Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144708.roa
File:                     AS144708.roa (raw, json)
Hash identifier:          gJoTLY+JWDbQLiv0KI65GHFaBhWuKTAday/aAX8cExQ=
Subject key identifier:   8B:60:CE:C3:CA:71:13:2F:C6:73:6A:88:70:0B:6E:E3:4B:9E:2A:AF
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       0B3F0AE4E332067A72E009CA550B91AACA43807A
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144708.roa
Signing time:             Wed 04 Mar 2026 06:19:17 +0000
ROA not before:           Wed 04 Mar 2026 06:14:17 +0000
ROA not after:            Wed 03 Mar 2027 06:19:17 +0000
asID:                     144708
IP address blocks:        240a:a80a::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0b:3f:0a:e4:e3:32:06:7a:72:e0:09:ca:55:0b:91:aa:ca:43:80:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:14:17 2026 GMT
            Not After : Mar  3 06:19:17 2027 GMT
        Subject: CN=8B60CEC3CA71132FC6736A88700B6EE34B9E2AAF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:51:2a:a9:65:4e:92:19:d6:a0:71:c7:7f:82:
                    64:98:24:29:f1:31:49:63:c1:dd:6e:93:6b:4d:78:
                    2d:6c:7b:ac:18:da:20:e8:96:dd:f9:e8:3d:62:a7:
                    60:52:a6:0c:93:2e:3d:05:40:fb:d9:a3:bd:ce:e4:
                    c3:ea:14:55:7f:3c:75:9d:40:d4:f1:62:67:10:7c:
                    13:00:73:8d:bb:4d:81:dc:ef:db:34:c0:4f:a4:aa:
                    e0:22:36:2d:e7:74:56:9b:13:56:b5:77:b4:77:39:
                    0d:d3:1b:41:bc:a4:3e:db:7c:95:5d:16:a8:90:d4:
                    f6:54:d8:ac:2d:56:20:f6:9e:f2:f1:87:5a:76:24:
                    46:52:82:23:f4:73:c4:e9:88:b5:84:f4:4f:1f:9b:
                    d9:d0:18:6f:82:53:93:4c:bf:62:5d:bf:7b:4d:33:
                    2d:4a:57:85:32:14:d2:12:e2:62:7f:25:80:f9:89:
                    32:c0:99:8d:b3:17:86:27:d4:21:ab:90:c6:92:b0:
                    10:bb:1a:0b:8c:13:37:f0:ca:27:eb:b3:c7:bb:c8:
                    11:5f:e1:54:51:36:81:2b:bc:70:94:62:56:d5:73:
                    ee:02:50:f2:48:7e:6d:df:34:fd:f5:4a:7b:46:fd:
                    5d:c9:43:ff:b4:05:d1:10:2b:8d:80:c4:bc:45:8e:
                    5b:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:60:CE:C3:CA:71:13:2F:C6:73:6A:88:70:0B:6E:E3:4B:9E:2A:AF
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144708.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a80a::/32

    Signature Algorithm: sha256WithRSAEncryption
         d6:64:41:59:75:35:0d:66:a8:70:f4:8b:86:d5:af:0f:2f:2b:
         9c:47:d3:8d:1f:2f:fb:eb:7b:fb:16:fe:2f:a0:50:c9:16:55:
         31:44:8c:81:35:73:95:e0:11:7b:58:cc:01:29:23:0c:ca:a3:
         c6:43:11:04:ba:a7:3e:27:5a:c8:a0:73:cb:59:6b:d8:3b:54:
         3d:44:81:bd:76:bc:e5:52:bd:46:88:56:1a:49:6a:62:84:34:
         44:ca:ee:65:1a:37:a1:22:e4:d6:12:53:8b:18:fd:2b:5e:45:
         de:19:de:b8:d8:94:ee:91:dc:0a:15:fe:99:b9:93:6f:76:cf:
         9c:46:3f:8c:d6:96:b1:7f:78:ed:52:75:24:ed:ab:29:ff:7f:
         25:35:5d:b0:ab:6a:e3:94:c4:07:f9:83:d0:8a:ca:7a:c3:f9:
         b0:ec:db:22:1c:a1:94:be:30:9e:0b:14:85:8b:88:ab:55:f6:
         07:a9:4d:ee:b5:52:8f:39:37:53:9a:29:7f:f7:04:2a:92:5e:
         25:28:4a:37:1f:73:de:20:35:47:95:56:09:6a:b5:aa:15:37:
         e7:df:d6:5c:be:ae:8b:c5:d9:05:7c:24:22:1f:24:95:db:9b:
         2d:b2:10:ed:f0:5d:61:e4:db:68:53:97:71:7a:a6:af:c7:d5:
         92:1d:84:9b
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUCz8K5OMyBnpy4AnKVQuRqspDgHowDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTQxN1oX
DTI3MDMwMzA2MTkxN1owMzExMC8GA1UEAxMoOEI2MENFQzNDQTcxMTMyRkM2NzM2
QTg4NzAwQjZFRTM0QjlFMkFBRjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMBRKqllTpIZ1qBxx3+CZJgkKfExSWPB3W6Ta014LWx7rBjaIOiW3fnoPWKn
YFKmDJMuPQVA+9mjvc7kw+oUVX88dZ1A1PFiZxB8EwBzjbtNgdzv2zTAT6Sq4CI2
Led0VpsTVrV3tHc5DdMbQbykPtt8lV0WqJDU9lTYrC1WIPae8vGHWnYkRlKCI/Rz
xOmItYT0Tx+b2dAYb4JTk0y/Yl2/e00zLUpXhTIU0hLiYn8lgPmJMsCZjbMXhifU
IauQxpKwELsaC4wTN/DKJ+uzx7vIEV/hVFE2gSu8cJRiVtVz7gJQ8kh+bd80/fVK
e0b9XclD/7QF0RArjYDEvEWOW/cCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBSLYM7D
ynETL8ZzaohwC27jS54qrzAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDcwOC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
qAowDQYJKoZIhvcNAQELBQADggEBANZkQVl1NQ1mqHD0i4bVrw8vK5xH040fL/vr
e/sW/i+gUMkWVTFEjIE1c5XgEXtYzAEpIwzKo8ZDEQS6pz4nWsigc8tZa9g7VD1E
gb12vOVSvUaIVhpJamKENETK7mUaN6Ei5NYSU4sY/SteRd4Z3rjYlO6R3AoV/pm5
k292z5xGP4zWlrF/eO1SdSTtqyn/fyU1XbCrauOUxAf5g9CKynrD+bDs2yIcoZS+
MJ4LFIWLiKtV9gepTe61Uo85N1OaKX/3BCqSXiUoSjcfc94gNUeVVglqtaoVN+ff
1ly+rovF2QV8JCIfJJXbmy2yEO3wXWHk22hTl3F6pq/H1ZIdhJs=
-----END CERTIFICATE-----