Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144833.roa
File:                     AS144833.roa (raw, json)
Hash identifier:          yuwalMpH7vxAKh21S1MtvC8F6Tlbt/f/mZqSoFRSnTo=
Subject key identifier:   1C:D9:CD:36:C5:7B:68:E4:7C:78:E8:5F:0A:A9:D8:35:08:20:06:04
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       1C1EE55AF047C2A8ABEDBE21AC6D0ECC1ADB5211
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144833.roa
Signing time:             Wed 04 Mar 2026 06:20:13 +0000
ROA not before:           Wed 04 Mar 2026 06:15:13 +0000
ROA not after:            Wed 03 Mar 2027 06:20:13 +0000
asID:                     144833
IP address blocks:        240a:a887::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1c:1e:e5:5a:f0:47:c2:a8:ab:ed:be:21:ac:6d:0e:cc:1a:db:52:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:15:13 2026 GMT
            Not After : Mar  3 06:20:13 2027 GMT
        Subject: CN=1CD9CD36C57B68E47C78E85F0AA9D83508200604
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:d3:f2:00:5e:d3:39:30:a5:1b:1e:18:7c:ae:
                    81:b5:be:a3:f5:b7:7d:0d:70:0d:e0:25:50:99:8e:
                    a5:74:c3:19:80:98:ff:b3:ef:03:e3:ce:33:cf:35:
                    d8:da:4b:fe:f8:7e:7c:6e:14:4c:ed:2e:7c:c5:e7:
                    28:32:2a:40:90:da:7c:78:9a:78:ce:5c:0b:3a:dd:
                    ed:ba:70:7d:f8:9a:70:72:77:1b:3d:70:d7:28:68:
                    fe:83:0e:92:1d:2a:09:9d:5f:3a:bd:6a:d1:86:6b:
                    0a:e9:74:88:2d:06:fe:8b:7a:b7:60:0e:20:91:23:
                    20:ff:bd:54:66:39:2e:55:a2:d6:00:d4:a2:63:b1:
                    7c:a3:05:af:90:cd:02:e4:a0:87:a9:84:93:f6:cb:
                    8f:7b:a9:21:b2:4b:a1:9f:7c:65:82:23:15:5e:08:
                    f6:ef:38:2b:f9:5c:f7:fb:bb:e5:15:72:7f:f3:9b:
                    6c:ac:5c:e2:bb:2c:2a:85:7d:22:44:be:36:9f:66:
                    c4:7f:9a:e6:65:57:25:e3:c7:73:1c:ca:a9:d7:d5:
                    a5:ab:57:3b:57:2a:47:17:6d:0c:21:25:a7:da:22:
                    4a:0b:e7:c1:44:91:f3:4f:16:6a:5b:46:6a:64:bb:
                    2c:e2:d0:6c:ed:46:ab:3e:cb:9e:a5:b3:83:54:91:
                    ba:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:D9:CD:36:C5:7B:68:E4:7C:78:E8:5F:0A:A9:D8:35:08:20:06:04
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a887::/32

    Signature Algorithm: sha256WithRSAEncryption
         50:a9:6f:32:de:13:c6:b3:4f:fd:a0:9b:41:a9:b7:d6:fe:f5:
         2b:d4:bb:d2:ae:45:5e:f7:88:70:5a:89:22:44:cb:7a:d9:6e:
         84:e5:45:b0:79:f4:50:4d:f3:54:94:54:3e:bb:78:84:b4:c2:
         1a:f7:81:22:7e:d3:9b:80:bc:1e:be:63:c1:a7:7e:17:f7:7b:
         25:53:fc:3c:83:28:ae:e5:2a:52:3f:02:b9:87:21:1d:90:4b:
         bc:ad:40:68:f3:df:da:b0:ff:87:f8:3a:68:33:98:0c:10:8c:
         1d:2e:d8:a7:40:89:42:17:cf:af:01:86:5d:cb:9f:e2:36:88:
         3b:29:53:47:61:5a:5d:c6:4a:47:95:59:01:de:dc:bd:2b:ce:
         e1:8f:98:10:e3:58:8e:5b:1e:e8:94:27:ae:3b:c4:60:c0:8c:
         7e:ff:7e:09:74:4c:b9:bb:5f:b1:96:92:22:9e:f1:d0:c0:c1:
         5d:e8:07:97:20:1c:df:af:b7:bb:e6:b4:39:86:34:79:c9:4b:
         2b:dc:0a:18:6f:52:56:c2:91:61:53:cf:93:bf:de:a1:1f:18:
         d5:7b:0c:88:09:28:99:b8:3c:90:2a:a8:dd:f9:75:68:e7:10:
         29:cb:fe:6b:76:1b:e5:2c:b2:f8:c0:40:34:fe:1e:ec:9c:fc:
         86:74:ae:0b
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUHB7lWvBHwqir7b4hrG0OzBrbUhEwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTUxM1oX
DTI3MDMwMzA2MjAxM1owMzExMC8GA1UEAxMoMUNEOUNEMzZDNTdCNjhFNDdDNzhF
ODVGMEFBOUQ4MzUwODIwMDYwNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMbT8gBe0zkwpRseGHyugbW+o/W3fQ1wDeAlUJmOpXTDGYCY/7PvA+POM881
2NpL/vh+fG4UTO0ufMXnKDIqQJDafHiaeM5cCzrd7bpwffiacHJ3Gz1w1yho/oMO
kh0qCZ1fOr1q0YZrCul0iC0G/ot6t2AOIJEjIP+9VGY5LlWi1gDUomOxfKMFr5DN
AuSgh6mEk/bLj3upIbJLoZ98ZYIjFV4I9u84K/lc9/u75RVyf/ObbKxc4rssKoV9
IkS+Np9mxH+a5mVXJePHcxzKqdfVpatXO1cqRxdtDCElp9oiSgvnwUSR808WaltG
amS7LOLQbO1Gqz7LnqWzg1SRum0CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQc2c02
xXto5Hx46F8Kqdg1CCAGBDAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDgzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
qIcwDQYJKoZIhvcNAQELBQADggEBAFCpbzLeE8azT/2gm0Gpt9b+9SvUu9KuRV73
iHBaiSJEy3rZboTlRbB59FBN81SUVD67eIS0whr3gSJ+05uAvB6+Y8Gnfhf3eyVT
/DyDKK7lKlI/ArmHIR2QS7ytQGjz39qw/4f4OmgzmAwQjB0u2KdAiUIXz68Bhl3L
n+I2iDspU0dhWl3GSkeVWQHe3L0rzuGPmBDjWI5bHuiUJ647xGDAjH7/fgl0TLm7
X7GWkiKe8dDAwV3oB5cgHN+vt7vmtDmGNHnJSyvcChhvUlbCkWFTz5O/3qEfGNV7
DIgJKJm4PJAqqN35dWjnECnL/mt2G+UssvjAQDT+Huyc/IZ0rgs=
-----END CERTIFICATE-----