Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144816.roa
File:                     AS144816.roa (raw, json)
Hash identifier:          nGkNoO5c7Hgbp6rJmH+j6G7TLiFUe9tO5RH6IudGM2E=
Subject key identifier:   59:3C:D3:63:43:F0:83:83:88:27:68:86:45:F2:6D:2C:55:FB:BD:FD
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       197A7698CFCF676C276961D2E544A885D0F4D8A3
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144816.roa
Signing time:             Wed 04 Mar 2026 06:21:39 +0000
ROA not before:           Wed 04 Mar 2026 06:16:39 +0000
ROA not after:            Wed 03 Mar 2027 06:21:39 +0000
asID:                     144816
IP address blocks:        240a:a876::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            19:7a:76:98:cf:cf:67:6c:27:69:61:d2:e5:44:a8:85:d0:f4:d8:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:16:39 2026 GMT
            Not After : Mar  3 06:21:39 2027 GMT
        Subject: CN=593CD36343F083838827688645F26D2C55FBBDFD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:e7:96:22:ac:9e:7b:b6:de:b2:22:ed:28:b0:
                    1c:a0:e3:50:e5:ae:26:1c:4b:67:a4:02:8e:08:df:
                    ac:24:a4:53:96:c4:78:1a:64:2b:ae:8e:58:88:00:
                    48:96:04:be:e9:54:61:4e:c2:e8:ec:c0:49:1f:3c:
                    bc:29:ad:07:d8:dd:20:cc:b4:e6:f8:4c:d3:28:8b:
                    26:74:2f:0c:53:32:73:33:3c:01:5e:7f:41:a8:88:
                    aa:ab:c8:03:a5:90:2f:37:56:96:ad:29:d0:a6:4e:
                    dd:a4:c3:fe:69:b4:5f:8b:f4:e8:16:88:3f:1d:82:
                    54:00:63:3f:8e:a5:c8:32:9b:13:b5:82:9e:84:bc:
                    0c:6c:a0:ac:64:88:e1:57:54:46:f1:18:3a:ac:a9:
                    0e:7a:67:d3:e1:35:95:dc:f9:20:27:8d:31:59:77:
                    66:6c:ca:33:23:09:b0:f4:4f:65:5d:cd:aa:f7:9a:
                    70:23:42:e8:4b:f0:45:e2:7a:df:00:ea:1e:f8:6a:
                    22:05:33:94:86:7e:10:ae:09:ce:ce:02:3f:2f:0f:
                    64:83:79:95:8b:5c:61:34:cd:30:2f:ab:94:e1:da:
                    65:8b:92:b4:37:ba:61:d1:f2:d3:dd:55:2f:ee:b5:
                    b5:28:9a:9d:4c:f5:97:c9:96:8f:7d:c9:56:a8:d5:
                    73:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:3C:D3:63:43:F0:83:83:88:27:68:86:45:F2:6D:2C:55:FB:BD:FD
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144816.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a876::/32

    Signature Algorithm: sha256WithRSAEncryption
         a5:b1:65:ff:22:34:7f:92:e4:67:a1:79:e2:cd:f4:02:e6:41:
         05:f5:47:e8:0c:fd:e7:1f:44:e7:88:de:36:0c:e4:6c:60:1a:
         23:bd:50:0c:b6:1a:7b:4f:89:dc:b1:58:a5:99:5a:8d:8d:61:
         ee:5d:44:11:54:69:a7:72:45:05:c6:96:ed:fa:d2:80:da:a6:
         b5:27:43:fa:09:19:31:5d:58:fa:58:0b:01:4e:45:19:2d:78:
         2c:74:e4:c7:3e:2c:a1:1c:4b:93:8b:ae:df:92:65:dd:f8:1a:
         d0:e4:bc:30:fd:a5:a9:d0:4f:dc:91:5f:13:5d:2f:c9:52:cf:
         d3:3d:42:ab:2a:5a:9c:b5:2c:b4:65:cc:28:b1:21:41:a4:4c:
         d4:75:0c:8a:98:e2:7a:25:b8:7d:0d:f1:d3:cc:d8:e0:3e:12:
         66:17:06:6b:7d:8f:4a:8b:47:fc:9f:05:9f:0e:df:2f:75:90:
         4e:17:db:02:5f:0e:61:20:8b:b4:65:d5:b3:91:53:df:13:52:
         69:d9:cd:54:95:cf:31:ee:0e:48:1d:14:af:d1:ab:91:a3:de:
         8a:56:bf:8e:94:e4:8f:5e:c9:c6:af:4c:0f:80:45:ed:06:55:
         41:55:69:3c:de:96:dc:d5:66:7d:71:0f:18:af:44:92:ec:72:
         4a:59:40:57
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUGXp2mM/PZ2wnaWHS5USohdD02KMwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTYzOVoX
DTI3MDMwMzA2MjEzOVowMzExMC8GA1UEAxMoNTkzQ0QzNjM0M0YwODM4Mzg4Mjc2
ODg2NDVGMjZEMkM1NUZCQkRGRDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJ/nliKsnnu23rIi7SiwHKDjUOWuJhxLZ6QCjgjfrCSkU5bEeBpkK66OWIgA
SJYEvulUYU7C6OzASR88vCmtB9jdIMy05vhM0yiLJnQvDFMyczM8AV5/QaiIqqvI
A6WQLzdWlq0p0KZO3aTD/mm0X4v06BaIPx2CVABjP46lyDKbE7WCnoS8DGygrGSI
4VdURvEYOqypDnpn0+E1ldz5ICeNMVl3ZmzKMyMJsPRPZV3NqveacCNC6EvwReJ6
3wDqHvhqIgUzlIZ+EK4Jzs4CPy8PZIN5lYtcYTTNMC+rlOHaZYuStDe6YdHy091V
L+61tSianUz1l8mWj33JVqjVcwkCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBRZPNNj
Q/CDg4gnaIZF8m0sVfu9/TAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDgxNi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
qHYwDQYJKoZIhvcNAQELBQADggEBAKWxZf8iNH+S5GeheeLN9ALmQQX1R+gM/ecf
ROeI3jYM5GxgGiO9UAy2GntPidyxWKWZWo2NYe5dRBFUaadyRQXGlu360oDaprUn
Q/oJGTFdWPpYCwFORRkteCx05Mc+LKEcS5OLrt+SZd34GtDkvDD9panQT9yRXxNd
L8lSz9M9QqsqWpy1LLRlzCixIUGkTNR1DIqY4noluH0N8dPM2OA+EmYXBmt9j0qL
R/yfBZ8O3y91kE4X2wJfDmEgi7Rl1bORU98TUmnZzVSVzzHuDkgdFK/Rq5Gj3opW
v46U5I9eycavTA+ARe0GVUFVaTzeltzVZn1xDxivRJLsckpZQFc=
-----END CERTIFICATE-----