Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144735.roa
File:                     AS144735.roa (raw, json)
Hash identifier:          thNwsqZY6rVpHY5inan2KTjkSLLIrDoW6g5v50FZCxA=
Subject key identifier:   30:69:A9:F2:CD:49:C5:06:AB:67:14:B5:5D:85:75:7A:6F:56:47:CA
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       434347A921FCAFC45022D70701928185C752C192
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144735.roa
Signing time:             Wed 04 Mar 2026 06:20:46 +0000
ROA not before:           Wed 04 Mar 2026 06:15:46 +0000
ROA not after:            Wed 03 Mar 2027 06:20:46 +0000
asID:                     144735
IP address blocks:        240a:a825::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:43:47:a9:21:fc:af:c4:50:22:d7:07:01:92:81:85:c7:52:c1:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:15:46 2026 GMT
            Not After : Mar  3 06:20:46 2027 GMT
        Subject: CN=3069A9F2CD49C506AB6714B55D85757A6F5647CA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:76:08:e1:82:9d:95:3d:86:b2:66:b7:61:e6:
                    d5:f3:4d:00:f7:4a:b2:1a:f2:97:21:94:ce:25:b7:
                    e4:6b:27:53:0d:be:dd:64:0a:2d:a8:56:61:e5:c8:
                    65:db:69:95:f2:bf:a9:c3:a6:83:8b:5e:4a:0c:53:
                    f4:29:b3:91:86:80:94:a9:6f:b5:9a:47:db:42:c0:
                    1f:0f:ff:2e:3d:4c:aa:2f:fd:64:21:6f:54:9d:82:
                    6b:3a:95:93:e9:30:cd:68:6f:d5:3f:2c:8b:f4:ac:
                    6b:35:2c:f5:b1:01:7e:75:5d:1c:07:99:a4:f5:27:
                    be:2d:18:9b:ed:5b:f3:79:61:f9:84:57:49:db:d7:
                    16:39:af:60:e4:c3:ed:e7:a0:62:40:2b:df:b6:38:
                    fb:38:f4:9e:a2:66:7e:8d:13:0f:d1:aa:f3:2b:a6:
                    7f:e6:9a:97:16:2c:6e:47:5e:e1:04:02:a0:ca:51:
                    1c:18:a5:47:ae:e3:91:44:86:c6:13:d5:0d:aa:c4:
                    a5:3b:af:b3:c1:67:d6:75:9e:5a:c4:af:fd:35:a7:
                    ac:b0:8e:80:ac:ca:db:2b:f1:f8:19:a9:a1:c7:b7:
                    ca:d7:bc:c6:96:bd:25:36:40:5a:0b:45:89:9d:86:
                    6c:57:f9:f8:fe:46:3d:09:c5:41:f6:49:ad:3e:e7:
                    53:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:69:A9:F2:CD:49:C5:06:AB:67:14:B5:5D:85:75:7A:6F:56:47:CA
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144735.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a825::/32

    Signature Algorithm: sha256WithRSAEncryption
         a9:ef:1d:f4:65:54:60:e5:a8:7e:45:40:f1:1a:9c:4a:e9:72:
         c4:95:fd:6b:58:91:9d:73:d6:ec:f1:9b:34:25:1a:30:6e:35:
         b9:2b:e0:2f:7b:28:cf:15:aa:5c:75:51:44:76:67:98:48:39:
         47:14:16:69:e0:f7:a9:c0:c2:3f:e4:78:cd:64:75:d7:ed:9c:
         84:d9:61:1a:fb:da:80:20:16:50:63:9a:9c:22:22:51:a5:da:
         2e:ce:71:6b:1b:52:17:af:e9:a4:c1:7f:62:0c:a8:4d:02:a9:
         e9:74:c4:ca:40:7a:49:0a:bd:34:90:2b:b5:1c:ac:49:52:ab:
         42:de:f1:04:8d:05:e5:23:24:db:2e:dc:cf:e3:1e:53:f7:a7:
         a0:8e:78:97:99:af:f5:06:94:5f:b0:b1:2f:c9:2f:94:35:ab:
         b4:c1:63:86:d6:33:50:05:1b:e8:e7:cd:d4:39:aa:29:ba:f0:
         c9:71:b3:00:c2:c7:57:59:c1:bd:23:cf:bd:58:d7:13:f5:21:
         20:b0:32:72:90:b1:01:f9:9b:6f:71:26:e1:f8:3d:33:40:b2:
         ea:57:95:38:79:c4:f6:71:53:5d:74:d5:57:ac:4d:e8:e2:f4:
         e3:94:de:fa:9d:34:3c:96:cd:90:a0:f7:0c:7f:0e:4d:3a:13:
         41:e5:2f:d2
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUQ0NHqSH8r8RQItcHAZKBhcdSwZIwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTU0NloX
DTI3MDMwMzA2MjA0NlowMzExMC8GA1UEAxMoMzA2OUE5RjJDRDQ5QzUwNkFCNjcx
NEI1NUQ4NTc1N0E2RjU2NDdDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAM52COGCnZU9hrJmt2Hm1fNNAPdKshrylyGUziW35GsnUw2+3WQKLahWYeXI
ZdtplfK/qcOmg4teSgxT9CmzkYaAlKlvtZpH20LAHw//Lj1Mqi/9ZCFvVJ2CazqV
k+kwzWhv1T8si/SsazUs9bEBfnVdHAeZpPUnvi0Ym+1b83lh+YRXSdvXFjmvYOTD
7eegYkAr37Y4+zj0nqJmfo0TD9Gq8yumf+aalxYsbkde4QQCoMpRHBilR67jkUSG
xhPVDarEpTuvs8Fn1nWeWsSv/TWnrLCOgKzK2yvx+Bmpoce3yte8xpa9JTZAWgtF
iZ2GbFf5+P5GPQnFQfZJrT7nU0kCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQwaany
zUnFBqtnFLVdhXV6b1ZHyjAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDczNS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
qCUwDQYJKoZIhvcNAQELBQADggEBAKnvHfRlVGDlqH5FQPEanErpcsSV/WtYkZ1z
1uzxmzQlGjBuNbkr4C97KM8Vqlx1UUR2Z5hIOUcUFmng96nAwj/keM1kddftnITZ
YRr72oAgFlBjmpwiIlGl2i7OcWsbUhev6aTBf2IMqE0Cqel0xMpAekkKvTSQK7Uc
rElSq0Le8QSNBeUjJNsu3M/jHlP3p6COeJeZr/UGlF+wsS/JL5Q1q7TBY4bWM1AF
G+jnzdQ5qim68MlxswDCx1dZwb0jz71Y1xP1ISCwMnKQsQH5m29xJuH4PTNAsupX
lTh5xPZxU1101VesTeji9OOU3vqdNDyWzZCg9wx/Dk06E0HlL9I=
-----END CERTIFICATE-----