Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144818.roa
File:                     AS144818.roa (raw, json)
Hash identifier:          yEZEXE+ti/zwCeCb9X/+OQitYivTnUF+R8VXO3Lf2i0=
Subject key identifier:   19:F0:D7:13:FE:2D:90:C3:0E:E1:1C:ED:76:C5:66:F9:DD:AF:7A:0C
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       56D9582AC49197D4286B2095F956CF4186FDCF0A
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144818.roa
Signing time:             Wed 04 Mar 2026 06:20:40 +0000
ROA not before:           Wed 04 Mar 2026 06:15:40 +0000
ROA not after:            Wed 03 Mar 2027 06:20:40 +0000
asID:                     144818
IP address blocks:        240a:a878::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            56:d9:58:2a:c4:91:97:d4:28:6b:20:95:f9:56:cf:41:86:fd:cf:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:15:40 2026 GMT
            Not After : Mar  3 06:20:40 2027 GMT
        Subject: CN=19F0D713FE2D90C30EE11CED76C566F9DDAF7A0C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:f0:e6:6c:68:e7:68:13:5a:77:cc:e8:8a:63:
                    9d:95:d3:a3:61:40:5a:72:48:84:3f:f8:3c:46:d5:
                    a2:05:1a:71:07:37:6d:6c:f1:6e:9a:fe:e9:6b:d3:
                    04:36:d0:d8:ae:57:ed:07:7a:65:94:e2:a3:32:1a:
                    3b:04:4c:db:0e:97:0d:b3:20:66:45:a0:33:a4:98:
                    1a:86:dc:da:71:61:2f:ba:f4:0a:b5:d1:fb:11:7b:
                    f2:da:29:60:b0:96:5e:47:ec:26:03:c4:37:92:61:
                    d9:e9:79:f4:0f:2c:49:e4:91:28:d4:9e:20:87:4d:
                    3e:07:fa:b3:6e:49:00:5b:10:f7:71:29:e0:fa:8c:
                    20:43:a3:88:1c:1f:d1:bf:51:e9:03:0f:99:dd:4d:
                    ee:07:35:a3:f0:5f:6a:fa:91:8c:c4:79:19:aa:08:
                    ab:b7:35:ce:48:d0:0e:f7:76:77:36:53:9b:66:d1:
                    72:fb:30:bd:f6:8a:85:9a:0d:32:4d:c6:e3:58:60:
                    6d:77:04:bd:11:d2:6e:b8:f7:b4:b7:d1:84:28:cd:
                    4e:d8:42:0f:e5:ff:27:2a:df:f0:70:50:0c:89:d2:
                    1b:df:e4:b8:38:fc:91:88:b9:29:7a:3f:05:fa:7a:
                    ef:04:ad:06:12:4e:ee:f4:91:da:ab:7c:b4:95:d0:
                    ba:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:F0:D7:13:FE:2D:90:C3:0E:E1:1C:ED:76:C5:66:F9:DD:AF:7A:0C
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144818.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a878::/32

    Signature Algorithm: sha256WithRSAEncryption
         c6:2a:9d:fc:ca:9d:23:2b:a1:73:14:4b:58:89:71:af:a1:35:
         cf:dd:bd:36:ff:25:4a:48:62:50:83:96:81:5a:ae:49:c9:0a:
         d7:4b:01:04:61:80:64:72:58:47:a2:66:20:f9:83:70:d9:bd:
         0a:d3:2f:2a:da:89:7c:45:25:75:7d:81:10:02:39:22:cb:4a:
         c2:3a:a7:05:f3:83:bb:c9:a4:1e:78:35:d9:47:94:e8:96:27:
         39:b3:9c:6d:4c:a0:8f:85:da:f4:1c:cc:1e:fa:14:e7:2e:cd:
         8c:5e:b0:84:b7:5d:48:47:b8:1f:c4:1b:22:75:de:9f:13:3d:
         eb:1b:bc:3f:30:1a:9f:bc:d8:b6:a4:3a:55:b3:88:ab:b3:1d:
         31:1d:80:2a:5e:80:ad:db:d2:07:d6:3c:2d:47:5d:bf:86:9b:
         61:05:a9:50:a4:4c:7e:cd:82:d5:11:bf:ae:61:f1:c0:fe:52:
         e4:4b:34:d6:69:9c:20:40:87:a7:aa:d2:4b:79:b6:de:c7:02:
         a8:97:6b:11:ab:ad:59:4a:a3:41:55:8d:94:bb:7d:47:70:82:
         de:d0:c2:4b:63:8a:8f:d3:b2:94:8f:a0:a9:d2:7e:d9:8a:c3:
         48:8a:2f:0e:d0:7a:61:60:e1:9e:98:ed:41:76:c0:de:aa:c9:
         b1:8c:d1:cb
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUVtlYKsSRl9QoayCV+VbPQYb9zwowDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTU0MFoX
DTI3MDMwMzA2MjA0MFowMzExMC8GA1UEAxMoMTlGMEQ3MTNGRTJEOTBDMzBFRTEx
Q0VENzZDNTY2RjlEREFGN0EwQzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKbw5mxo52gTWnfM6IpjnZXTo2FAWnJIhD/4PEbVogUacQc3bWzxbpr+6WvT
BDbQ2K5X7Qd6ZZTiozIaOwRM2w6XDbMgZkWgM6SYGobc2nFhL7r0CrXR+xF78top
YLCWXkfsJgPEN5Jh2el59A8sSeSRKNSeIIdNPgf6s25JAFsQ93Ep4PqMIEOjiBwf
0b9R6QMPmd1N7gc1o/BfavqRjMR5GaoIq7c1zkjQDvd2dzZTm2bRcvswvfaKhZoN
Mk3G41hgbXcEvRHSbrj3tLfRhCjNTthCD+X/Jyrf8HBQDInSG9/kuDj8kYi5KXo/
Bfp67wStBhJO7vSR2qt8tJXQuicCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQZ8NcT
/i2Qww7hHO12xWb53a96DDAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDgxOC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
qHgwDQYJKoZIhvcNAQELBQADggEBAMYqnfzKnSMroXMUS1iJca+hNc/dvTb/JUpI
YlCDloFarknJCtdLAQRhgGRyWEeiZiD5g3DZvQrTLyraiXxFJXV9gRACOSLLSsI6
pwXzg7vJpB54NdlHlOiWJzmznG1MoI+F2vQczB76FOcuzYxesIS3XUhHuB/EGyJ1
3p8TPesbvD8wGp+82LakOlWziKuzHTEdgCpegK3b0gfWPC1HXb+Gm2EFqVCkTH7N
gtURv65h8cD+UuRLNNZpnCBAh6eq0kt5tt7HAqiXaxGrrVlKo0FVjZS7fUdwgt7Q
wktjio/TspSPoKnSftmKw0iKLw7QemFg4Z6Y7UF2wN6qybGM0cs=
-----END CERTIFICATE-----