Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144878.roa
File:                     AS144878.roa (raw, json)
Hash identifier:          xBpeVQefgHDQ5C1dGXBda+FjD1kaTRefX8iu9Jq0vIo=
Subject key identifier:   0F:DF:B1:61:9C:79:95:4F:EC:FC:3C:B6:7D:5F:FD:81:F9:13:31:A2
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       56D60039AFB68FA932534382DCAF61ADD8B75BD2
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144878.roa
Signing time:             Wed 04 Mar 2026 06:19:24 +0000
ROA not before:           Wed 04 Mar 2026 06:14:24 +0000
ROA not after:            Wed 03 Mar 2027 06:19:24 +0000
asID:                     144878
IP address blocks:        240a:a8b4::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            56:d6:00:39:af:b6:8f:a9:32:53:43:82:dc:af:61:ad:d8:b7:5b:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:14:24 2026 GMT
            Not After : Mar  3 06:19:24 2027 GMT
        Subject: CN=0FDFB1619C79954FECFC3CB67D5FFD81F91331A2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:36:33:7b:51:5c:b9:fb:36:42:9a:9d:b7:cf:
                    a1:a1:b2:9c:7c:3c:c6:1a:05:ce:13:ff:c4:fc:80:
                    9a:88:ce:99:90:fa:a7:2f:45:b3:40:2c:9f:73:56:
                    64:0d:c6:89:1f:fa:23:10:5f:cc:ee:a3:d3:1c:de:
                    da:56:1b:13:10:27:31:8a:0c:23:6a:8e:ed:db:71:
                    4c:4c:1f:d7:0e:dc:d3:ef:94:70:83:c2:64:d0:3b:
                    6f:5e:65:76:33:59:20:3c:6a:e7:6c:cf:42:81:d2:
                    6f:77:8a:fe:e3:0d:96:f1:cd:8b:7d:6d:ed:06:b8:
                    8e:4e:70:45:ba:1a:76:40:08:d7:19:51:b4:83:5d:
                    d0:70:aa:5e:d6:93:b6:37:8b:4e:53:df:16:f4:11:
                    5a:0b:9e:42:fa:8a:ea:6d:fa:89:48:3f:30:63:ab:
                    dd:9c:99:71:d8:1d:e4:e0:e5:0f:1c:35:87:f0:92:
                    22:4c:ba:cb:83:2b:e8:3a:31:81:18:df:d9:3c:96:
                    58:30:aa:52:d6:0a:2c:72:14:2c:5a:46:6b:07:f9:
                    58:3f:88:90:23:9c:a1:c1:37:98:a2:bb:e1:b1:08:
                    9b:ee:d4:0f:9b:23:3c:f6:9b:2d:f1:d6:fe:10:9f:
                    c6:d8:1a:f7:d2:37:d3:0e:19:20:f6:93:ff:aa:3a:
                    64:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:DF:B1:61:9C:79:95:4F:EC:FC:3C:B6:7D:5F:FD:81:F9:13:31:A2
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144878.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a8b4::/32

    Signature Algorithm: sha256WithRSAEncryption
         4a:00:76:ca:55:93:76:44:57:27:ed:b2:8e:fb:4f:c8:56:25:
         47:ee:87:5d:28:37:6f:99:5f:b0:52:6a:84:f9:5d:cd:1d:61:
         ec:2d:65:a0:53:1e:a1:4b:72:e2:73:c5:0b:47:ed:a4:2e:e2:
         86:34:65:f4:93:ba:bf:88:e2:04:ad:bb:c2:e6:18:e5:af:39:
         e3:cb:80:d3:e1:a8:7e:6f:f0:a7:b2:7c:ff:fc:99:77:1a:3f:
         ce:f0:1c:e7:92:9f:90:44:ed:20:a6:4d:82:38:c8:d4:10:17:
         5d:5b:64:72:cc:5c:fa:54:38:05:e8:a8:02:f0:45:c4:bf:04:
         f9:05:9c:57:d5:53:01:af:da:a9:ec:a4:71:9c:47:87:aa:cd:
         87:eb:1a:38:18:97:c3:49:5f:3b:de:e2:66:2b:01:41:e7:96:
         05:a4:3b:5e:3c:a2:2b:56:29:0d:ab:97:54:69:e2:30:5c:ff:
         92:92:3b:00:a3:78:89:3a:b5:3b:f9:43:51:16:4b:76:13:b1:
         12:fc:a0:65:ca:75:be:51:77:6b:80:86:0c:0c:92:bb:93:48:
         b6:b6:38:5c:c5:9c:da:9d:17:78:a9:90:ae:6a:b9:21:d9:af:
         e8:39:75:2f:29:76:07:c9:dd:bd:66:d4:c3:45:c0:9d:1c:03:
         2a:8e:c6:b3
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUVtYAOa+2j6kyU0OC3K9hrdi3W9IwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTQyNFoX
DTI3MDMwMzA2MTkyNFowMzExMC8GA1UEAxMoMEZERkIxNjE5Qzc5OTU0RkVDRkMz
Q0I2N0Q1RkZEODFGOTEzMzFBMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALk2M3tRXLn7NkKanbfPoaGynHw8xhoFzhP/xPyAmojOmZD6py9Fs0Asn3NW
ZA3GiR/6IxBfzO6j0xze2lYbExAnMYoMI2qO7dtxTEwf1w7c0++UcIPCZNA7b15l
djNZIDxq52zPQoHSb3eK/uMNlvHNi31t7Qa4jk5wRboadkAI1xlRtINd0HCqXtaT
tjeLTlPfFvQRWgueQvqK6m36iUg/MGOr3ZyZcdgd5ODlDxw1h/CSIky6y4Mr6Dox
gRjf2TyWWDCqUtYKLHIULFpGawf5WD+IkCOcocE3mKK74bEIm+7UD5sjPPabLfHW
/hCfxtga99I30w4ZIPaT/6o6ZKsCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQP37Fh
nHmVT+z8PLZ9X/2B+RMxojAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDg3OC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
qLQwDQYJKoZIhvcNAQELBQADggEBAEoAdspVk3ZEVyftso77T8hWJUfuh10oN2+Z
X7BSaoT5Xc0dYewtZaBTHqFLcuJzxQtH7aQu4oY0ZfSTur+I4gStu8LmGOWvOePL
gNPhqH5v8KeyfP/8mXcaP87wHOeSn5BE7SCmTYI4yNQQF11bZHLMXPpUOAXoqALw
RcS/BPkFnFfVUwGv2qnspHGcR4eqzYfrGjgYl8NJXzve4mYrAUHnlgWkO148oitW
KQ2rl1Rp4jBc/5KSOwCjeIk6tTv5Q1EWS3YTsRL8oGXKdb5Rd2uAhgwMkruTSLa2
OFzFnNqdF3ipkK5quSHZr+g5dS8pdgfJ3b1m1MNFwJ0cAyqOxrM=
-----END CERTIFICATE-----