Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144684.roa
File:                     AS144684.roa (raw, json)
Hash identifier:          eu+tbPppon1tdoaAQtykhit6By9Jh2Dt1ItXkGM79M8=
Subject key identifier:   7E:DD:BB:36:7D:3E:01:C4:88:86:2C:52:BF:C4:6C:40:36:DF:83:9A
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       1457992A89BA9D557BDC35F5F2E27AE52BDE6DB8
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144684.roa
Signing time:             Wed 04 Mar 2026 06:19:22 +0000
ROA not before:           Wed 04 Mar 2026 06:14:22 +0000
ROA not after:            Wed 03 Mar 2027 06:19:22 +0000
asID:                     144684
IP address blocks:        240a:a7f2::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            14:57:99:2a:89:ba:9d:55:7b:dc:35:f5:f2:e2:7a:e5:2b:de:6d:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:14:22 2026 GMT
            Not After : Mar  3 06:19:22 2027 GMT
        Subject: CN=7EDDBB367D3E01C488862C52BFC46C4036DF839A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:17:81:7e:30:1c:2e:b3:51:12:80:d8:a3:61:
                    d7:30:af:8a:df:af:1b:f1:a7:f1:5f:4f:63:d4:99:
                    32:48:b7:f7:28:04:4f:3c:39:55:0e:6d:ec:68:bc:
                    51:eb:25:ad:91:f7:4b:bf:fe:54:48:84:4d:fa:5b:
                    e0:a7:f4:05:e7:ce:93:86:6c:47:7f:f2:5e:34:11:
                    29:e1:c1:c3:b7:f2:ab:1a:9b:7b:0b:c4:64:74:35:
                    62:de:da:8e:f7:9f:3a:a5:40:96:56:1d:61:60:39:
                    6f:20:30:12:11:43:52:0c:1a:a7:54:12:01:46:4a:
                    9e:f1:0b:51:cf:e6:7f:43:c2:1e:1c:58:b4:b2:49:
                    e2:0f:ce:00:cb:45:99:5f:cc:73:ff:c5:cf:e6:72:
                    ae:59:f8:e7:9d:24:2f:7f:c7:c8:56:a5:08:12:4e:
                    57:ed:42:35:ba:0e:7b:7d:5c:d7:21:17:3a:b6:46:
                    bb:79:29:59:ec:fc:20:95:6f:a8:db:01:39:7f:01:
                    9e:ae:29:61:cd:ac:54:96:18:6f:48:ba:41:83:5c:
                    2d:3d:69:ca:d4:3d:ed:ec:e2:72:68:98:08:bb:28:
                    ee:24:38:29:06:0f:50:33:25:48:77:4b:c7:e8:5a:
                    45:89:74:d3:37:0c:1f:41:dd:bc:af:05:d3:d4:ee:
                    a6:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:DD:BB:36:7D:3E:01:C4:88:86:2C:52:BF:C4:6C:40:36:DF:83:9A
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144684.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a7f2::/32

    Signature Algorithm: sha256WithRSAEncryption
         30:8a:71:fc:1d:b2:f0:1c:71:47:b5:aa:08:2a:6e:e4:9f:90:
         f9:26:95:5e:84:87:02:e0:bc:03:25:f6:39:5c:f0:bc:2e:4c:
         14:f9:95:c4:f2:3b:4e:ed:6f:60:4b:7b:02:5a:5f:51:0b:f3:
         1d:2a:7f:cc:ac:6d:8f:a7:f9:2c:73:26:57:63:0a:f1:48:73:
         71:a7:f4:90:d9:29:a4:43:1c:40:ad:58:43:fb:fc:8d:91:50:
         8f:2f:d5:9d:26:c4:7a:8e:8f:e4:e2:d0:36:6e:8b:5b:ec:57:
         10:48:01:47:11:c0:07:ed:43:9f:86:69:44:60:d8:cc:86:6e:
         83:0b:3d:f8:8e:5b:dd:a2:4e:9b:4f:35:f0:f2:c1:de:c1:5d:
         bf:bf:2b:4b:d4:08:1e:e6:fe:b0:32:88:70:23:d5:05:b6:31:
         f5:b4:4b:3c:35:93:7d:ec:ff:81:1e:95:52:c7:61:9e:98:bc:
         28:a1:37:86:54:7f:a6:67:6d:24:69:6c:74:0e:67:79:e3:70:
         2e:4a:55:c2:8d:56:38:98:dc:33:ca:4c:7e:fa:0d:47:a8:d4:
         c3:e4:db:6f:35:85:74:90:ff:0d:ef:b8:0d:be:29:ab:13:d0:
         17:c0:8d:18:58:7b:86:37:81:e0:77:16:e1:49:46:9e:62:6d:
         b9:36:0d:29
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUFFeZKom6nVV73DX18uJ65SvebbgwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTQyMloX
DTI3MDMwMzA2MTkyMlowMzExMC8GA1UEAxMoN0VEREJCMzY3RDNFMDFDNDg4ODYy
QzUyQkZDNDZDNDAzNkRGODM5QTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALoXgX4wHC6zURKA2KNh1zCvit+vG/Gn8V9PY9SZMki39ygETzw5VQ5t7Gi8
UeslrZH3S7/+VEiETfpb4Kf0BefOk4ZsR3/yXjQRKeHBw7fyqxqbewvEZHQ1Yt7a
jvefOqVAllYdYWA5byAwEhFDUgwap1QSAUZKnvELUc/mf0PCHhxYtLJJ4g/OAMtF
mV/Mc//Fz+Zyrln4550kL3/HyFalCBJOV+1CNboOe31c1yEXOrZGu3kpWez8IJVv
qNsBOX8Bnq4pYc2sVJYYb0i6QYNcLT1pytQ97ezicmiYCLso7iQ4KQYPUDMlSHdL
x+haRYl00zcMH0HdvK8F09Tupo0CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBR+3bs2
fT4BxIiGLFK/xGxANt+DmjAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDY4NC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
p/IwDQYJKoZIhvcNAQELBQADggEBADCKcfwdsvAccUe1qggqbuSfkPkmlV6EhwLg
vAMl9jlc8LwuTBT5lcTyO07tb2BLewJaX1EL8x0qf8ysbY+n+SxzJldjCvFIc3Gn
9JDZKaRDHECtWEP7/I2RUI8v1Z0mxHqOj+Ti0DZui1vsVxBIAUcRwAftQ5+GaURg
2MyGboMLPfiOW92iTptPNfDywd7BXb+/K0vUCB7m/rAyiHAj1QW2MfW0Szw1k33s
/4EelVLHYZ6YvCihN4ZUf6ZnbSRpbHQOZ3njcC5KVcKNVjiY3DPKTH76DUeo1MPk
2281hXSQ/w3vuA2+KasT0BfAjRhYe4Y3geB3FuFJRp5ibbk2DSk=
-----END CERTIFICATE-----