Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144858.roa
File:                     AS144858.roa (raw, json)
Hash identifier:          Z1eLYttugzb2M/9/y3oRK3zc9XhU9u2Bal8BeRgHMII=
Subject key identifier:   91:1D:16:75:BC:86:D4:13:CA:66:63:A1:70:77:D0:E9:2C:FD:95:01
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       31BBF74D279B0481A4B2CA5E26D8527FF76178BB
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144858.roa
Signing time:             Wed 04 Mar 2026 06:22:28 +0000
ROA not before:           Wed 04 Mar 2026 06:17:28 +0000
ROA not after:            Wed 03 Mar 2027 06:22:28 +0000
asID:                     144858
IP address blocks:        240a:a8a0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            31:bb:f7:4d:27:9b:04:81:a4:b2:ca:5e:26:d8:52:7f:f7:61:78:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:17:28 2026 GMT
            Not After : Mar  3 06:22:28 2027 GMT
        Subject: CN=911D1675BC86D413CA6663A17077D0E92CFD9501
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:54:62:b6:28:c4:de:a1:b9:73:96:07:24:49:
                    84:89:fb:dd:ea:ba:6e:e5:d8:71:3c:ed:ff:0a:13:
                    b2:19:0c:1c:09:ca:07:50:06:71:9c:48:44:cc:96:
                    6a:18:52:8a:a0:71:14:27:e0:19:8b:dd:01:43:84:
                    46:9d:d8:15:90:62:65:41:a6:2e:b4:dd:7a:16:01:
                    e4:43:ef:bb:d3:1e:de:c7:b9:05:0c:a4:3a:11:74:
                    c0:0e:11:d5:96:5c:ce:a3:51:77:00:b9:03:e2:51:
                    41:35:8f:b7:67:a6:ab:31:4d:45:fe:2c:d0:51:73:
                    d1:ed:37:a2:16:dd:4f:2f:17:d3:f8:f2:f6:4c:d9:
                    8d:fc:3a:b5:09:fa:18:b6:21:0e:89:d0:4d:fd:8a:
                    85:cf:b0:67:66:1d:fe:34:d9:67:cb:a7:eb:69:7f:
                    a9:69:b8:01:5e:01:d2:92:f9:48:f0:9f:82:ba:2c:
                    61:d0:91:b8:af:89:d7:2c:c8:fe:40:94:c4:14:be:
                    99:81:5c:07:09:57:d0:39:99:f3:a1:ba:46:ff:71:
                    3d:bd:bb:c1:03:28:d7:7a:bb:26:ae:f4:93:ab:5a:
                    6a:71:7b:8a:5e:61:a2:f7:55:42:c5:80:91:88:45:
                    c6:fa:cd:d9:3a:57:29:16:50:30:48:54:c5:22:35:
                    d9:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:1D:16:75:BC:86:D4:13:CA:66:63:A1:70:77:D0:E9:2C:FD:95:01
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144858.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a8a0::/32

    Signature Algorithm: sha256WithRSAEncryption
         d1:51:ea:5a:92:a0:30:b0:56:b1:f5:ce:1e:5b:30:37:c3:46:
         ff:71:d4:a1:fe:e1:fa:82:1d:5f:f4:df:46:33:83:78:8f:11:
         b8:48:33:21:95:cb:c9:04:05:32:70:1a:a6:45:18:4c:6f:2f:
         ef:b4:58:87:d4:92:58:fe:31:55:81:b8:57:4a:ab:73:e1:70:
         3c:8b:0b:51:e4:1b:bc:53:32:ad:19:c9:50:b5:8a:d5:9d:33:
         b7:99:30:3f:d6:2d:25:05:56:5b:18:1f:43:63:3b:a2:74:82:
         92:74:9b:c3:9e:10:11:97:a1:c9:a5:1c:81:ca:61:8d:c2:68:
         5e:20:d8:53:bb:6d:14:2e:80:8f:67:29:b5:45:61:02:31:f1:
         35:1f:c4:a4:88:7e:f7:0a:7b:80:fe:79:e7:a8:e9:b3:be:ca:
         0f:c7:3c:d4:65:80:3f:be:9c:f6:61:b3:b3:71:cd:dd:4d:25:
         66:85:9c:61:91:1b:56:10:f5:b3:7c:3a:56:56:97:50:79:51:
         af:d3:87:c0:f2:5e:f2:ae:7b:f7:43:76:e3:cf:07:5f:9b:c1:
         f7:40:90:af:72:3f:76:80:15:8d:87:66:cd:56:6d:e2:4b:73:
         4a:03:93:64:2a:c9:17:a4:ac:6d:ed:38:8d:81:ec:b8:63:67:
         81:62:6b:ba
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUMbv3TSebBIGksspeJthSf/dheLswDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTcyOFoX
DTI3MDMwMzA2MjIyOFowMzExMC8GA1UEAxMoOTExRDE2NzVCQzg2RDQxM0NBNjY2
M0ExNzA3N0QwRTkyQ0ZEOTUwMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANlUYrYoxN6huXOWByRJhIn73eq6buXYcTzt/woTshkMHAnKB1AGcZxIRMyW
ahhSiqBxFCfgGYvdAUOERp3YFZBiZUGmLrTdehYB5EPvu9Me3se5BQykOhF0wA4R
1ZZczqNRdwC5A+JRQTWPt2emqzFNRf4s0FFz0e03ohbdTy8X0/jy9kzZjfw6tQn6
GLYhDonQTf2Khc+wZ2Yd/jTZZ8un62l/qWm4AV4B0pL5SPCfgrosYdCRuK+J1yzI
/kCUxBS+mYFcBwlX0DmZ86G6Rv9xPb27wQMo13q7Jq70k6taanF7il5hovdVQsWA
kYhFxvrN2TpXKRZQMEhUxSI12QkCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBSRHRZ1
vIbUE8pmY6Fwd9DpLP2VATAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDg1OC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
qKAwDQYJKoZIhvcNAQELBQADggEBANFR6lqSoDCwVrH1zh5bMDfDRv9x1KH+4fqC
HV/030Yzg3iPEbhIMyGVy8kEBTJwGqZFGExvL++0WIfUklj+MVWBuFdKq3PhcDyL
C1HkG7xTMq0ZyVC1itWdM7eZMD/WLSUFVlsYH0NjO6J0gpJ0m8OeEBGXocmlHIHK
YY3CaF4g2FO7bRQugI9nKbVFYQIx8TUfxKSIfvcKe4D+eeeo6bO+yg/HPNRlgD++
nPZhs7Nxzd1NJWaFnGGRG1YQ9bN8OlZWl1B5Ua/Th8DyXvKue/dDduPPB1+bwfdA
kK9yP3aAFY2HZs1WbeJLc0oDk2QqyRekrG3tOI2B7LhjZ4Fia7o=
-----END CERTIFICATE-----