Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144898.roa
File:                     AS144898.roa (raw, json)
Hash identifier:          Wkn+4dc+oXdCOTrTItf8t6zdx0f4fDS2qqfgTfEsb+s=
Subject key identifier:   14:AA:8A:8C:B7:79:30:78:44:47:9B:C6:D4:C9:64:54:55:C5:21:04
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       0C6F1DB0620F830787BC22701620467DFD1A093B
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144898.roa
Signing time:             Wed 04 Mar 2026 06:21:35 +0000
ROA not before:           Wed 04 Mar 2026 06:16:35 +0000
ROA not after:            Wed 03 Mar 2027 06:21:35 +0000
asID:                     144898
IP address blocks:        240a:a8c8::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0c:6f:1d:b0:62:0f:83:07:87:bc:22:70:16:20:46:7d:fd:1a:09:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:16:35 2026 GMT
            Not After : Mar  3 06:21:35 2027 GMT
        Subject: CN=14AA8A8CB779307844479BC6D4C9645455C52104
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:99:37:13:3d:d4:ac:06:a6:be:89:e6:eb:14:
                    ab:4c:80:17:f0:f0:da:ed:90:75:2f:e6:33:b8:2a:
                    aa:07:cb:7f:05:5e:ee:8c:52:dd:56:01:04:4f:c7:
                    f0:ec:d5:0c:18:49:8d:1e:87:54:a3:1f:1d:97:5b:
                    85:37:09:f1:55:2d:d0:20:cc:41:2b:ec:85:d0:30:
                    df:22:22:21:6c:1b:65:37:bd:ad:d3:96:35:b7:92:
                    3e:82:03:46:eb:e5:62:c2:e5:c2:83:67:ad:01:10:
                    83:02:b1:df:b0:9e:5e:31:21:be:27:9b:b6:f8:e1:
                    01:3c:55:02:bc:b1:7e:7b:38:ca:4d:a1:6c:16:56:
                    b6:7b:8b:97:29:26:3b:b4:a5:cd:28:2f:f3:32:03:
                    42:48:fd:e3:8d:58:9c:d2:56:b3:8d:ae:2d:d0:30:
                    9a:c2:b6:eb:e5:99:50:09:2e:c0:d0:59:3e:c8:ff:
                    b2:64:36:cb:d9:4e:d9:46:b5:46:30:50:1b:bb:b6:
                    47:f2:38:18:db:05:42:a3:a4:d0:7e:2b:a9:9e:26:
                    f8:30:f8:39:07:5f:26:7b:87:0e:61:39:14:3c:4b:
                    91:84:da:23:7a:30:dd:bc:15:c5:99:f5:bd:1a:46:
                    f2:85:54:a4:74:d4:2c:4d:a8:25:ef:53:f0:6d:96:
                    59:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:AA:8A:8C:B7:79:30:78:44:47:9B:C6:D4:C9:64:54:55:C5:21:04
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144898.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a8c8::/32

    Signature Algorithm: sha256WithRSAEncryption
         6a:0d:b3:69:c6:a5:9b:3a:40:7e:73:46:9d:52:ed:75:e1:be:
         fb:b0:d6:ba:91:f9:bc:55:d9:f0:55:c0:c2:aa:d6:8c:c8:2c:
         af:29:c8:b9:aa:0f:79:2e:e0:8f:43:15:5d:2f:2b:df:ca:fc:
         9e:16:1e:5b:5a:48:32:c8:82:7a:8b:2b:25:9d:55:37:11:df:
         37:da:03:20:58:4d:7d:41:dd:c2:f9:d6:5f:d8:25:4e:24:f2:
         bd:7e:e3:68:2b:1e:75:ac:e5:17:05:4f:d3:da:b1:6b:06:92:
         77:33:8c:e8:62:e8:51:a5:fd:e8:03:ec:85:4e:71:e1:95:79:
         6c:89:da:cf:6a:f9:7a:38:b7:31:60:1d:e0:8e:1b:b3:17:e0:
         33:7b:e1:36:3a:50:5b:3a:9c:09:8e:b8:83:38:77:c4:12:86:
         e9:7b:aa:21:c8:cb:e9:65:de:de:87:b9:af:22:75:df:12:7d:
         27:05:48:6f:50:ae:6c:4d:ab:80:3e:16:cb:11:6b:71:74:35:
         e5:85:3d:38:e9:1e:84:df:21:8a:4f:55:df:d1:46:5d:69:08:
         03:c5:82:56:51:7c:c0:fe:e8:80:6f:28:07:d1:c1:ba:76:38:
         7f:e1:bd:4a:cd:97:1b:fa:9b:f3:3a:cc:98:bc:3e:72:50:f5:
         b9:c5:52:c4
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUDG8dsGIPgweHvCJwFiBGff0aCTswDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTYzNVoX
DTI3MDMwMzA2MjEzNVowMzExMC8GA1UEAxMoMTRBQThBOENCNzc5MzA3ODQ0NDc5
QkM2RDRDOTY0NTQ1NUM1MjEwNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKyZNxM91KwGpr6J5usUq0yAF/Dw2u2QdS/mM7gqqgfLfwVe7oxS3VYBBE/H
8OzVDBhJjR6HVKMfHZdbhTcJ8VUt0CDMQSvshdAw3yIiIWwbZTe9rdOWNbeSPoID
RuvlYsLlwoNnrQEQgwKx37CeXjEhviebtvjhATxVAryxfns4yk2hbBZWtnuLlykm
O7SlzSgv8zIDQkj9441YnNJWs42uLdAwmsK26+WZUAkuwNBZPsj/smQ2y9lO2Ua1
RjBQG7u2R/I4GNsFQqOk0H4rqZ4m+DD4OQdfJnuHDmE5FDxLkYTaI3ow3bwVxZn1
vRpG8oVUpHTULE2oJe9T8G2WWe8CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQUqoqM
t3kweERHm8bUyWRUVcUhBDAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDg5OC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
qMgwDQYJKoZIhvcNAQELBQADggEBAGoNs2nGpZs6QH5zRp1S7XXhvvuw1rqR+bxV
2fBVwMKq1ozILK8pyLmqD3ku4I9DFV0vK9/K/J4WHltaSDLIgnqLKyWdVTcR3zfa
AyBYTX1B3cL51l/YJU4k8r1+42grHnWs5RcFT9PasWsGknczjOhi6FGl/egD7IVO
ceGVeWyJ2s9q+Xo4tzFgHeCOG7MX4DN74TY6UFs6nAmOuIM4d8QShul7qiHIy+ll
3t6Hua8idd8SfScFSG9QrmxNq4A+FssRa3F0NeWFPTjpHoTfIYpPVd/RRl1pCAPF
glZRfMD+6IBvKAfRwbp2OH/hvUrNlxv6m/M6zJi8PnJQ9bnFUsQ=
-----END CERTIFICATE-----