Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144821.roa
File:                     AS144821.roa (raw, json)
Hash identifier:          U+AiERz4OmcsbCOYsGK7PmpZazVqvJIKj+EXijEahvY=
Subject key identifier:   4D:9D:1F:F6:2F:0F:45:D5:B0:A7:00:1B:9B:0D:BF:9C:96:30:CF:16
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       73B14D82B7D39572218A690728AD56032EC7BBA1
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144821.roa
Signing time:             Wed 04 Mar 2026 06:20:04 +0000
ROA not before:           Wed 04 Mar 2026 06:15:04 +0000
ROA not after:            Wed 03 Mar 2027 06:20:04 +0000
asID:                     144821
IP address blocks:        240a:a87b::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            73:b1:4d:82:b7:d3:95:72:21:8a:69:07:28:ad:56:03:2e:c7:bb:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:15:04 2026 GMT
            Not After : Mar  3 06:20:04 2027 GMT
        Subject: CN=4D9D1FF62F0F45D5B0A7001B9B0DBF9C9630CF16
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:37:69:a4:db:31:65:64:00:75:3b:24:12:b3:
                    6e:e8:a8:18:df:3d:ff:38:8a:82:1d:d8:ef:ea:0e:
                    aa:41:b0:d7:31:49:bb:81:39:ce:71:fa:10:6f:37:
                    26:e8:1f:36:2c:28:d8:a9:f3:71:5d:37:82:c3:51:
                    8d:86:84:00:37:5b:2f:32:dc:95:30:68:a7:0f:32:
                    1a:cb:4a:c3:04:59:8b:ed:60:aa:95:c1:ab:0b:b5:
                    56:8a:53:90:b2:36:b4:83:c5:06:d2:0a:13:30:a0:
                    7f:47:ba:d3:ce:fc:72:db:d1:12:55:d3:3c:46:c3:
                    4d:0f:b9:41:b8:ee:62:29:0e:d0:6e:0b:46:10:95:
                    3b:b4:17:b7:75:48:17:16:5c:8d:a0:f1:00:eb:21:
                    87:fb:75:35:22:41:1f:8e:eb:5a:63:91:f7:8e:02:
                    cc:6a:77:cd:0c:77:25:fa:b9:99:1f:d0:74:ca:a1:
                    a4:dc:5c:30:95:e2:d4:7a:d3:5b:4c:ec:97:2c:5d:
                    5d:5b:7c:c4:37:52:88:05:70:ae:1a:22:e7:c6:bc:
                    84:b8:f7:78:72:e6:70:8f:28:0a:08:dd:96:ec:b5:
                    bb:68:a9:7a:3f:2d:16:a9:16:db:7f:6c:e9:18:69:
                    9d:e7:f7:41:d7:f7:fb:29:4f:d7:46:c8:61:d9:13:
                    e6:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:9D:1F:F6:2F:0F:45:D5:B0:A7:00:1B:9B:0D:BF:9C:96:30:CF:16
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144821.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a87b::/32

    Signature Algorithm: sha256WithRSAEncryption
         06:d3:e1:9a:d0:6b:cf:56:22:a0:af:62:f5:85:ae:e6:45:fb:
         5a:a5:d7:cc:01:b4:88:a3:16:cd:4f:48:0a:3c:57:b6:13:35:
         c5:d0:1a:2c:b7:ce:e3:3e:22:b3:c8:ab:3f:8e:e0:67:ad:dc:
         d4:7c:ec:53:b0:95:ed:53:1d:69:c6:9a:f5:1e:1d:f6:84:40:
         72:e3:58:94:eb:80:93:7e:b8:5d:f5:19:1d:64:9e:bd:45:1a:
         b5:26:4c:4d:4b:c5:58:00:f2:f6:db:1e:f5:1c:96:7b:b8:df:
         39:6c:14:0d:55:d8:03:03:59:71:9b:41:d2:ae:ad:49:e5:75:
         3d:26:b9:d8:95:d4:0e:3e:38:9f:27:0a:6b:0e:91:bb:eb:6d:
         9b:47:e6:0d:b6:09:e3:5b:39:8d:65:6d:56:a4:38:be:02:42:
         b2:3e:37:f7:d5:74:f0:70:97:b8:51:cd:cf:7e:83:84:0d:c6:
         d2:75:56:68:0a:46:3d:b4:48:d5:f9:bf:de:08:72:92:ee:c8:
         4b:78:6c:60:84:53:ea:15:66:a3:54:11:5d:b9:1f:eb:99:dd:
         ea:6a:0c:fe:19:2c:2e:2a:49:83:11:09:bd:4e:6e:86:e2:ad:
         4b:e4:66:6c:ca:64:ec:7c:97:e1:1f:a9:b8:dc:0a:c0:b8:f1:
         c3:6e:e5:24
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUc7FNgrfTlXIhimkHKK1WAy7Hu6EwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTUwNFoX
DTI3MDMwMzA2MjAwNFowMzExMC8GA1UEAxMoNEQ5RDFGRjYyRjBGNDVENUIwQTcw
MDFCOUIwREJGOUM5NjMwQ0YxNjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL83aaTbMWVkAHU7JBKzbuioGN89/ziKgh3Y7+oOqkGw1zFJu4E5znH6EG83
JugfNiwo2KnzcV03gsNRjYaEADdbLzLclTBopw8yGstKwwRZi+1gqpXBqwu1VopT
kLI2tIPFBtIKEzCgf0e60878ctvRElXTPEbDTQ+5QbjuYikO0G4LRhCVO7QXt3VI
FxZcjaDxAOshh/t1NSJBH47rWmOR944CzGp3zQx3Jfq5mR/QdMqhpNxcMJXi1HrT
W0zslyxdXVt8xDdSiAVwrhoi58a8hLj3eHLmcI8oCgjdluy1u2ipej8tFqkW239s
6Rhpnef3Qdf3+ylP10bIYdkT5hcCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBRNnR/2
Lw9F1bCnABubDb+cljDPFjAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDgyMS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
qHswDQYJKoZIhvcNAQELBQADggEBAAbT4ZrQa89WIqCvYvWFruZF+1ql18wBtIij
Fs1PSAo8V7YTNcXQGiy3zuM+IrPIqz+O4Get3NR87FOwle1THWnGmvUeHfaEQHLj
WJTrgJN+uF31GR1knr1FGrUmTE1LxVgA8vbbHvUclnu43zlsFA1V2AMDWXGbQdKu
rUnldT0mudiV1A4+OJ8nCmsOkbvrbZtH5g22CeNbOY1lbVakOL4CQrI+N/fVdPBw
l7hRzc9+g4QNxtJ1VmgKRj20SNX5v94IcpLuyEt4bGCEU+oVZqNUEV25H+uZ3epq
DP4ZLC4qSYMRCb1ObobirUvkZmzKZOx8l+EfqbjcCsC48cNu5SQ=
-----END CERTIFICATE-----