Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144890.roa
File:                     AS144890.roa (raw, json)
Hash identifier:          0fedkxvJ6GwtZy4A3Vl4rYTNWRNTpCD5j+1IBHl97YE=
Subject key identifier:   C0:33:52:D2:28:74:2E:30:36:E1:8B:98:D2:EF:F3:E1:0F:FF:ED:73
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       0533DADC5E5844F235CCFE05DEDFDD8F073C2F81
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144890.roa
Signing time:             Wed 04 Mar 2026 06:20:06 +0000
ROA not before:           Wed 04 Mar 2026 06:15:06 +0000
ROA not after:            Wed 03 Mar 2027 06:20:06 +0000
asID:                     144890
IP address blocks:        240a:a8c0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            05:33:da:dc:5e:58:44:f2:35:cc:fe:05:de:df:dd:8f:07:3c:2f:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:15:06 2026 GMT
            Not After : Mar  3 06:20:06 2027 GMT
        Subject: CN=C03352D228742E3036E18B98D2EFF3E10FFFED73
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:f1:62:24:9b:4f:f3:6c:41:d9:c6:b9:d5:6a:
                    40:29:9b:e6:4a:c3:a7:f0:b3:1f:33:68:f3:d0:d1:
                    1d:9c:0c:dc:8f:fb:b7:86:e1:d4:9a:7c:a5:46:61:
                    6e:30:8f:0d:39:df:f4:31:c1:b3:02:84:13:0a:17:
                    16:81:58:de:46:94:58:b1:50:f9:05:dd:4e:ee:c7:
                    97:fa:ac:50:ed:63:ce:a5:c6:4e:7e:c3:7e:40:37:
                    7d:49:91:9e:8c:ad:b0:41:ce:40:3f:af:77:89:00:
                    f2:e9:00:06:f6:b8:a4:9b:97:f9:a1:03:e4:f2:f7:
                    7c:21:59:7b:f2:48:08:1f:00:1e:a1:f3:dd:64:c9:
                    00:d2:33:8a:cb:c5:35:28:72:e8:07:03:7c:99:12:
                    ae:61:ea:f2:e9:17:09:8c:48:28:ad:eb:2e:2a:0e:
                    23:4c:b3:8d:ba:60:e8:79:77:05:04:a1:fb:a8:ca:
                    c5:22:aa:e8:39:5e:a6:96:e8:80:b0:03:1f:4b:c5:
                    12:a5:68:cd:d2:e7:d2:2a:3c:9a:78:8c:f6:23:7b:
                    c5:13:38:79:95:44:47:30:cc:2e:58:ea:b4:c5:5c:
                    bf:c2:61:96:e7:4e:aa:99:06:fd:ab:9d:d9:95:b8:
                    78:30:30:83:8b:65:53:93:69:30:4d:77:00:50:89:
                    f1:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:33:52:D2:28:74:2E:30:36:E1:8B:98:D2:EF:F3:E1:0F:FF:ED:73
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144890.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a8c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         cb:8f:4c:31:3b:e1:4a:75:2b:c2:61:72:8f:13:fa:96:c8:cc:
         98:ae:93:af:7d:40:f3:69:c8:7c:17:04:da:d1:81:89:70:a1:
         d1:d8:96:8e:db:e2:95:0b:85:50:e3:b6:2f:d3:1d:5b:4c:00:
         d0:be:8d:e9:d1:fa:87:c6:98:c9:35:98:f4:cd:a7:d8:e3:93:
         bf:3b:dd:bc:2f:bc:71:55:fc:c6:13:1e:19:1f:51:04:a9:a9:
         90:1e:6f:ed:69:bd:b8:9d:54:26:df:40:24:6a:0b:a4:c8:d9:
         11:c1:b1:65:7b:82:c2:8d:08:ca:05:d1:2b:8c:36:73:70:9a:
         6d:c8:a7:99:c7:df:0d:84:b6:9c:be:32:23:f0:db:0b:07:bc:
         22:a4:86:e2:32:cf:ff:c3:d6:24:2b:bf:b2:ec:8d:3f:a7:b0:
         86:4c:50:18:3f:ad:4a:ba:81:21:34:78:cd:71:c3:b1:07:2f:
         b4:71:8c:19:84:d3:79:63:e7:3e:7b:12:41:cf:59:cf:47:ae:
         75:9e:b0:d7:db:5d:53:55:f9:05:d0:cd:b8:94:a4:49:27:57:
         40:a3:10:96:67:30:7e:a8:c2:a3:fb:35:5f:d1:fc:bf:17:cc:
         32:e9:04:86:5d:1f:c6:40:7f:a5:03:1c:cf:40:49:6f:c4:1d:
         bf:cb:8d:dd
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUBTPa3F5YRPI1zP4F3t/djwc8L4EwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTUwNloX
DTI3MDMwMzA2MjAwNlowMzExMC8GA1UEAxMoQzAzMzUyRDIyODc0MkUzMDM2RTE4
Qjk4RDJFRkYzRTEwRkZGRUQ3MzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOnxYiSbT/NsQdnGudVqQCmb5krDp/CzHzNo89DRHZwM3I/7t4bh1Jp8pUZh
bjCPDTnf9DHBswKEEwoXFoFY3kaUWLFQ+QXdTu7Hl/qsUO1jzqXGTn7DfkA3fUmR
noytsEHOQD+vd4kA8ukABva4pJuX+aED5PL3fCFZe/JICB8AHqHz3WTJANIzisvF
NShy6AcDfJkSrmHq8ukXCYxIKK3rLioOI0yzjbpg6Hl3BQSh+6jKxSKq6Dleppbo
gLADH0vFEqVozdLn0io8mniM9iN7xRM4eZVERzDMLljqtMVcv8JhludOqpkG/aud
2ZW4eDAwg4tlU5NpME13AFCJ8TMCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBTAM1LS
KHQuMDbhi5jS7/PhD//tczAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDg5MC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
qMAwDQYJKoZIhvcNAQELBQADggEBAMuPTDE74Up1K8Jhco8T+pbIzJiuk699QPNp
yHwXBNrRgYlwodHYlo7b4pULhVDjti/THVtMANC+jenR+ofGmMk1mPTNp9jjk787
3bwvvHFV/MYTHhkfUQSpqZAeb+1pvbidVCbfQCRqC6TI2RHBsWV7gsKNCMoF0SuM
NnNwmm3Ip5nH3w2Etpy+MiPw2wsHvCKkhuIyz//D1iQrv7LsjT+nsIZMUBg/rUq6
gSE0eM1xw7EHL7RxjBmE03lj5z57EkHPWc9HrnWesNfbXVNV+QXQzbiUpEknV0Cj
EJZnMH6owqP7NV/R/L8XzDLpBIZdH8ZAf6UDHM9ASW/EHb/Ljd0=
-----END CERTIFICATE-----