Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144728.roa
File:                     AS144728.roa (raw, json)
Hash identifier:          ywR4Lt404j2e2ypx+T3JPjDx1b3pKr5Fry/YgRMpYsA=
Subject key identifier:   70:F2:74:78:59:DA:D3:AD:CE:7D:AD:71:2B:A7:1B:93:EF:FE:34:40
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       297A0875B080622A35AC8820823022E253B76A62
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144728.roa
Signing time:             Wed 04 Mar 2026 06:21:17 +0000
ROA not before:           Wed 04 Mar 2026 06:16:17 +0000
ROA not after:            Wed 03 Mar 2027 06:21:17 +0000
asID:                     144728
IP address blocks:        240a:a81e::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            29:7a:08:75:b0:80:62:2a:35:ac:88:20:82:30:22:e2:53:b7:6a:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:16:17 2026 GMT
            Not After : Mar  3 06:21:17 2027 GMT
        Subject: CN=70F2747859DAD3ADCE7DAD712BA71B93EFFE3440
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:ca:1c:1f:d8:67:24:6d:86:06:b7:86:0a:7b:
                    4d:5d:d4:8a:5c:a5:a2:77:9f:66:61:7c:4a:01:4d:
                    db:6f:da:76:52:4b:14:bb:ec:38:a4:9e:fa:7b:99:
                    c1:1b:ea:a5:80:fb:59:61:56:28:70:ec:d5:98:69:
                    12:34:1a:89:03:f9:81:7e:8d:00:46:7c:a5:a3:d9:
                    cb:0d:3d:0a:9a:08:65:34:d9:bd:6c:8f:f5:56:98:
                    51:c7:37:2e:60:8a:59:4f:c3:0f:c3:13:91:54:a6:
                    ea:05:cd:05:a1:d0:3e:a3:83:72:66:f5:aa:e4:e4:
                    4a:9b:de:12:e1:33:1c:4d:2a:ba:b0:5a:1f:c9:15:
                    a0:7d:0b:14:d7:46:81:c4:dc:89:2b:61:97:9d:c5:
                    54:a2:5b:c1:b3:69:a1:14:8d:ff:aa:90:79:9d:0d:
                    98:49:c2:ba:80:a7:24:23:90:0d:6b:fd:42:80:fe:
                    5f:43:23:42:3f:a9:38:25:3b:0d:93:82:e6:f0:22:
                    0d:95:5f:11:18:8f:ae:fb:24:c2:4c:3b:bf:d7:b2:
                    b7:89:8a:06:77:28:f1:97:7a:1d:21:63:2c:62:cb:
                    2f:5f:2f:f6:48:2f:3e:f9:77:24:61:ce:c0:cf:8e:
                    d7:61:20:f2:95:8c:87:6b:7b:7d:9c:fa:cc:4a:9a:
                    f6:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:F2:74:78:59:DA:D3:AD:CE:7D:AD:71:2B:A7:1B:93:EF:FE:34:40
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144728.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a81e::/32

    Signature Algorithm: sha256WithRSAEncryption
         11:b5:1b:d0:f0:58:6f:1a:97:c1:31:b1:f8:33:d0:9d:5a:5e:
         7f:89:53:6e:8f:95:34:16:cc:c9:b2:75:2d:65:fb:b1:25:97:
         33:60:3f:8a:4c:08:1e:a9:45:b2:c9:52:9c:28:74:23:ed:89:
         15:64:c1:da:0f:72:db:51:2d:24:e3:ed:53:13:31:e7:42:f3:
         40:da:79:6b:a3:9e:37:90:45:ca:4a:7d:f4:38:4c:fb:64:2b:
         8d:7e:f7:fd:27:c0:44:81:d1:03:c7:b8:fc:92:d8:d1:79:cc:
         74:3c:60:74:8a:e9:69:99:39:6d:80:4e:f9:bc:f5:f2:19:24:
         9a:0c:cb:8e:ca:6b:12:44:64:77:26:d4:3c:1d:9a:a5:d6:ea:
         25:1c:d7:81:dc:44:52:e2:19:cd:45:00:55:a2:38:df:d6:29:
         f6:61:b8:ea:04:3b:17:66:f3:06:ea:ec:3b:22:44:47:13:3e:
         f6:b5:3f:b3:d1:f3:07:0c:cf:ed:f3:ca:53:42:f3:49:bf:8e:
         9e:b8:52:dc:11:26:86:33:e8:ce:5d:8b:68:df:67:65:42:7f:
         c1:ac:5f:ce:a2:ce:e7:dc:73:16:48:a7:26:04:bf:12:9a:c0:
         8c:da:ed:90:8e:cf:fc:dc:e6:36:bf:f3:d2:da:38:c3:52:d4:
         41:9c:a4:41
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUKXoIdbCAYio1rIgggjAi4lO3amIwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTYxN1oX
DTI3MDMwMzA2MjExN1owMzExMC8GA1UEAxMoNzBGMjc0Nzg1OURBRDNBRENFN0RB
RDcxMkJBNzFCOTNFRkZFMzQ0MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKTKHB/YZyRthga3hgp7TV3UilylonefZmF8SgFN22/adlJLFLvsOKSe+nuZ
wRvqpYD7WWFWKHDs1ZhpEjQaiQP5gX6NAEZ8paPZyw09CpoIZTTZvWyP9VaYUcc3
LmCKWU/DD8MTkVSm6gXNBaHQPqODcmb1quTkSpveEuEzHE0qurBaH8kVoH0LFNdG
gcTciSthl53FVKJbwbNpoRSN/6qQeZ0NmEnCuoCnJCOQDWv9QoD+X0MjQj+pOCU7
DZOC5vAiDZVfERiPrvskwkw7v9eyt4mKBnco8Zd6HSFjLGLLL18v9kgvPvl3JGHO
wM+O12Eg8pWMh2t7fZz6zEqa9p8CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBRw8nR4
WdrTrc59rXErpxuT7/40QDAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDcyOC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
qB4wDQYJKoZIhvcNAQELBQADggEBABG1G9DwWG8al8Exsfgz0J1aXn+JU26PlTQW
zMmydS1l+7EllzNgP4pMCB6pRbLJUpwodCPtiRVkwdoPcttRLSTj7VMTMedC80Da
eWujnjeQRcpKffQ4TPtkK41+9/0nwESB0QPHuPyS2NF5zHQ8YHSK6WmZOW2ATvm8
9fIZJJoMy47KaxJEZHcm1DwdmqXW6iUc14HcRFLiGc1FAFWiON/WKfZhuOoEOxdm
8wbq7DsiREcTPva1P7PR8wcMz+3zylNC80m/jp64UtwRJoYz6M5di2jfZ2VCf8Gs
X86izufccxZIpyYEvxKawIza7ZCOz/zc5ja/89LaOMNS1EGcpEE=
-----END CERTIFICATE-----