Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144717.roa
File:                     AS144717.roa (raw, json)
Hash identifier:          zi7axRYZAfP071G2yj6BTOPzvnVqUySVvG+AMwd/ETc=
Subject key identifier:   F0:61:B9:93:82:F6:D2:77:90:CA:9D:FB:18:46:C7:AC:7B:44:02:99
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       551822E19BC5A88209BBD15F95C0A7E29D128710
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144717.roa
Signing time:             Wed 04 Mar 2026 06:21:51 +0000
ROA not before:           Wed 04 Mar 2026 06:16:51 +0000
ROA not after:            Wed 03 Mar 2027 06:21:51 +0000
asID:                     144717
IP address blocks:        240a:a813::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            55:18:22:e1:9b:c5:a8:82:09:bb:d1:5f:95:c0:a7:e2:9d:12:87:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:16:51 2026 GMT
            Not After : Mar  3 06:21:51 2027 GMT
        Subject: CN=F061B99382F6D27790CA9DFB1846C7AC7B440299
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:30:58:c2:b1:e8:70:c9:4e:ab:2d:5b:84:50:
                    17:81:c5:63:5c:d8:ef:e0:f5:1d:21:e4:fe:17:79:
                    8f:2d:1f:5b:85:11:71:33:4f:9a:94:3d:cf:3a:1b:
                    cd:4f:e8:95:50:a0:7a:55:9a:79:bd:f4:d1:70:86:
                    a7:33:e2:12:71:d3:41:f6:dd:b8:60:eb:ee:55:f2:
                    0c:22:b9:c0:60:20:d4:a4:1d:8c:d6:c5:5f:b8:5a:
                    d4:48:41:72:02:6e:9a:f3:73:bc:46:3d:e0:1f:7a:
                    99:9b:4a:47:d5:68:9c:83:38:d3:07:97:84:9a:6a:
                    39:e8:82:28:29:8c:29:1d:31:02:74:17:be:b6:7c:
                    27:f9:37:6d:ed:2d:13:19:24:13:13:42:1f:bd:88:
                    0a:23:98:05:d4:ca:f2:7f:b2:8a:a9:ac:55:64:84:
                    44:1e:86:89:dc:3d:7a:8b:aa:81:6e:b8:a0:b7:5e:
                    66:22:73:4d:1e:25:aa:82:3c:a5:4c:2d:a7:e6:bf:
                    2d:8e:59:39:89:37:e9:71:38:a7:66:26:98:24:2d:
                    b9:2b:62:6f:2b:4a:02:d5:91:72:0b:43:0b:21:54:
                    51:af:57:70:01:98:27:bd:22:6c:f5:7c:1a:19:09:
                    a6:73:b5:36:36:a4:bb:15:07:f3:ae:bb:04:1e:65:
                    4d:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:61:B9:93:82:F6:D2:77:90:CA:9D:FB:18:46:C7:AC:7B:44:02:99
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144717.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a813::/32

    Signature Algorithm: sha256WithRSAEncryption
         c7:7e:86:97:4f:c7:42:47:7b:f1:f7:b4:23:2a:fa:8e:57:73:
         53:51:dd:f3:8c:a0:d5:2d:36:d3:58:38:1a:73:36:6b:3f:a4:
         52:14:f2:fe:09:55:28:9b:be:b4:bc:28:4d:ad:f0:6b:55:ac:
         f2:7f:81:e3:7b:99:7d:38:57:37:94:e5:cf:e3:50:88:7a:dc:
         4f:62:c1:ae:b8:48:c3:55:87:e1:7c:2a:01:ca:44:91:6e:93:
         8e:5f:c5:4a:9f:1e:a8:f2:fc:13:c6:33:6e:0e:53:85:c1:3c:
         18:86:28:c3:07:19:56:89:b3:e9:fc:c0:07:d7:3b:46:64:0e:
         f8:4e:a8:7a:ef:1a:97:76:6e:18:31:d9:78:25:a0:c7:5a:fb:
         e6:af:e9:e8:ef:28:a3:dd:73:20:5b:b3:8d:ee:2a:cd:4a:60:
         2f:7c:7d:3b:cf:94:62:0d:c5:c8:58:d8:41:eb:dc:68:66:9b:
         75:0e:16:e8:20:00:65:73:d7:01:7c:fd:90:c1:3e:1c:12:3c:
         cf:a5:30:9f:73:68:80:6c:0c:e7:ad:78:8c:9c:37:b4:54:9e:
         ba:4b:f8:ed:02:cf:aa:56:29:b1:64:0f:d9:58:52:89:61:9d:
         9c:75:dc:cf:b2:89:38:f2:2e:7b:cf:2c:68:6e:29:12:47:b0:
         58:7f:20:ee
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUVRgi4ZvFqIIJu9FflcCn4p0ShxAwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTY1MVoX
DTI3MDMwMzA2MjE1MVowMzExMC8GA1UEAxMoRjA2MUI5OTM4MkY2RDI3NzkwQ0E5
REZCMTg0NkM3QUM3QjQ0MDI5OTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK8wWMKx6HDJTqstW4RQF4HFY1zY7+D1HSHk/hd5jy0fW4URcTNPmpQ9zzob
zU/olVCgelWaeb300XCGpzPiEnHTQfbduGDr7lXyDCK5wGAg1KQdjNbFX7ha1EhB
cgJumvNzvEY94B96mZtKR9VonIM40weXhJpqOeiCKCmMKR0xAnQXvrZ8J/k3be0t
ExkkExNCH72ICiOYBdTK8n+yiqmsVWSERB6Gidw9eouqgW64oLdeZiJzTR4lqoI8
pUwtp+a/LY5ZOYk36XE4p2YmmCQtuStibytKAtWRcgtDCyFUUa9XcAGYJ70ibPV8
GhkJpnO1NjakuxUH8667BB5lTbkCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBTwYbmT
gvbSd5DKnfsYRsese0QCmTAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDcxNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
qBMwDQYJKoZIhvcNAQELBQADggEBAMd+hpdPx0JHe/H3tCMq+o5Xc1NR3fOMoNUt
NtNYOBpzNms/pFIU8v4JVSibvrS8KE2t8GtVrPJ/geN7mX04VzeU5c/jUIh63E9i
wa64SMNVh+F8KgHKRJFuk45fxUqfHqjy/BPGM24OU4XBPBiGKMMHGVaJs+n8wAfX
O0ZkDvhOqHrvGpd2bhgx2XgloMda++av6ejvKKPdcyBbs43uKs1KYC98fTvPlGIN
xchY2EHr3Ghmm3UOFuggAGVz1wF8/ZDBPhwSPM+lMJ9zaIBsDOeteIycN7RUnrpL
+O0Cz6pWKbFkD9lYUolhnZx13M+yiTjyLnvPLGhuKRJHsFh/IO4=
-----END CERTIFICATE-----