Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144824.roa
File:                     AS144824.roa (raw, json)
Hash identifier:          iA8GWnLbagl0Q3PwhxGv5Tuyx5ClCSws/gOsEwI944k=
Subject key identifier:   A8:63:83:AB:6E:78:23:E5:B2:EB:87:8C:BC:FA:88:0C:C8:83:A6:A0
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       26AFCFBBC1D962579D0C48FC4CE8B3DD29B8FCF1
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144824.roa
Signing time:             Wed 04 Mar 2026 06:22:26 +0000
ROA not before:           Wed 04 Mar 2026 06:17:26 +0000
ROA not after:            Wed 03 Mar 2027 06:22:26 +0000
asID:                     144824
IP address blocks:        240a:a87e::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            26:af:cf:bb:c1:d9:62:57:9d:0c:48:fc:4c:e8:b3:dd:29:b8:fc:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:17:26 2026 GMT
            Not After : Mar  3 06:22:26 2027 GMT
        Subject: CN=A86383AB6E7823E5B2EB878CBCFA880CC883A6A0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:b6:a4:ef:c1:07:12:bf:65:e1:3c:a4:27:3c:
                    f7:ce:21:25:1e:35:29:fd:73:29:0f:f5:27:75:09:
                    29:65:c6:3f:a7:2e:e3:57:f6:6f:ee:db:cd:a3:9d:
                    d9:b4:b7:c0:02:ac:e3:f4:18:f5:29:b8:6c:45:80:
                    51:1c:7a:4c:e9:a3:7c:08:94:36:eb:27:ea:69:a8:
                    a9:72:6f:2c:98:b1:e4:35:9f:21:12:bb:f0:9c:67:
                    bd:41:44:02:7a:f6:fa:21:3e:3d:0e:3d:be:6f:2d:
                    a4:6b:2b:e3:57:47:26:e6:aa:7f:69:a7:de:93:55:
                    7f:c3:ca:cf:c0:9f:65:a0:92:e7:c2:00:91:36:f9:
                    52:b0:3a:43:ab:80:15:27:f2:94:50:6a:78:28:c6:
                    4c:6c:c4:e1:bf:6e:5d:7d:5e:28:b7:e8:b6:a6:6a:
                    06:f1:71:74:73:44:8f:c6:86:9a:4d:8b:20:64:85:
                    ab:d9:6b:9c:cf:6f:12:10:09:c0:60:79:03:c1:61:
                    ff:86:8c:f6:2c:cc:42:73:a8:37:b2:8a:2d:65:be:
                    46:57:2b:c6:42:15:43:e5:29:38:57:91:a5:9c:5f:
                    b8:3a:43:37:bb:92:42:a9:15:29:5f:7b:6e:f7:98:
                    7b:bd:c1:d3:f9:ac:2f:f0:7b:31:31:c2:21:3a:d5:
                    c9:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:63:83:AB:6E:78:23:E5:B2:EB:87:8C:BC:FA:88:0C:C8:83:A6:A0
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144824.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a87e::/32

    Signature Algorithm: sha256WithRSAEncryption
         3d:58:c4:0e:ed:6e:30:04:bb:13:19:cd:43:b6:a0:67:33:d8:
         50:ba:71:b0:73:89:3b:c4:32:66:f0:13:2c:99:d4:77:e7:d6:
         11:d4:53:7b:10:93:15:f7:24:05:a5:2a:0b:63:37:4b:f6:c1:
         4b:42:65:5f:cc:ef:5d:5a:b0:65:27:56:8d:e7:a7:f4:4d:97:
         ff:be:c6:d5:c2:ca:cb:bb:3a:ed:b6:a6:9a:f5:8f:3c:67:5b:
         3b:d5:54:65:98:32:a0:16:17:25:34:c9:8e:6c:76:a6:db:4a:
         7c:01:87:f4:ba:32:71:86:65:fb:27:bd:c2:59:14:d1:19:8e:
         42:cb:01:15:fd:94:ce:94:90:bb:a9:9e:96:ba:18:f9:07:d3:
         19:82:17:69:ea:68:e5:6c:51:0a:1b:dc:ee:c7:30:02:e1:d1:
         47:5c:a1:56:41:db:3f:c0:ac:b4:5d:5b:dc:03:f3:24:75:ed:
         7f:a2:84:3d:cb:1d:14:b8:f1:c7:77:87:9b:38:35:c6:8d:8f:
         78:6d:55:8e:66:06:22:1f:1d:52:7c:33:b9:66:57:89:b4:fa:
         04:9b:ec:54:e3:25:dd:e0:80:e9:f6:01:0d:2e:28:31:86:51:
         77:2a:8a:7d:0d:2b:45:34:30:ad:48:6a:d3:4d:d8:04:fd:68:
         9f:2b:6e:a1
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUJq/Pu8HZYledDEj8TOiz3Sm4/PEwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTcyNloX
DTI3MDMwMzA2MjIyNlowMzExMC8GA1UEAxMoQTg2MzgzQUI2RTc4MjNFNUIyRUI4
NzhDQkNGQTg4MENDODgzQTZBMDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANm2pO/BBxK/ZeE8pCc8984hJR41Kf1zKQ/1J3UJKWXGP6cu41f2b+7bzaOd
2bS3wAKs4/QY9Sm4bEWAURx6TOmjfAiUNusn6mmoqXJvLJix5DWfIRK78JxnvUFE
Anr2+iE+PQ49vm8tpGsr41dHJuaqf2mn3pNVf8PKz8CfZaCS58IAkTb5UrA6Q6uA
FSfylFBqeCjGTGzE4b9uXX1eKLfotqZqBvFxdHNEj8aGmk2LIGSFq9lrnM9vEhAJ
wGB5A8Fh/4aM9izMQnOoN7KKLWW+RlcrxkIVQ+UpOFeRpZxfuDpDN7uSQqkVKV97
bveYe73B0/msL/B7MTHCITrVya0CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBSoY4Or
bngj5bLrh4y8+ogMyIOmoDAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDgyNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
qH4wDQYJKoZIhvcNAQELBQADggEBAD1YxA7tbjAEuxMZzUO2oGcz2FC6cbBziTvE
MmbwEyyZ1Hfn1hHUU3sQkxX3JAWlKgtjN0v2wUtCZV/M711asGUnVo3np/RNl/++
xtXCysu7Ou22ppr1jzxnWzvVVGWYMqAWFyU0yY5sdqbbSnwBh/S6MnGGZfsnvcJZ
FNEZjkLLARX9lM6UkLupnpa6GPkH0xmCF2nqaOVsUQob3O7HMALh0UdcoVZB2z/A
rLRdW9wD8yR17X+ihD3LHRS48cd3h5s4NcaNj3htVY5mBiIfHVJ8M7lmV4m0+gSb
7FTjJd3ggOn2AQ0uKDGGUXcqin0NK0U0MK1IatNN2AT9aJ8rbqE=
-----END CERTIFICATE-----