a:c6:2f:3b:50:41:9f:52:c3:0d:6e:b3:a7:7b:
         74:3c:e1:f9:14:a4:9a:de:82:34:32:18:aa:ac:b2:4f:dc:e0:
         d4:79:37:12:68:07:22:64:a4:37:45:39:a3:b3:04:2e:c1:ad:
         60:b7:05:2a:71:73:95:b3:26:27:df:d3:65:d4:e8:ef:dc:69:
         48:4e:e5:43:0d:01:c8:8b:8b:c6:af:a0:3e:e9:3f:34:fe:e6:
         a2:fa:c7:a1:5e:0b:bd:bd:9c:41:30:32:67:b9:17:87:ed:72:
         53:e8:66:9b:63:31:4c:5a:24:a7:b8:b1:70:a9:d4:57:4e:cf:
         5a:57:bb:b5:1f:cd:20:3b:f1:29:bd:87:f1:b4:47:0f:71:65:
         aa:12:02:b0:b8:c6:63:c1:83:c9:9f:10:19:be:50:8a:f5:3d:
         6c:03:3b:6f:1d:d1:a5:dc:1e:a3:df:07:d7:f2:74:1c:0d:1a:
         e1:a5:c2:83:50:d7:f7:9d:95:a0:72:bf:9b:14:e9:f5:cd:ae:
         96:15:06:da:2f:77:75:78:75:cf:f2:e0:b5:1d:a2:e9:b7:ac:
         56:30:38:9a
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUApN0E70ujxUmVnEWYFpq8zXr0PIwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTczMloX
DTI3MDMwMzA2MjIzMlowMzExMC8GA1UEAxMoRjU5MTE0OUMwQjQwNjA5MzQ3MkE2
ODJEMDhGMzQ5Q0EzRUNBMDQ4RTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKwQNkm3gUYP4+YOAm3GdYZrErh/80j8xEIy4yxgTydV9ty5hciWzcLIO94A
I/zlEwWYj3QFmM+tmOX/5GueazMS1b/ox0mT38E7FN+nBl5nBkOt7TUqkMBvkbBs
m2QyBxjOO1LG1x4QUFBOA1aKmbKFHJ0DPeHcXWfDIotBWAJPFUXgpZz26LT0VxMo
n1xG76XsuCAk89qUe9F+uASxMackzOHqF1REcoOeI8F7Q5EoKBdVfukFqVnNvuH6
oSXgaQI7NwXyoWHK3xN4y+HUivtPfkb3UKkXcgmIemnDecKSteFji0Z4LUtel62B
txF+FNypOSUtTwyS8a0yndLfjTMCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBT1kRSc
C0Bgk0cqaC0I80nKPsoEjjAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDY3Ny5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
p+swDQYJKoZIhvcNAQELBQADggEBAH+tRt4j1GTW2hby3Tu+ClUBhKMBrrE4pHYU
sukksMjdunxQulb9Z896xi87UEGfUsMNbrOne3Q84fkUpJregjQyGKqssk/c4NR5
NxJoByJkpDdFOaOzBC7BrWC3BSpxc5WzJiff02XU6O/caUhO5UMNAciLi8avoD7p
PzT+5qL6x6FeC729nEEwMme5F4ftclPoZptjMUxaJKe4sXCp1FdOz1pXu7UfzSA7
8Sm9h/G0Rw9xZaoSArC4xmPBg8mfEBm+UIr1PWwDO28d0aXcHqPfB9fydBwNGuGl
woNQ1/edlaByv5sU6fXNrpYVBtovd3V4dc/y4LUdoum3rFYwOJo=
-----END CERTIFICATE-----