Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144718.roa
File:                     AS144718.roa (raw, json)
Hash identifier:          6menP1jaD8Vph6Keg5V/L8Y5OGKBdsrLbOQDRU0GLgo=
Subject key identifier:   9B:37:22:38:A3:01:0F:2B:AF:37:98:92:8E:07:4A:A3:6D:12:EF:59
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       021E3621AAE110DE627C05F9DFDC5DAB3946C06E
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144718.roa
Signing time:             Wed 04 Mar 2026 06:20:19 +0000
ROA not before:           Wed 04 Mar 2026 06:15:19 +0000
ROA not after:            Wed 03 Mar 2027 06:20:19 +0000
asID:                     144718
IP address blocks:        240a:a814::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:1e:36:21:aa:e1:10:de:62:7c:05:f9:df:dc:5d:ab:39:46:c0:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:15:19 2026 GMT
            Not After : Mar  3 06:20:19 2027 GMT
        Subject: CN=9B372238A3010F2BAF3798928E074AA36D12EF59
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:60:86:50:c2:66:50:e9:b6:fc:17:2c:86:90:
                    32:e6:69:3a:cd:9a:25:53:7b:b5:88:31:54:96:35:
                    26:e1:d4:65:9f:f0:26:0a:5f:a1:a2:92:3a:ab:46:
                    7d:17:f4:6f:d8:8e:84:6d:e6:41:2a:7f:6f:5c:53:
                    b6:02:f9:67:4d:b9:ea:57:42:fe:bb:c5:e2:6c:17:
                    a2:7a:6d:13:09:04:1c:0d:b3:da:dc:e6:32:6c:cf:
                    fe:4f:44:cd:04:4e:ef:7b:4f:74:70:3b:e8:f4:e9:
                    b4:cf:d1:4a:35:6a:a1:85:63:e6:ca:3c:ad:ed:65:
                    db:3c:33:73:fa:f7:d2:05:17:45:40:46:0e:00:d3:
                    d3:fb:e0:5e:da:76:71:e0:dc:c7:db:99:d3:e2:61:
                    d4:15:62:28:c3:7d:83:b1:db:08:a2:92:59:17:12:
                    67:17:4c:c2:a0:c1:f9:50:20:87:ae:72:64:c0:6a:
                    a4:76:ef:2e:68:b3:36:9c:3d:9f:22:bd:c4:40:6d:
                    4c:14:41:48:a1:8c:60:5c:cd:2b:f9:f0:3b:a1:12:
                    83:76:24:c1:68:da:5f:c1:d0:84:7d:dd:ac:f1:fb:
                    69:85:b3:26:ee:f0:a8:b4:67:cc:97:92:be:4d:90:
                    27:81:b8:28:13:ee:51:03:6c:96:ae:a0:a2:30:5f:
                    60:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:37:22:38:A3:01:0F:2B:AF:37:98:92:8E:07:4A:A3:6D:12:EF:59
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144718.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a814::/32

    Signature Algorithm: sha256WithRSAEncryption
         8f:e8:7d:43:d7:d2:5a:b9:31:61:1c:cc:a5:a3:f2:86:f8:23:
         18:a7:57:8f:c8:83:92:c9:dc:ad:dd:94:7e:cf:46:62:f1:96:
         37:66:17:7b:6f:c6:7b:c3:36:17:8e:4e:74:b9:8d:85:14:b5:
         e0:44:87:c5:91:f6:7c:d5:f7:4c:3e:43:b5:71:c7:63:cc:a6:
         48:10:21:d8:23:e9:3f:cd:15:15:ad:9a:1e:ee:49:61:22:4f:
         6f:81:64:2e:b9:17:3d:33:d6:93:d7:77:dd:ca:7d:ee:2e:2e:
         d7:21:36:04:a3:36:8f:2c:31:c2:3e:b1:d5:66:70:ff:a3:ec:
         06:91:01:b5:7d:31:14:7b:72:0b:01:22:21:db:3a:05:3e:47:
         3b:1f:e1:32:fb:a9:89:87:00:a5:eb:9b:8d:0e:db:36:93:09:
         f9:7b:5b:0a:cc:3e:bc:79:2f:9d:0e:e3:93:34:e8:7d:2d:63:
         77:8e:c5:08:ab:f9:21:b7:e4:d7:d9:cb:d4:64:38:dc:66:2d:
         2a:d9:8e:cb:2b:a7:05:98:57:db:77:2c:8e:c5:9c:7b:2b:d5:
         84:8a:7f:51:33:ab:4e:63:77:53:04:24:e3:fd:03:fe:c3:94:
         a8:39:52:1a:f6:8d:27:fb:5f:f6:4c:e8:59:87:e0:9c:77:d0:
         94:62:4d:8e
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUAh42IarhEN5ifAX539xdqzlGwG4wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTUxOVoX
DTI3MDMwMzA2MjAxOVowMzExMC8GA1UEAxMoOUIzNzIyMzhBMzAxMEYyQkFGMzc5
ODkyOEUwNzRBQTM2RDEyRUY1OTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAM9ghlDCZlDptvwXLIaQMuZpOs2aJVN7tYgxVJY1JuHUZZ/wJgpfoaKSOqtG
fRf0b9iOhG3mQSp/b1xTtgL5Z0256ldC/rvF4mwXonptEwkEHA2z2tzmMmzP/k9E
zQRO73tPdHA76PTptM/RSjVqoYVj5so8re1l2zwzc/r30gUXRUBGDgDT0/vgXtp2
ceDcx9uZ0+Jh1BViKMN9g7HbCKKSWRcSZxdMwqDB+VAgh65yZMBqpHbvLmizNpw9
nyK9xEBtTBRBSKGMYFzNK/nwO6ESg3YkwWjaX8HQhH3drPH7aYWzJu7wqLRnzJeS
vk2QJ4G4KBPuUQNslq6gojBfYMcCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBSbNyI4
owEPK683mJKOB0qjbRLvWTAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDcxOC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
qBQwDQYJKoZIhvcNAQELBQADggEBAI/ofUPX0lq5MWEczKWj8ob4IxinV4/Ig5LJ
3K3dlH7PRmLxljdmF3tvxnvDNheOTnS5jYUUteBEh8WR9nzV90w+Q7Vxx2PMpkgQ
Idgj6T/NFRWtmh7uSWEiT2+BZC65Fz0z1pPXd93Kfe4uLtchNgSjNo8sMcI+sdVm
cP+j7AaRAbV9MRR7cgsBIiHbOgU+Rzsf4TL7qYmHAKXrm40O2zaTCfl7WwrMPrx5
L50O45M06H0tY3eOxQir+SG35NfZy9RkONxmLSrZjssrpwWYV9t3LI7FnHsr1YSK
f1Ezq05jd1MEJOP9A/7DlKg5Uhr2jSf7X/ZM6FmH4Jx30JRiTY4=
-----END CERTIFICATE-----