Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144900.roa
File:                     AS144900.roa (raw, json)
Hash identifier:          I1MvHZ69KCyqGBlceVp9GjeeJH3G0B/51jO5ul9jtjQ=
Subject key identifier:   04:15:98:5B:6F:44:F2:2C:8A:D2:ED:18:62:0B:C1:C0:D1:A3:3E:8D
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       329CC5C79F7A1F3F3EF63BA1A225084FDD171757
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144900.roa
Signing time:             Wed 04 Mar 2026 06:19:59 +0000
ROA not before:           Wed 04 Mar 2026 06:14:59 +0000
ROA not after:            Wed 03 Mar 2027 06:19:59 +0000
asID:                     144900
IP address blocks:        240a:a8ca::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:9c:c5:c7:9f:7a:1f:3f:3e:f6:3b:a1:a2:25:08:4f:dd:17:17:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:14:59 2026 GMT
            Not After : Mar  3 06:19:59 2027 GMT
        Subject: CN=0415985B6F44F22C8AD2ED18620BC1C0D1A33E8D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:91:00:7d:9d:0f:eb:de:17:f8:d3:6e:82:0d:
                    57:cc:8f:26:66:14:e5:7c:1a:84:31:cc:2a:1a:29:
                    33:e1:9e:0a:6b:b1:59:25:ab:8e:fc:77:a6:a3:85:
                    4f:3a:22:ca:54:92:9b:7a:ec:dc:5d:de:ce:63:8f:
                    bf:92:5b:8b:29:aa:b6:67:c4:e7:d9:6e:37:99:13:
                    9c:be:f6:40:17:46:39:ab:68:98:e4:07:7c:08:f0:
                    56:38:24:4c:07:09:bc:71:c4:7c:0b:e2:d4:d4:12:
                    3a:8f:8e:30:be:45:4b:2b:e2:81:c1:dd:f1:79:66:
                    2a:a5:33:96:86:f5:76:de:5e:ba:59:0d:bc:65:3e:
                    be:06:fb:69:b0:4a:48:b3:ac:1f:f6:93:79:42:72:
                    53:82:65:18:1d:fd:a2:64:e3:04:e7:61:8a:62:5c:
                    00:f0:06:73:73:00:c2:48:b7:06:47:01:d3:a5:5f:
                    eb:cd:55:e7:a8:4e:64:28:d9:1a:db:79:a4:46:29:
                    8c:e3:2a:88:aa:d3:7c:c3:57:f4:87:ad:0c:9b:f5:
                    6f:c1:8e:cf:4d:20:5a:ff:96:b8:55:35:45:43:56:
                    d3:02:b5:6c:8b:93:96:a6:c7:e9:1c:eb:cd:4a:6c:
                    02:a1:10:b2:7f:a2:a5:9c:e9:77:21:ca:3d:98:3a:
                    57:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:15:98:5B:6F:44:F2:2C:8A:D2:ED:18:62:0B:C1:C0:D1:A3:3E:8D
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144900.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a8ca::/32

    Signature Algorithm: sha256WithRSAEncryption
         50:21:c8:80:3d:a0:f3:61:9f:39:9a:ea:af:eb:07:f6:51:0e:
         41:d8:71:77:19:51:73:d3:78:47:5b:dd:cd:22:9f:4f:22:84:
         af:ad:8c:8f:6c:2e:f6:b5:2b:84:e6:12:dd:94:3a:9d:d8:6d:
         b4:67:b5:52:fb:a1:a7:51:2f:7c:7e:b6:a2:0e:00:8d:26:b7:
         9a:43:da:3f:34:3f:42:af:86:1c:21:29:75:00:de:6f:bb:e4:
         df:13:6a:9e:84:bb:fb:be:0a:d6:ba:80:0e:d5:eb:70:18:cc:
         f3:88:22:bf:05:71:68:49:f7:33:77:5d:29:27:bd:de:c1:dc:
         4b:79:d8:7e:34:bf:91:cb:e0:1d:51:61:ed:08:9f:6d:fd:9a:
         dd:96:fa:45:37:43:2f:c2:4d:4c:52:12:2f:b2:01:b0:b4:70:
         91:d5:0e:64:cf:8d:cb:8f:2f:9a:dc:62:0e:f0:c5:ef:76:0f:
         14:6a:52:0c:76:c6:16:67:2c:50:98:07:4b:27:66:82:59:0e:
         c8:f2:33:77:b1:be:a0:71:0f:aa:23:ed:c7:01:3e:c9:2f:48:
         3c:f6:57:cb:24:f5:e6:82:51:d2:5c:44:aa:c9:35:0c:93:2f:
         b2:41:80:56:73:1e:2d:0a:ca:1c:1a:ef:1c:9e:38:5d:eb:f4:
         17:cc:54:78
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUMpzFx596Hz8+9juhoiUIT90XF1cwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTQ1OVoX
DTI3MDMwMzA2MTk1OVowMzExMC8GA1UEAxMoMDQxNTk4NUI2RjQ0RjIyQzhBRDJF
RDE4NjIwQkMxQzBEMUEzM0U4RDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOeRAH2dD+veF/jTboINV8yPJmYU5XwahDHMKhopM+GeCmuxWSWrjvx3pqOF
TzoiylSSm3rs3F3ezmOPv5JbiymqtmfE59luN5kTnL72QBdGOatomOQHfAjwVjgk
TAcJvHHEfAvi1NQSOo+OML5FSyvigcHd8XlmKqUzlob1dt5eulkNvGU+vgb7abBK
SLOsH/aTeUJyU4JlGB39omTjBOdhimJcAPAGc3MAwki3BkcB06Vf681V56hOZCjZ
Gtt5pEYpjOMqiKrTfMNX9IetDJv1b8GOz00gWv+WuFU1RUNW0wK1bIuTlqbH6Rzr
zUpsAqEQsn+ipZzpdyHKPZg6Vz8CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQEFZhb
b0TyLIrS7RhiC8HA0aM+jTAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDkwMC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
qMowDQYJKoZIhvcNAQELBQADggEBAFAhyIA9oPNhnzma6q/rB/ZRDkHYcXcZUXPT
eEdb3c0in08ihK+tjI9sLva1K4TmEt2UOp3YbbRntVL7oadRL3x+tqIOAI0mt5pD
2j80P0KvhhwhKXUA3m+75N8Tap6Eu/u+Cta6gA7V63AYzPOIIr8FcWhJ9zN3XSkn
vd7B3Et52H40v5HL4B1RYe0In239mt2W+kU3Qy/CTUxSEi+yAbC0cJHVDmTPjcuP
L5rcYg7wxe92DxRqUgx2xhZnLFCYB0snZoJZDsjyM3exvqBxD6oj7ccBPskvSDz2
V8sk9eaCUdJcRKrJNQyTL7JBgFZzHi0Kyhwa7xyeOF3r9BfMVHg=
-----END CERTIFICATE-----