Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144848.roa
File:                     AS144848.roa (raw, json)
Hash identifier:          0xwOKQ2DMqgnY7dkJ9/tf3Wyq6A5F6izey+bqRY1u4c=
Subject key identifier:   9F:49:B3:5D:8D:C5:91:1C:F6:3C:5D:BF:33:60:CE:79:82:25:29:3B
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       1D8346C42A5AB236C373AD2B127F7273E90D602D
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144848.roa
Signing time:             Wed 04 Mar 2026 06:20:37 +0000
ROA not before:           Wed 04 Mar 2026 06:15:37 +0000
ROA not after:            Wed 03 Mar 2027 06:20:37 +0000
asID:                     144848
IP address blocks:        240a:a896::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:83:46:c4:2a:5a:b2:36:c3:73:ad:2b:12:7f:72:73:e9:0d:60:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:15:37 2026 GMT
            Not After : Mar  3 06:20:37 2027 GMT
        Subject: CN=9F49B35D8DC5911CF63C5DBF3360CE798225293B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:87:b0:bd:05:3e:b4:c7:04:90:d0:ae:07:2d:
                    a6:5e:f7:de:e6:9f:9b:ca:04:3b:43:a4:c2:47:07:
                    2b:49:c5:d2:a3:b7:64:c6:6d:50:ef:f5:06:e7:42:
                    57:a5:0c:81:fb:25:52:04:0b:6d:4d:b4:7e:e9:bd:
                    cb:d6:23:f4:1e:28:5e:33:13:6c:c1:fd:6b:da:ae:
                    19:83:9d:dd:76:2e:10:33:f0:c1:50:8b:42:cd:ed:
                    c8:90:83:54:d8:94:44:08:78:c5:fe:26:39:64:66:
                    dd:c1:b3:33:bb:0a:4b:0a:37:86:f3:49:05:af:46:
                    c2:f4:8d:71:6f:78:21:1a:c2:1d:06:d9:47:42:81:
                    2b:a3:b3:17:07:cb:2e:15:7c:6c:5e:d0:14:cd:e3:
                    c5:06:1c:28:ed:50:99:49:4f:e3:35:20:7d:e4:b3:
                    4d:96:05:5d:c1:8d:05:86:9c:3f:cf:a4:96:0b:6d:
                    09:c1:19:1c:88:ed:16:d7:e8:7a:12:71:5d:67:ec:
                    65:44:5b:b9:7b:4e:0e:40:57:77:50:7d:00:aa:2e:
                    3f:11:a5:94:6e:8c:8b:0e:32:58:08:91:3d:ba:35:
                    ab:40:73:fa:73:8c:b1:4d:1d:5f:e8:c2:c3:71:62:
                    35:f5:3c:ea:b1:da:e0:66:a8:72:8c:5f:59:9f:56:
                    38:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:49:B3:5D:8D:C5:91:1C:F6:3C:5D:BF:33:60:CE:79:82:25:29:3B
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144848.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a896::/32

    Signature Algorithm: sha256WithRSAEncryption
         28:16:b5:9f:55:d0:bc:aa:9d:1b:6d:e4:7e:f3:bd:b6:a0:ed:
         44:3d:bf:22:16:cd:a3:6d:8e:7f:20:43:51:fb:ef:80:04:26:
         ad:0e:be:ba:5f:a3:db:f6:b8:a1:6d:1a:11:0c:9a:05:0d:2e:
         81:36:6f:ee:91:ef:d7:fe:32:58:c0:20:b6:91:77:a3:95:28:
         72:ab:66:6d:a0:cd:4c:f9:3d:4c:51:bc:77:cc:40:22:63:53:
         fa:b1:df:43:61:68:8a:5b:28:79:78:42:4c:d0:da:82:b9:cc:
         f6:b5:37:3d:05:9f:0d:f1:20:6a:92:22:8a:c9:d6:b1:6b:a5:
         22:cf:5f:0b:8a:7d:de:a7:7e:5a:8d:91:df:e9:e5:17:f0:3f:
         92:b0:5c:d7:62:47:ba:44:49:29:a9:e0:f6:02:af:6d:4a:af:
         fb:7c:a7:fc:db:dc:0a:f1:56:37:8b:07:28:86:9b:d5:6a:02:
         22:3f:ae:a8:f6:83:45:b0:1c:d4:54:56:c8:21:2a:9c:20:12:
         01:42:2b:b7:4c:85:a7:47:6d:93:f3:db:04:85:18:41:6c:1c:
         be:fb:c0:63:34:b2:8d:0f:3a:19:2f:0d:75:91:6e:ea:7c:2b:
         b8:77:2c:2a:ea:6c:3b:e2:3c:0b:0f:fe:8a:fc:b3:2f:86:10:
         84:79:71:e5
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUHYNGxCpasjbDc60rEn9yc+kNYC0wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTUzN1oX
DTI3MDMwMzA2MjAzN1owMzExMC8GA1UEAxMoOUY0OUIzNUQ4REM1OTExQ0Y2M0M1
REJGMzM2MENFNzk4MjI1MjkzQjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJyHsL0FPrTHBJDQrgctpl733uafm8oEO0OkwkcHK0nF0qO3ZMZtUO/1BudC
V6UMgfslUgQLbU20fum9y9Yj9B4oXjMTbMH9a9quGYOd3XYuEDPwwVCLQs3tyJCD
VNiURAh4xf4mOWRm3cGzM7sKSwo3hvNJBa9GwvSNcW94IRrCHQbZR0KBK6OzFwfL
LhV8bF7QFM3jxQYcKO1QmUlP4zUgfeSzTZYFXcGNBYacP8+klgttCcEZHIjtFtfo
ehJxXWfsZURbuXtODkBXd1B9AKouPxGllG6Miw4yWAiRPbo1q0Bz+nOMsU0dX+jC
w3FiNfU86rHa4GaocoxfWZ9WOOMCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBSfSbNd
jcWRHPY8Xb8zYM55giUpOzAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDg0OC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
qJYwDQYJKoZIhvcNAQELBQADggEBACgWtZ9V0LyqnRtt5H7zvbag7UQ9vyIWzaNt
jn8gQ1H774AEJq0Ovrpfo9v2uKFtGhEMmgUNLoE2b+6R79f+MljAILaRd6OVKHKr
Zm2gzUz5PUxRvHfMQCJjU/qx30NhaIpbKHl4QkzQ2oK5zPa1Nz0Fnw3xIGqSIorJ
1rFrpSLPXwuKfd6nflqNkd/p5RfwP5KwXNdiR7pESSmp4PYCr21Kr/t8p/zb3Arx
VjeLByiGm9VqAiI/rqj2g0WwHNRUVsghKpwgEgFCK7dMhadHbZPz2wSFGEFsHL77
wGM0so0POhkvDXWRbup8K7h3LCrqbDviPAsP/or8sy+GEIR5ceU=
-----END CERTIFICATE-----