Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144834.roa
File:                     AS144834.roa (raw, json)
Hash identifier:          z9dbL20xdFUTrtp7OlFO43v8u9lyHANzRVm4eT5QaB4=
Subject key identifier:   EA:49:54:C9:E2:A5:0A:61:B5:7E:FA:17:DA:77:BE:48:C1:1A:B1:B4
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       7367C32388D7B49F5DC9DFF4E311DB5C86FBC052
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144834.roa
Signing time:             Wed 04 Mar 2026 06:21:23 +0000
ROA not before:           Wed 04 Mar 2026 06:16:23 +0000
ROA not after:            Wed 03 Mar 2027 06:21:23 +0000
asID:                     144834
IP address blocks:        240a:a888::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            73:67:c3:23:88:d7:b4:9f:5d:c9:df:f4:e3:11:db:5c:86:fb:c0:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:16:23 2026 GMT
            Not After : Mar  3 06:21:23 2027 GMT
        Subject: CN=EA4954C9E2A50A61B57EFA17DA77BE48C11AB1B4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:f8:82:37:c0:24:12:5b:e9:e8:0a:29:f9:de:
                    3f:2c:b2:7b:f2:a1:3a:e3:06:50:02:c8:6e:e6:3e:
                    a7:c6:82:ed:bc:08:34:2c:34:e5:9f:db:73:e3:a1:
                    09:ec:48:bc:b3:fd:de:3b:68:7b:02:cd:a2:e3:7a:
                    57:00:7e:b5:75:16:82:a0:32:9c:f2:f7:fa:3e:46:
                    32:6f:c1:02:92:5f:80:66:ce:11:90:e2:fc:b7:0d:
                    a4:ac:3c:1e:2b:6f:f0:29:a7:3b:48:aa:b0:ec:b5:
                    3d:27:7c:f4:41:c3:9e:25:d1:91:6a:97:5d:a4:db:
                    e8:3a:f3:38:01:4d:9f:38:01:42:0b:ce:04:7f:8c:
                    8c:dd:9a:f2:e3:fb:38:f3:6e:59:d6:cf:3c:84:cc:
                    c0:ed:3f:71:48:d2:ac:7f:62:71:7e:94:c4:18:f2:
                    32:b8:32:48:c4:9a:fc:31:61:ea:a6:1b:f6:87:ad:
                    24:18:0a:14:50:dc:af:d7:ce:70:f7:99:2d:4f:ae:
                    9d:4f:61:b2:8e:58:01:55:23:92:86:ce:15:1a:b3:
                    66:03:75:ed:cf:80:cf:f4:19:ec:0f:fe:a7:5f:2c:
                    c2:3b:e6:71:31:58:c3:20:e4:39:b0:08:c3:a8:12:
                    b4:d5:b4:e0:69:fa:ee:5c:e5:be:4f:b6:18:29:06:
                    24:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:49:54:C9:E2:A5:0A:61:B5:7E:FA:17:DA:77:BE:48:C1:1A:B1:B4
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144834.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a888::/32

    Signature Algorithm: sha256WithRSAEncryption
         28:4a:37:e5:42:c0:ec:a8:6f:3b:be:54:a9:dd:55:70:d5:aa:
         2a:23:04:33:02:8b:8e:02:ff:51:50:78:d8:a7:ef:26:b8:02:
         1c:5c:8a:dc:4f:08:4e:72:ac:fa:28:43:2d:81:84:94:b4:7c:
         93:ab:02:f9:8b:6d:a9:fd:ef:7a:d0:4b:f6:62:c4:53:21:17:
         16:d9:41:24:ca:9c:d6:89:35:b9:7e:ee:7e:42:76:ad:8c:18:
         29:a4:b8:19:d3:cd:c7:08:83:36:d9:0a:8e:ee:0e:76:24:18:
         49:1f:b9:cd:8b:d0:89:4f:e4:db:07:8e:f2:2a:65:af:11:4f:
         47:0c:94:de:40:d0:b6:20:c8:f0:a5:78:b7:83:de:9f:4f:87:
         04:e2:f8:42:7b:32:c1:93:17:a0:38:75:de:11:7b:d3:ab:0b:
         d7:09:b9:aa:1c:d7:d3:61:55:5a:34:9d:12:31:ad:39:21:d5:
         36:3c:d5:92:a5:33:27:14:3b:c3:f4:1e:5d:5b:33:8b:3b:1d:
         ad:3c:0e:4c:da:ea:8d:04:c1:ea:37:20:72:ef:7c:a4:fc:83:
         73:ca:e5:28:aa:88:33:d3:07:63:1d:03:87:09:a5:23:ba:ac:
         40:58:a5:69:fb:bf:a9:4b:0c:5b:0e:2b:e6:50:db:cb:8f:d3:
         0c:aa:e7:71
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUc2fDI4jXtJ9dyd/04xHbXIb7wFIwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTYyM1oX
DTI3MDMwMzA2MjEyM1owMzExMC8GA1UEAxMoRUE0OTU0QzlFMkE1MEE2MUI1N0VG
QTE3REE3N0JFNDhDMTFBQjFCNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJH4gjfAJBJb6egKKfnePyyye/KhOuMGUALIbuY+p8aC7bwINCw05Z/bc+Oh
CexIvLP93jtoewLNouN6VwB+tXUWgqAynPL3+j5GMm/BApJfgGbOEZDi/LcNpKw8
Hitv8CmnO0iqsOy1PSd89EHDniXRkWqXXaTb6DrzOAFNnzgBQgvOBH+MjN2a8uP7
OPNuWdbPPITMwO0/cUjSrH9icX6UxBjyMrgySMSa/DFh6qYb9oetJBgKFFDcr9fO
cPeZLU+unU9hso5YAVUjkobOFRqzZgN17c+Az/QZ7A/+p18swjvmcTFYwyDkObAI
w6gStNW04Gn67lzlvk+2GCkGJOECAwEAAaOCAcUwggHBMB0GA1UdDgQWBBTqSVTJ
4qUKYbV++hfad75IwRqxtDAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDgzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
qIgwDQYJKoZIhvcNAQELBQADggEBAChKN+VCwOyobzu+VKndVXDVqiojBDMCi44C
/1FQeNin7ya4AhxcitxPCE5yrPooQy2BhJS0fJOrAvmLban973rQS/ZixFMhFxbZ
QSTKnNaJNbl+7n5Cdq2MGCmkuBnTzccIgzbZCo7uDnYkGEkfuc2L0IlP5NsHjvIq
Za8RT0cMlN5A0LYgyPCleLeD3p9PhwTi+EJ7MsGTF6A4dd4Re9OrC9cJuaoc19Nh
VVo0nRIxrTkh1TY81ZKlMycUO8P0Hl1bM4s7Ha08Dkza6o0Eweo3IHLvfKT8g3PK
5SiqiDPTB2MdA4cJpSO6rEBYpWn7v6lLDFsOK+ZQ28uP0wyq53E=
-----END CERTIFICATE-----