Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144745.roa
File:                     AS144745.roa (raw, json)
Hash identifier:          e47vFNJjeLA2X5DoJXfgl0tnz8st0UDo/CsJZLJAaY8=
Subject key identifier:   0D:66:66:11:21:6C:A1:6E:D2:C8:D0:40:B2:DB:FF:65:77:A3:3F:6C
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       53AB2E3131409F6ECD5E433B6005A5E6EA6BCF0A
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144745.roa
Signing time:             Wed 04 Mar 2026 06:20:20 +0000
ROA not before:           Wed 04 Mar 2026 06:15:20 +0000
ROA not after:            Wed 03 Mar 2027 06:20:20 +0000
asID:                     144745
IP address blocks:        240a:a82f::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:ab:2e:31:31:40:9f:6e:cd:5e:43:3b:60:05:a5:e6:ea:6b:cf:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:15:20 2026 GMT
            Not After : Mar  3 06:20:20 2027 GMT
        Subject: CN=0D666611216CA16ED2C8D040B2DBFF6577A33F6C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:94:87:8f:b4:1e:20:ab:ec:79:50:a5:83:c6:
                    1e:bc:ff:38:a9:a0:06:d6:65:4f:df:69:d2:a1:76:
                    5c:9f:ab:5d:80:a4:5c:e6:86:50:2c:c0:c1:1b:a9:
                    c5:57:af:8c:3d:1f:1a:98:85:5d:96:1b:97:44:43:
                    55:99:d0:fb:10:78:e9:1f:e6:52:99:b1:b0:c1:23:
                    8b:90:8a:10:9f:eb:97:2b:be:23:ef:6b:9a:5e:ae:
                    44:58:eb:dc:23:d5:6b:36:eb:cd:bf:4e:a6:0d:f8:
                    d0:80:67:d9:fb:24:77:9f:6f:6e:57:76:8b:97:71:
                    35:85:60:dc:d4:35:12:0b:ed:77:05:9c:a1:69:96:
                    4f:04:80:96:2b:3b:ad:40:6a:11:f8:1b:27:eb:d5:
                    04:a9:80:91:d4:79:44:27:39:a1:9c:82:bc:a5:67:
                    da:6f:ce:5d:cc:96:30:d5:cd:a2:56:92:02:55:5e:
                    f2:65:d5:fa:6d:3d:69:a6:99:4b:dc:90:6f:6c:f0:
                    d4:3f:57:6a:85:43:29:d1:a5:23:0b:c9:92:14:84:
                    1f:94:67:4a:1c:8a:20:2b:3f:c4:15:bd:1b:d7:24:
                    61:18:31:c3:c1:f2:66:73:ca:b7:11:a3:16:66:4e:
                    44:bb:02:66:df:d3:99:d9:05:40:fe:ce:99:a2:f7:
                    4f:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:66:66:11:21:6C:A1:6E:D2:C8:D0:40:B2:DB:FF:65:77:A3:3F:6C
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144745.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a82f::/32

    Signature Algorithm: sha256WithRSAEncryption
         7a:03:e9:3f:ae:e5:36:d5:59:8f:6a:01:c1:07:e6:3d:c0:97:
         9c:66:ad:d0:7f:cc:75:90:01:82:0d:0c:26:92:51:15:e4:ee:
         c6:73:03:08:ba:2d:19:2a:41:fa:0b:1b:84:ef:32:21:e8:e4:
         9f:6c:05:b2:73:69:93:73:6c:85:67:00:57:73:40:e5:b9:1c:
         9f:82:a7:02:bb:9d:8b:38:09:32:d3:ff:63:55:11:b2:18:0e:
         46:75:11:bb:3f:3e:0e:3f:fd:5b:9f:04:7e:ae:f3:d5:7d:61:
         00:43:dc:dd:c0:29:b5:39:e6:43:72:58:77:4c:9c:8b:cb:a4:
         6e:75:ba:ce:19:5e:a5:d3:8b:28:9c:0f:7f:73:a2:67:21:f0:
         6e:d8:84:01:a8:de:7e:ec:9e:6c:70:97:e5:70:6d:0a:05:87:
         ab:d5:49:4a:45:f5:fc:0c:26:37:e6:bd:f3:09:01:42:ed:39:
         92:29:e8:1d:75:e1:dc:8d:b7:5f:f5:00:17:98:69:b8:69:4f:
         40:82:90:ad:f0:6a:65:3f:de:9f:56:c9:5e:6e:71:88:58:2e:
         43:59:18:69:30:d2:f8:f0:c8:e3:de:57:f7:bb:00:ca:2a:80:
         21:68:5b:5b:fe:9e:75:0a:86:cf:3a:e9:34:14:7f:62:ef:21:
         11:cd:79:7d
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUU6suMTFAn27NXkM7YAWl5uprzwowDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTUyMFoX
DTI3MDMwMzA2MjAyMFowMzExMC8GA1UEAxMoMEQ2NjY2MTEyMTZDQTE2RUQyQzhE
MDQwQjJEQkZGNjU3N0EzM0Y2QzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAIWUh4+0HiCr7HlQpYPGHrz/OKmgBtZlT99p0qF2XJ+rXYCkXOaGUCzAwRup
xVevjD0fGpiFXZYbl0RDVZnQ+xB46R/mUpmxsMEji5CKEJ/rlyu+I+9rml6uRFjr
3CPVazbrzb9Opg340IBn2fskd59vbld2i5dxNYVg3NQ1EgvtdwWcoWmWTwSAlis7
rUBqEfgbJ+vVBKmAkdR5RCc5oZyCvKVn2m/OXcyWMNXNolaSAlVe8mXV+m09aaaZ
S9yQb2zw1D9XaoVDKdGlIwvJkhSEH5RnShyKICs/xBW9G9ckYRgxw8HyZnPKtxGj
FmZORLsCZt/TmdkFQP7OmaL3T8kCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQNZmYR
IWyhbtLI0ECy2/9ld6M/bDAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDc0NS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
qC8wDQYJKoZIhvcNAQELBQADggEBAHoD6T+u5TbVWY9qAcEH5j3Al5xmrdB/zHWQ
AYINDCaSURXk7sZzAwi6LRkqQfoLG4TvMiHo5J9sBbJzaZNzbIVnAFdzQOW5HJ+C
pwK7nYs4CTLT/2NVEbIYDkZ1Ebs/Pg4//VufBH6u89V9YQBD3N3AKbU55kNyWHdM
nIvLpG51us4ZXqXTiyicD39zomch8G7YhAGo3n7snmxwl+VwbQoFh6vVSUpF9fwM
JjfmvfMJAULtOZIp6B114dyNt1/1ABeYabhpT0CCkK3wamU/3p9WyV5ucYhYLkNZ
GGkw0vjwyOPeV/e7AMoqgCFoW1v+nnUKhs866TQUf2LvIRHNeX0=
-----END CERTIFICATE-----