Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144827.roa
File:                     AS144827.roa (raw, json)
Hash identifier:          OiAG1U+lT8sLg8SNRljbr1fAUykXULHTjo9kqiiBwDE=
Subject key identifier:   11:75:11:26:1E:B3:10:D0:2D:BF:77:C6:3F:63:23:73:AE:A8:83:20
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       443259A363FD9D590CBC8064D97014F1D9874904
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144827.roa
Signing time:             Wed 04 Mar 2026 06:22:13 +0000
ROA not before:           Wed 04 Mar 2026 06:17:13 +0000
ROA not after:            Wed 03 Mar 2027 06:22:13 +0000
asID:                     144827
IP address blocks:        240a:a881::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:32:59:a3:63:fd:9d:59:0c:bc:80:64:d9:70:14:f1:d9:87:49:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:17:13 2026 GMT
            Not After : Mar  3 06:22:13 2027 GMT
        Subject: CN=117511261EB310D02DBF77C63F632373AEA88320
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:51:10:22:ae:18:f1:49:2b:61:93:63:84:56:
                    ad:ec:b9:ff:97:b7:b0:ef:ac:98:c1:2e:87:7b:d4:
                    35:d6:7c:9e:63:6a:f7:6a:49:5b:05:36:e6:4f:d8:
                    a8:b8:0a:02:02:dd:42:ba:b8:52:25:a4:6c:78:9a:
                    04:5d:4d:88:86:50:8e:d6:9a:ae:5c:a4:32:34:1b:
                    e4:0d:69:38:91:45:35:36:83:8b:c3:11:c4:f1:cf:
                    e2:e6:90:47:bb:83:83:1e:89:ee:4a:88:11:fe:6d:
                    e2:87:0f:b3:b0:99:d7:e3:07:9c:f6:98:4b:53:c9:
                    d4:2a:e3:ca:62:33:e0:a3:86:53:40:2e:92:bb:35:
                    52:e4:2c:44:da:ee:27:56:6d:5e:13:5c:13:58:6c:
                    56:7a:41:2b:5d:ab:a2:47:2d:d7:a5:d2:61:ec:00:
                    e9:32:b7:24:a4:2e:05:f6:f0:cc:93:a6:17:5b:b0:
                    e4:dc:4f:aa:41:2a:fd:8d:da:69:3a:ac:2e:47:85:
                    90:b7:73:fb:97:da:cd:1c:ed:ac:34:80:df:85:de:
                    ee:40:07:51:f5:45:38:09:35:92:b9:0d:7e:1d:58:
                    73:90:28:57:05:48:9b:35:cd:0e:bb:55:ca:95:2f:
                    a0:24:7f:94:26:08:e0:77:4d:8f:db:b0:13:d2:3e:
                    1c:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:75:11:26:1E:B3:10:D0:2D:BF:77:C6:3F:63:23:73:AE:A8:83:20
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144827.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a881::/32

    Signature Algorithm: sha256WithRSAEncryption
         05:21:ba:d8:dc:ac:66:bf:5b:02:c4:90:22:31:5e:86:42:0e:
         1f:6b:15:59:88:dd:82:d0:0c:56:ae:c0:16:5e:35:69:b0:53:
         8d:0a:84:b9:e5:db:38:c0:0b:07:67:fe:e2:cd:58:b8:b4:8a:
         3d:e0:73:67:b7:a1:30:fe:77:af:5a:6e:17:9c:49:01:6c:95:
         2e:27:6f:dc:40:29:b4:c2:48:ac:cc:32:35:04:7e:5a:ac:0e:
         84:01:be:ae:7d:f1:a4:68:4a:d2:9c:8f:71:0a:f0:2c:9c:ce:
         0f:be:a0:3d:b9:cd:be:67:cb:24:05:5d:17:83:98:ea:11:6a:
         1e:25:b5:ff:aa:7f:b7:fd:56:c2:a0:d9:e0:4f:3f:e3:9c:d7:
         c7:18:a6:e3:67:6e:e1:5a:c7:d2:4d:e9:a7:94:ab:64:ea:c0:
         b1:c9:c2:af:cc:ea:aa:18:bd:ad:2e:45:cc:d7:a8:f0:7f:4a:
         35:b7:51:22:d1:98:f7:c3:6e:a1:7e:ac:58:d0:dd:5c:f9:5a:
         91:55:0b:4b:78:22:7f:4c:8e:3e:c9:bc:87:49:24:57:0a:d7:
         9b:d5:c1:02:1f:e8:b3:01:bb:4c:c2:6d:aa:ad:ac:05:ff:e3:
         8f:04:77:15:81:97:10:b7:2c:7c:f6:5b:7c:cc:7b:94:f0:3d:
         e5:e6:be:38
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIURDJZo2P9nVkMvIBk2XAU8dmHSQQwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTcxM1oX
DTI3MDMwMzA2MjIxM1owMzExMC8GA1UEAxMoMTE3NTExMjYxRUIzMTBEMDJEQkY3
N0M2M0Y2MzIzNzNBRUE4ODMyMDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMZRECKuGPFJK2GTY4RWrey5/5e3sO+smMEuh3vUNdZ8nmNq92pJWwU25k/Y
qLgKAgLdQrq4UiWkbHiaBF1NiIZQjtaarlykMjQb5A1pOJFFNTaDi8MRxPHP4uaQ
R7uDgx6J7kqIEf5t4ocPs7CZ1+MHnPaYS1PJ1CrjymIz4KOGU0Aukrs1UuQsRNru
J1ZtXhNcE1hsVnpBK12rokct16XSYewA6TK3JKQuBfbwzJOmF1uw5NxPqkEq/Y3a
aTqsLkeFkLdz+5fazRztrDSA34Xe7kAHUfVFOAk1krkNfh1Yc5AoVwVImzXNDrtV
ypUvoCR/lCYI4HdNj9uwE9I+HMcCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQRdREm
HrMQ0C2/d8Y/YyNzrqiDIDAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDgyNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
qIEwDQYJKoZIhvcNAQELBQADggEBAAUhutjcrGa/WwLEkCIxXoZCDh9rFVmI3YLQ
DFauwBZeNWmwU40KhLnl2zjACwdn/uLNWLi0ij3gc2e3oTD+d69abhecSQFslS4n
b9xAKbTCSKzMMjUEflqsDoQBvq598aRoStKcj3EK8Cyczg++oD25zb5nyyQFXReD
mOoRah4ltf+qf7f9VsKg2eBPP+Oc18cYpuNnbuFax9JN6aeUq2TqwLHJwq/M6qoY
va0uRczXqPB/SjW3USLRmPfDbqF+rFjQ3Vz5WpFVC0t4In9Mjj7JvIdJJFcK15vV
wQIf6LMBu0zCbaqtrAX/448EdxWBlxC3LHz2W3zMe5TwPeXmvjg=
-----END CERTIFICATE-----