Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144751.roa
File:                     AS144751.roa (raw, json)
Hash identifier:          zoUkqobE/qtiljVkjsHwXuqf7FMWNR6e/OgAs5Q6zqc=
Subject key identifier:   6B:EB:F6:36:5B:FA:A7:68:56:0D:98:C2:34:37:0A:49:57:72:AD:58
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       3C4178C39A29C3183DAF05B2706B61EF517A84E8
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144751.roa
Signing time:             Wed 04 Mar 2026 06:22:35 +0000
ROA not before:           Wed 04 Mar 2026 06:17:35 +0000
ROA not after:            Wed 03 Mar 2027 06:22:35 +0000
asID:                     144751
IP address blocks:        240a:a835::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:41:78:c3:9a:29:c3:18:3d:af:05:b2:70:6b:61:ef:51:7a:84:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:17:35 2026 GMT
            Not After : Mar  3 06:22:35 2027 GMT
        Subject: CN=6BEBF6365BFAA768560D98C234370A495772AD58
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:c0:90:8c:74:95:d9:3c:c5:83:fc:70:72:90:
                    39:b4:cf:fe:70:7b:b6:b7:80:21:19:0e:ec:28:b6:
                    d3:51:cb:17:16:68:8b:57:d7:a7:16:a5:d0:86:35:
                    f8:42:5a:9d:c2:1e:1e:ae:14:8c:cc:eb:70:88:ed:
                    59:9e:13:23:8a:1f:55:47:5f:57:6e:08:33:d5:89:
                    43:07:55:9c:ff:4f:3c:e7:b5:26:8e:1c:c4:f5:ee:
                    3d:ba:5b:f8:d5:02:98:e6:d7:b7:87:0f:b4:55:2e:
                    e5:dc:d0:00:17:a1:88:69:d2:67:8d:0e:06:1d:0f:
                    1b:04:3f:77:7a:21:74:24:fc:f1:57:db:1b:95:09:
                    74:7b:cf:2a:b5:bf:94:e6:fc:8b:4e:7e:0f:17:e7:
                    fc:0b:82:9c:4c:6d:de:84:8c:f9:75:85:f3:51:4c:
                    2d:8a:5c:64:7f:ea:9b:c5:76:26:b5:a4:9a:45:68:
                    2d:86:18:4b:86:ad:79:51:45:4d:3a:61:2b:b2:80:
                    97:3b:60:5a:bc:66:47:ae:e6:9e:0b:20:b3:d2:19:
                    27:d3:7c:b0:3a:66:b1:b7:70:ae:ef:16:91:80:53:
                    fe:41:ff:4d:8f:89:6c:af:b1:e2:3e:cc:db:3d:97:
                    f6:72:e6:d6:06:0d:5a:dd:95:b2:ca:dd:42:a5:da:
                    b0:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:EB:F6:36:5B:FA:A7:68:56:0D:98:C2:34:37:0A:49:57:72:AD:58
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144751.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a835::/32

    Signature Algorithm: sha256WithRSAEncryption
         40:a2:85:45:72:e3:a3:5a:af:75:06:09:07:4c:f8:d9:46:07:
         71:07:4e:56:df:58:01:25:0c:54:35:cf:e8:e3:64:e5:32:bf:
         68:15:b5:09:bd:7f:fb:f3:f9:fa:da:2d:cb:df:2c:54:1a:53:
         d8:2c:98:18:96:8f:8e:67:27:84:38:f3:91:3d:08:21:53:98:
         18:67:b2:a6:92:34:68:ed:b7:16:54:ad:de:eb:b3:7d:ba:7d:
         6a:33:00:59:fe:45:da:2c:14:7d:6e:0e:be:05:33:73:c1:60:
         c0:0c:f6:6b:e8:35:0f:53:d5:96:03:dd:ce:2b:26:97:dc:b3:
         00:5a:2b:0a:6c:61:c8:9d:f5:85:63:92:77:8b:75:f5:fa:59:
         e2:ff:18:18:e0:ed:e5:09:e2:03:6e:11:9e:77:3d:04:75:a3:
         8b:8a:0f:be:4c:2c:ce:e2:71:ca:c6:fb:64:37:73:f7:77:2f:
         4f:3c:9f:dd:e4:82:13:7d:00:11:fb:83:aa:9c:40:66:22:cc:
         b3:19:67:69:8d:81:ff:82:27:72:ed:0d:ba:6e:0c:e8:a4:c7:
         72:8c:49:a2:c3:4d:f4:ae:ea:cd:70:25:88:02:73:8b:e5:80:
         28:47:5e:b8:b1:bd:66:18:c5:6c:02:d4:66:76:2c:53:3b:71:
         07:28:eb:5e
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUPEF4w5opwxg9rwWycGth71F6hOgwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTczNVoX
DTI3MDMwMzA2MjIzNVowMzExMC8GA1UEAxMoNkJFQkY2MzY1QkZBQTc2ODU2MEQ5
OEMyMzQzNzBBNDk1NzcyQUQ1ODCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALnAkIx0ldk8xYP8cHKQObTP/nB7treAIRkO7Ci201HLFxZoi1fXpxal0IY1
+EJancIeHq4UjMzrcIjtWZ4TI4ofVUdfV24IM9WJQwdVnP9PPOe1Jo4cxPXuPbpb
+NUCmObXt4cPtFUu5dzQABehiGnSZ40OBh0PGwQ/d3ohdCT88VfbG5UJdHvPKrW/
lOb8i05+Dxfn/AuCnExt3oSM+XWF81FMLYpcZH/qm8V2JrWkmkVoLYYYS4ateVFF
TTphK7KAlztgWrxmR67mngsgs9IZJ9N8sDpmsbdwru8WkYBT/kH/TY+JbK+x4j7M
2z2X9nLm1gYNWt2VssrdQqXasN0CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBRr6/Y2
W/qnaFYNmMI0NwpJV3KtWDAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDc1MS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
qDUwDQYJKoZIhvcNAQELBQADggEBAECihUVy46Nar3UGCQdM+NlGB3EHTlbfWAEl
DFQ1z+jjZOUyv2gVtQm9f/vz+fraLcvfLFQaU9gsmBiWj45nJ4Q485E9CCFTmBhn
sqaSNGjttxZUrd7rs326fWozAFn+RdosFH1uDr4FM3PBYMAM9mvoNQ9T1ZYD3c4r
JpfcswBaKwpsYcid9YVjkneLdfX6WeL/GBjg7eUJ4gNuEZ53PQR1o4uKD75MLM7i
ccrG+2Q3c/d3L088n93kghN9ABH7g6qcQGYizLMZZ2mNgf+CJ3LtDbpuDOikx3KM
SaLDTfSu6s1wJYgCc4vlgChHXrixvWYYxWwC1GZ2LFM7cQco614=
-----END CERTIFICATE-----