Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144730.roa
File:                     AS144730.roa (raw, json)
Hash identifier:          cQKQ1WLihY33hZ3j6haI1axtYWEK2zI0iTkj3TP1nns=
Subject key identifier:   CD:AD:BE:18:9D:B6:50:71:3B:3D:A1:EA:4B:23:44:B2:3D:FC:A6:DA
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       27081303BA4D57FB35F59DA110DCD83A65B5CD9D
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144730.roa
Signing time:             Wed 04 Mar 2026 06:22:13 +0000
ROA not before:           Wed 04 Mar 2026 06:17:13 +0000
ROA not after:            Wed 03 Mar 2027 06:22:13 +0000
asID:                     144730
IP address blocks:        240a:a820::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            27:08:13:03:ba:4d:57:fb:35:f5:9d:a1:10:dc:d8:3a:65:b5:cd:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:17:13 2026 GMT
            Not After : Mar  3 06:22:13 2027 GMT
        Subject: CN=CDADBE189DB650713B3DA1EA4B2344B23DFCA6DA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:df:53:ac:bc:e9:af:79:7e:f8:aa:28:95:43:
                    e2:1d:aa:6a:96:f8:af:3b:1c:54:ba:49:ff:81:f3:
                    97:b1:ce:dc:2e:72:47:4f:34:2d:ee:e3:ec:c9:1e:
                    da:99:aa:fc:78:b6:cd:46:8f:3a:fe:4b:6b:fe:44:
                    9b:3c:84:b1:b4:fb:9a:32:5b:1e:5b:80:89:4b:e6:
                    2c:3a:a8:86:96:4d:6d:49:27:4b:d2:f8:fe:5d:f6:
                    d6:44:da:4c:76:47:13:a3:0d:d0:6a:f6:3c:b8:c1:
                    38:d9:36:05:e3:9b:89:e9:e2:3c:8b:c6:70:95:d1:
                    76:4c:9e:66:60:bd:a7:3f:8c:a5:78:4d:dc:bb:ad:
                    b7:0f:af:b3:9a:6f:0e:d4:11:ae:c4:c1:f7:f1:12:
                    b3:83:33:d0:d2:2e:f1:c5:9b:36:3d:4e:36:72:1d:
                    b1:f0:58:b7:a8:fe:21:2a:66:45:82:cc:dc:9f:76:
                    7f:88:97:65:2d:8f:8b:93:7a:a9:f9:3d:4f:17:34:
                    8c:31:3b:50:0d:e5:37:cc:6f:62:f4:dd:39:cf:f4:
                    79:67:6e:3e:fe:45:d4:42:dc:0b:2b:0d:a2:a4:ff:
                    ae:b8:aa:a2:61:dd:51:a8:58:53:52:2d:dd:01:a5:
                    08:d6:87:c7:c4:1b:c0:72:90:bc:91:45:08:ba:84:
                    c8:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:AD:BE:18:9D:B6:50:71:3B:3D:A1:EA:4B:23:44:B2:3D:FC:A6:DA
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144730.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a820::/32

    Signature Algorithm: sha256WithRSAEncryption
         6d:ed:6c:22:79:f4:91:b1:fe:2d:7a:cb:64:1a:a5:b5:94:57:
         b6:c4:ac:6a:3a:d9:aa:ab:e1:25:4e:04:e5:61:b9:a3:82:a9:
         d9:71:ef:52:e2:0f:0e:c4:15:30:0d:e8:0b:4f:b8:7c:b0:30:
         bf:71:d0:ed:21:82:43:cf:72:c1:ed:3f:35:b5:19:92:59:2d:
         a7:2c:0b:6a:8e:eb:7c:d8:27:69:dc:c2:99:ec:0e:f0:98:90:
         65:6f:21:3c:97:d2:c8:78:b7:50:8c:1e:19:ed:a1:24:34:6b:
         be:ec:73:9d:ed:54:c4:11:20:36:66:e8:35:ef:79:15:55:06:
         7f:16:28:11:6c:ca:31:9f:c9:3d:2f:de:53:47:8f:3e:8b:6d:
         ed:60:50:71:b3:43:0b:25:d5:3c:c4:84:f5:1a:ed:c0:c5:c4:
         8a:19:da:53:9f:ef:95:28:b2:eb:34:20:de:1b:dc:c5:2f:53:
         19:8a:de:d2:c2:3c:7d:2a:9c:d6:af:2a:10:fa:8b:85:03:f5:
         f2:d8:45:94:50:72:4a:5b:46:1d:f5:51:43:41:53:e0:96:07:
         24:d5:da:15:f7:27:49:a5:df:cc:32:91:98:d9:64:21:30:c1:
         08:32:da:a7:6d:d2:9c:d8:73:22:97:57:bb:da:7f:75:b7:53:
         75:3c:59:a0
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUJwgTA7pNV/s19Z2hENzYOmW1zZ0wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTcxM1oX
DTI3MDMwMzA2MjIxM1owMzExMC8GA1UEAxMoQ0RBREJFMTg5REI2NTA3MTNCM0RB
MUVBNEIyMzQ0QjIzREZDQTZEQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMffU6y86a95fviqKJVD4h2qapb4rzscVLpJ/4Hzl7HO3C5yR080Le7j7Mke
2pmq/Hi2zUaPOv5La/5EmzyEsbT7mjJbHluAiUvmLDqohpZNbUknS9L4/l321kTa
THZHE6MN0Gr2PLjBONk2BeObieniPIvGcJXRdkyeZmC9pz+MpXhN3Luttw+vs5pv
DtQRrsTB9/ESs4Mz0NIu8cWbNj1ONnIdsfBYt6j+ISpmRYLM3J92f4iXZS2Pi5N6
qfk9Txc0jDE7UA3lN8xvYvTdOc/0eWduPv5F1ELcCysNoqT/rriqomHdUahYU1It
3QGlCNaHx8QbwHKQvJFFCLqEyO0CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBTNrb4Y
nbZQcTs9oepLI0SyPfym2jAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDczMC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
qCAwDQYJKoZIhvcNAQELBQADggEBAG3tbCJ59JGx/i16y2QapbWUV7bErGo62aqr
4SVOBOVhuaOCqdlx71LiDw7EFTAN6AtPuHywML9x0O0hgkPPcsHtPzW1GZJZLacs
C2qO63zYJ2ncwpnsDvCYkGVvITyX0sh4t1CMHhntoSQ0a77sc53tVMQRIDZm6DXv
eRVVBn8WKBFsyjGfyT0v3lNHjz6Lbe1gUHGzQwsl1TzEhPUa7cDFxIoZ2lOf75Uo
sus0IN4b3MUvUxmK3tLCPH0qnNavKhD6i4UD9fLYRZRQckpbRh31UUNBU+CWByTV
2hX3J0ml38wykZjZZCEwwQgy2qdt0pzYcyKXV7vaf3W3U3U8WaA=
-----END CERTIFICATE-----