Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144763.roa
File:                     AS144763.roa (raw, json)
Hash identifier:          DQZ8au8P00G8tyayeNyVBsuu5BhFKgkwcM+XMokxdzI=
Subject key identifier:   AF:66:E0:0B:E0:8D:5B:BB:C2:B2:7B:3B:2B:DF:8D:00:C1:26:BB:CF
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       298EF84E50B537E4DE7F1B3E06067857782C90DA
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144763.roa
Signing time:             Wed 04 Mar 2026 06:22:12 +0000
ROA not before:           Wed 04 Mar 2026 06:17:12 +0000
ROA not after:            Wed 03 Mar 2027 06:22:12 +0000
asID:                     144763
IP address blocks:        240a:a841::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            29:8e:f8:4e:50:b5:37:e4:de:7f:1b:3e:06:06:78:57:78:2c:90:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:17:12 2026 GMT
            Not After : Mar  3 06:22:12 2027 GMT
        Subject: CN=AF66E00BE08D5BBBC2B27B3B2BDF8D00C126BBCF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:43:32:ce:68:9f:ef:cb:c7:ad:1e:e3:c3:05:
                    9c:2e:0d:b3:a9:c7:35:ba:7c:49:bc:71:4b:f9:c7:
                    57:90:d3:a8:b9:2a:9c:53:09:75:d8:ae:1c:4b:e8:
                    a2:96:fe:f1:00:70:bd:d7:3c:8e:a9:19:4d:da:f3:
                    98:1d:3f:bf:cf:37:70:d6:f7:9e:62:92:96:e8:2a:
                    e5:66:52:20:71:d5:11:b3:32:a5:0f:78:98:b8:e2:
                    ce:c9:a6:92:5c:57:2c:bb:eb:48:e8:57:bc:cc:1e:
                    1f:0a:a1:dc:b0:69:20:aa:02:60:6b:f4:b2:ce:f5:
                    96:91:ff:9b:3d:5e:70:42:97:07:21:d1:39:d8:fe:
                    3c:9c:fb:e6:2e:93:5f:61:1f:d8:80:1b:e0:0b:e5:
                    92:9b:e1:49:9c:3e:b6:af:e8:7b:e5:8b:74:68:84:
                    13:a3:c9:88:57:43:31:0b:a0:22:55:40:90:68:f2:
                    16:35:bb:14:b1:e7:27:1d:21:ac:fe:45:00:e8:9f:
                    17:45:59:9a:b0:d1:2b:a8:9d:51:b0:73:4d:d3:1d:
                    b7:80:3f:50:bd:4b:ef:92:25:f7:4c:e9:4b:e7:a7:
                    7f:a2:66:b8:cc:97:d6:d8:06:6f:eb:c6:76:1e:f0:
                    34:b8:9a:f5:d3:f9:9b:e8:f7:a4:e3:55:61:d1:1a:
                    ed:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:66:E0:0B:E0:8D:5B:BB:C2:B2:7B:3B:2B:DF:8D:00:C1:26:BB:CF
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144763.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a841::/32

    Signature Algorithm: sha256WithRSAEncryption
         79:36:15:08:d6:9d:1a:64:cb:ba:63:4a:91:eb:63:3c:a9:51:
         7c:e7:87:e4:88:08:eb:ac:c0:a9:cc:46:a4:13:1b:1d:7d:7d:
         37:1b:ae:f6:ed:35:1f:0c:b8:b1:ff:c0:7e:59:a5:54:2b:77:
         1f:77:29:03:7a:64:f3:a0:3c:b2:50:cc:ec:39:06:d0:9e:c3:
         0b:10:69:a8:5f:3e:bc:38:69:2a:8d:c2:07:0e:60:0f:c7:03:
         1a:84:8e:28:7a:10:31:f6:0b:18:ea:32:c0:6f:94:65:28:82:
         bf:c0:2e:71:22:cf:41:bb:a8:ce:8b:db:fa:ea:d6:46:90:c0:
         e7:82:89:4c:25:9d:f8:96:37:7c:f4:ca:c2:17:57:94:ae:39:
         94:0e:c8:9f:8b:95:65:4f:1a:10:96:ee:e7:40:e8:38:82:65:
         9c:d2:6a:09:4b:d5:3d:59:2d:82:ab:32:bd:3d:be:23:62:6f:
         7e:10:e2:40:23:73:bb:7d:72:18:8f:ea:f4:87:0c:1b:32:50:
         88:d4:db:26:97:53:37:19:a2:e6:65:e9:97:36:57:25:90:78:
         da:c5:c9:b0:78:fd:04:e6:ae:07:ff:d3:44:df:dd:bb:ec:be:
         9c:56:52:46:00:d2:eb:3e:23:6e:30:07:08:23:66:6d:c3:ca:
         65:b1:3a:a5
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUKY74TlC1N+Tefxs+BgZ4V3gskNowDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTcxMloX
DTI3MDMwMzA2MjIxMlowMzExMC8GA1UEAxMoQUY2NkUwMEJFMDhENUJCQkMyQjI3
QjNCMkJERjhEMDBDMTI2QkJDRjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKNDMs5on+/Lx60e48MFnC4Ns6nHNbp8SbxxS/nHV5DTqLkqnFMJddiuHEvo
opb+8QBwvdc8jqkZTdrzmB0/v883cNb3nmKSlugq5WZSIHHVEbMypQ94mLjizsmm
klxXLLvrSOhXvMweHwqh3LBpIKoCYGv0ss71lpH/mz1ecEKXByHROdj+PJz75i6T
X2Ef2IAb4AvlkpvhSZw+tq/oe+WLdGiEE6PJiFdDMQugIlVAkGjyFjW7FLHnJx0h
rP5FAOifF0VZmrDRK6idUbBzTdMdt4A/UL1L75Il90zpS+enf6JmuMyX1tgGb+vG
dh7wNLia9dP5m+j3pONVYdEa7VcCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBSvZuAL
4I1bu8Kyezsr340AwSa7zzAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDc2My5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
qEEwDQYJKoZIhvcNAQELBQADggEBAHk2FQjWnRpky7pjSpHrYzypUXznh+SICOus
wKnMRqQTGx19fTcbrvbtNR8MuLH/wH5ZpVQrdx93KQN6ZPOgPLJQzOw5BtCewwsQ
aahfPrw4aSqNwgcOYA/HAxqEjih6EDH2CxjqMsBvlGUogr/ALnEiz0G7qM6L2/rq
1kaQwOeCiUwlnfiWN3z0ysIXV5SuOZQOyJ+LlWVPGhCW7udA6DiCZZzSaglL1T1Z
LYKrMr09viNib34Q4kAjc7t9chiP6vSHDBsyUIjU2yaXUzcZouZl6Zc2VyWQeNrF
ybB4/QTmrgf/00Tf3bvsvpxWUkYA0us+I24wBwgjZm3DymWxOqU=
-----END CERTIFICATE-----