Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144847.roa
File:                     AS144847.roa (raw, json)
Hash identifier:          x5RWLSlhsyKaPd5rBAEXHhDj8grXpYV9/A715XI75FI=
Subject key identifier:   AC:7B:A9:AB:7A:FF:AF:A2:02:CE:8D:05:15:49:FE:FA:BF:0D:2B:A3
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       089E1EB939F2BF4AF73A67AEFCE90B30A54D9F3E
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144847.roa
Signing time:             Wed 04 Mar 2026 06:20:27 +0000
ROA not before:           Wed 04 Mar 2026 06:15:27 +0000
ROA not after:            Wed 03 Mar 2027 06:20:27 +0000
asID:                     144847
IP address blocks:        240a:a895::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            08:9e:1e:b9:39:f2:bf:4a:f7:3a:67:ae:fc:e9:0b:30:a5:4d:9f:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:15:27 2026 GMT
            Not After : Mar  3 06:20:27 2027 GMT
        Subject: CN=AC7BA9AB7AFFAFA202CE8D051549FEFABF0D2BA3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:5e:35:ef:8e:db:c9:5a:1e:fd:23:f0:2a:4a:
                    b0:e6:d7:39:02:fe:95:68:a0:dd:1d:ad:a2:9e:9b:
                    39:78:f7:d2:f4:ba:44:e0:b0:76:ba:2e:e6:99:58:
                    99:ec:d8:de:3f:9e:3a:5b:7d:40:c3:91:75:b5:97:
                    02:49:9d:da:a3:1a:ad:53:f3:76:1b:09:fd:cc:12:
                    b0:22:c8:34:47:c1:26:08:ef:88:1f:04:cd:d5:8b:
                    ed:5f:2f:84:69:cf:48:8b:63:4e:34:31:fa:89:bb:
                    d4:57:78:66:a5:e9:6f:d7:ea:0f:d9:3f:87:cb:cc:
                    e3:ce:8f:28:7e:89:a2:40:ce:04:2c:74:c4:c6:d3:
                    27:b7:88:ee:94:f1:6e:ad:0d:67:54:d0:8d:c1:b8:
                    0f:96:90:34:de:86:43:26:77:da:66:8d:68:94:93:
                    28:97:89:fc:b5:55:64:81:04:62:00:b7:38:d7:ec:
                    8d:f5:8f:21:9d:f8:f6:56:56:06:aa:b0:cc:96:9d:
                    ba:07:14:ac:a1:91:12:6f:ac:37:c8:63:5e:93:71:
                    5f:a2:f7:5c:d0:c0:a5:af:b6:b0:a5:f9:85:4b:87:
                    a8:bb:e9:38:9c:eb:23:a0:e5:87:bc:ec:6e:06:2e:
                    7e:d2:b4:33:22:d4:b2:50:5e:29:92:77:dc:cf:f5:
                    e5:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:7B:A9:AB:7A:FF:AF:A2:02:CE:8D:05:15:49:FE:FA:BF:0D:2B:A3
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144847.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a895::/32

    Signature Algorithm: sha256WithRSAEncryption
         3f:3b:03:28:3b:f5:95:bd:66:53:ba:ce:43:7e:69:be:16:cc:
         b8:04:d6:02:cf:cd:de:83:08:b7:78:cd:ed:18:ac:0a:03:95:
         e9:46:86:ac:5b:7a:59:e2:1e:6b:33:1f:c9:8e:2f:03:ec:07:
         a4:3b:2b:91:89:5e:0a:d0:f7:bc:21:f8:4e:2c:01:5a:53:90:
         5b:a3:0a:61:88:89:9f:81:97:e3:54:07:79:27:b7:81:4d:01:
         6d:ef:59:5c:ed:56:50:31:9e:93:34:35:2e:04:ca:1e:bc:32:
         51:57:31:94:5f:95:c5:15:f3:d1:03:b0:e2:cb:a1:5a:0b:b2:
         e0:f5:84:47:a6:6e:08:3a:b8:54:82:30:d7:31:02:6d:9a:e8:
         b6:b3:c3:fe:84:02:7a:0c:6d:de:6b:7e:4a:3c:7d:28:f7:fb:
         f5:8d:5b:ef:33:67:7e:40:f9:e5:fc:aa:15:34:da:92:3c:53:
         b2:74:94:3e:16:5c:31:ff:03:34:24:0e:0e:9c:3a:75:ac:3c:
         b7:b5:9a:37:d1:57:51:e2:9c:2a:ab:d9:77:d1:66:ee:45:a1:
         95:70:3d:29:63:6c:88:74:e4:8d:88:25:b0:04:b5:8e:2a:c5:
         3f:55:72:26:14:42:51:c1:ef:3a:53:1c:ea:eb:98:39:ad:6a:
         e2:15:4d:a8
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUCJ4euTnyv0r3Omeu/OkLMKVNnz4wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTUyN1oX
DTI3MDMwMzA2MjAyN1owMzExMC8GA1UEAxMoQUM3QkE5QUI3QUZGQUZBMjAyQ0U4
RDA1MTU0OUZFRkFCRjBEMkJBMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKteNe+O28laHv0j8CpKsObXOQL+lWig3R2top6bOXj30vS6ROCwdrou5plY
mezY3j+eOlt9QMORdbWXAkmd2qMarVPzdhsJ/cwSsCLINEfBJgjviB8EzdWL7V8v
hGnPSItjTjQx+om71Fd4ZqXpb9fqD9k/h8vM486PKH6JokDOBCx0xMbTJ7eI7pTx
bq0NZ1TQjcG4D5aQNN6GQyZ32maNaJSTKJeJ/LVVZIEEYgC3ONfsjfWPIZ349lZW
BqqwzJadugcUrKGREm+sN8hjXpNxX6L3XNDApa+2sKX5hUuHqLvpOJzrI6Dlh7zs
bgYuftK0MyLUslBeKZJ33M/15S0CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBSse6mr
ev+vogLOjQUVSf76vw0rozAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDg0Ny5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
qJUwDQYJKoZIhvcNAQELBQADggEBAD87Ayg79ZW9ZlO6zkN+ab4WzLgE1gLPzd6D
CLd4ze0YrAoDlelGhqxbelniHmszH8mOLwPsB6Q7K5GJXgrQ97wh+E4sAVpTkFuj
CmGIiZ+Bl+NUB3knt4FNAW3vWVztVlAxnpM0NS4Eyh68MlFXMZRflcUV89EDsOLL
oVoLsuD1hEembgg6uFSCMNcxAm2a6Lazw/6EAnoMbd5rfko8fSj3+/WNW+8zZ35A
+eX8qhU02pI8U7J0lD4WXDH/AzQkDg6cOnWsPLe1mjfRV1HinCqr2XfRZu5FoZVw
PSljbIh05I2IJbAEtY4qxT9VciYUQlHB7zpTHOrrmDmtauIVTag=
-----END CERTIFICATE-----