Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144921.roa
File:                     AS144921.roa (raw, json)
Hash identifier:          KHlQqq18HM8OA/7JQPL9ZQHtQrhDTgoj49Yg88zsWUk=
Subject key identifier:   C2:7B:0D:49:48:B8:55:E7:D1:E2:36:EB:37:23:D9:3F:C1:05:FF:06
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       5E552D8560F471B231F1A8BC1BFF75F6DFDA2AAD
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144921.roa
Signing time:             Wed 04 Mar 2026 06:22:09 +0000
ROA not before:           Wed 04 Mar 2026 06:17:09 +0000
ROA not after:            Wed 03 Mar 2027 06:22:09 +0000
asID:                     144921
IP address blocks:        240a:a8df::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5e:55:2d:85:60:f4:71:b2:31:f1:a8:bc:1b:ff:75:f6:df:da:2a:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:17:09 2026 GMT
            Not After : Mar  3 06:22:09 2027 GMT
        Subject: CN=C27B0D4948B855E7D1E236EB3723D93FC105FF06
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:13:9b:be:0a:e9:7b:2c:5a:41:06:8d:db:db:
                    55:0a:d6:a6:ec:77:32:c4:30:29:8e:bf:8a:23:02:
                    85:1c:f5:0a:7b:92:e6:d5:14:d8:18:44:9e:3a:26:
                    c2:19:82:7c:76:d0:13:4f:e4:45:c4:b6:05:d3:34:
                    43:03:63:96:a0:67:80:bd:db:7a:fa:6c:53:b2:b9:
                    b1:c6:fa:5c:fc:07:c3:6a:fd:97:de:d6:c5:ab:0c:
                    fe:65:89:8b:1c:30:8f:cc:45:47:22:32:71:b5:40:
                    10:a3:13:30:1a:44:68:da:83:5c:12:00:c4:26:ae:
                    43:3a:d7:4c:a0:e6:54:e1:b3:4a:35:37:6f:cf:24:
                    19:ac:7b:c7:03:7d:92:81:fb:a4:f3:67:54:65:10:
                    cb:57:e0:9e:bc:87:89:c1:6a:b2:f5:60:43:9c:70:
                    a7:18:64:2f:f6:ef:27:9a:4c:d9:16:c9:b1:73:1d:
                    57:c0:28:19:29:f0:c0:00:a0:c4:d7:32:8d:4e:5b:
                    a1:c1:f3:47:09:e5:d1:17:e2:66:47:dc:bb:8c:eb:
                    86:82:96:8e:74:4b:95:36:fb:c0:65:bb:a2:75:3f:
                    d8:52:eb:2f:24:10:9b:7c:e8:1a:e5:76:9d:14:b9:
                    f3:b7:89:fc:e8:32:ae:21:38:e3:32:97:31:ef:8c:
                    59:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:7B:0D:49:48:B8:55:E7:D1:E2:36:EB:37:23:D9:3F:C1:05:FF:06
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144921.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a8df::/32

    Signature Algorithm: sha256WithRSAEncryption
         5b:cb:49:c8:dc:d0:5f:5a:cc:af:a3:e4:e4:40:c1:60:37:d8:
         15:a8:c2:40:b7:d2:a6:de:7d:b0:75:06:10:74:55:43:9e:b3:
         e6:e2:7c:c6:45:7d:15:e4:17:fc:09:2c:44:0d:a2:a2:34:ff:
         17:70:04:68:94:1b:6e:e2:3e:31:c9:ad:43:71:bf:f8:fb:84:
         f6:ff:ca:58:07:b9:d3:9a:88:a5:f5:68:31:1f:8a:50:8b:b9:
         a2:59:55:0f:b2:91:d6:7f:67:0a:03:82:12:2e:0c:4d:61:7c:
         ee:11:e4:da:ba:9d:71:02:7d:d8:30:56:0c:cb:24:87:93:43:
         c0:9c:52:ae:69:f4:8b:2e:55:de:73:a9:d9:33:1a:02:36:07:
         14:93:37:ed:bc:35:cf:e2:af:2a:d0:9f:bd:0f:c7:92:62:76:
         4c:df:8d:35:9e:81:4b:47:e4:43:4c:fa:d7:c8:90:72:01:ef:
         eb:5a:c9:4c:73:30:d1:20:c6:b2:bf:46:97:43:a1:49:ee:75:
         c7:f2:5e:43:54:02:a1:91:bd:81:eb:89:8d:5b:b8:5e:20:cd:
         86:da:ee:1d:04:93:d4:74:4c:aa:71:e6:de:60:b0:76:bf:d3:
         c5:8f:6f:2d:29:15:70:4d:46:aa:41:79:f0:32:e1:d5:77:9e:
         0d:56:aa:21
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUXlUthWD0cbIx8ai8G/919t/aKq0wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTcwOVoX
DTI3MDMwMzA2MjIwOVowMzExMC8GA1UEAxMoQzI3QjBENDk0OEI4NTVFN0QxRTIz
NkVCMzcyM0Q5M0ZDMTA1RkYwNjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK8Tm74K6XssWkEGjdvbVQrWpux3MsQwKY6/iiMChRz1CnuS5tUU2BhEnjom
whmCfHbQE0/kRcS2BdM0QwNjlqBngL3bevpsU7K5scb6XPwHw2r9l97WxasM/mWJ
ixwwj8xFRyIycbVAEKMTMBpEaNqDXBIAxCauQzrXTKDmVOGzSjU3b88kGax7xwN9
koH7pPNnVGUQy1fgnryHicFqsvVgQ5xwpxhkL/bvJ5pM2RbJsXMdV8AoGSnwwACg
xNcyjU5bocHzRwnl0RfiZkfcu4zrhoKWjnRLlTb7wGW7onU/2FLrLyQQm3zoGuV2
nRS587eJ/OgyriE44zKXMe+MWVkCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBTCew1J
SLhV59HiNus3I9k/wQX/BjAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDkyMS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
qN8wDQYJKoZIhvcNAQELBQADggEBAFvLScjc0F9azK+j5ORAwWA32BWowkC30qbe
fbB1BhB0VUOes+bifMZFfRXkF/wJLEQNoqI0/xdwBGiUG27iPjHJrUNxv/j7hPb/
ylgHudOaiKX1aDEfilCLuaJZVQ+ykdZ/ZwoDghIuDE1hfO4R5Nq6nXECfdgwVgzL
JIeTQ8CcUq5p9IsuVd5zqdkzGgI2BxSTN+28Nc/iryrQn70Px5JidkzfjTWegUtH
5ENM+tfIkHIB7+tayUxzMNEgxrK/RpdDoUnudcfyXkNUAqGRvYHriY1buF4gzYba
7h0Ek9R0TKpx5t5gsHa/08WPby0pFXBNRqpBefAy4dV3ng1WqiE=
-----END CERTIFICATE-----