Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144938.roa
File:                     AS144938.roa (raw, json)
Hash identifier:          es82UlQMhhmzd4jO1IEikLMcNefijA3lXAYIJC3YLqY=
Subject key identifier:   C3:32:24:B6:3F:3D:FC:C5:FA:3C:A4:2D:31:B9:8E:90:77:97:14:46
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       5B072F2095F8D80E653D69108CC7AB83025168E6
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144938.roa
Signing time:             Wed 04 Mar 2026 06:21:23 +0000
ROA not before:           Wed 04 Mar 2026 06:16:23 +0000
ROA not after:            Wed 03 Mar 2027 06:21:23 +0000
asID:                     144938
IP address blocks:        240a:a8f0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5b:07:2f:20:95:f8:d8:0e:65:3d:69:10:8c:c7:ab:83:02:51:68:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:16:23 2026 GMT
            Not After : Mar  3 06:21:23 2027 GMT
        Subject: CN=C33224B63F3DFCC5FA3CA42D31B98E9077971446
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:6f:7b:7b:20:1d:3f:cd:cc:d6:76:39:36:c7:
                    88:5c:2e:3e:94:e9:f7:73:46:de:de:be:2b:39:dc:
                    e7:26:2d:b8:f4:0e:1a:2f:58:b9:30:bd:7d:78:f2:
                    64:a7:28:c7:f2:b7:bc:ab:68:4f:d0:e1:6e:db:c3:
                    49:b7:48:9f:2c:82:b9:7a:c6:ff:86:bc:12:41:4e:
                    fd:55:26:c6:cf:7f:58:42:0a:31:54:9c:70:11:ec:
                    91:9d:34:64:91:81:ba:e1:99:e6:1a:4a:cd:cc:61:
                    24:02:3f:e4:1d:a7:25:dc:b5:0c:24:58:24:62:21:
                    79:26:fc:c0:a0:a8:3b:60:d9:d7:14:40:45:82:9b:
                    be:15:70:95:78:51:6e:4e:e9:5f:8a:01:ae:51:2c:
                    37:c9:c3:76:10:c3:bb:2f:d4:d9:2f:21:ee:a4:c3:
                    6b:4e:61:5c:15:5c:fe:0f:2b:04:5d:b8:ce:9e:ad:
                    4e:b0:0b:49:19:b3:8f:54:d2:81:4d:fa:fd:ee:56:
                    1c:e6:5b:bd:1f:93:56:06:aa:f4:c6:46:e0:dc:a3:
                    18:48:f2:a1:91:77:4c:f8:b8:ef:08:68:8b:6f:6e:
                    16:17:6b:23:ae:10:be:74:14:02:db:e7:d8:f8:23:
                    fd:8c:9a:88:d0:04:f3:02:c0:ea:6d:d0:c0:b9:2c:
                    60:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:32:24:B6:3F:3D:FC:C5:FA:3C:A4:2D:31:B9:8E:90:77:97:14:46
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144938.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a8f0::/32

    Signature Algorithm: sha256WithRSAEncryption
         2d:72:8e:56:c9:e3:f9:d3:96:8d:c2:61:4f:8a:f9:5d:78:5b:
         b5:66:31:eb:c3:57:b9:a2:d5:6e:7d:02:3a:4f:d4:c3:e7:2d:
         0f:3c:17:e1:be:7e:ea:ae:10:69:14:ed:01:24:50:0c:6b:5f:
         ed:d4:26:12:54:b4:51:c5:74:70:5c:a6:7c:09:8b:d9:29:33:
         27:92:1a:c4:40:c6:4f:56:c9:3b:b6:82:db:3e:33:65:bf:f2:
         4d:d9:9e:7c:ef:f9:6b:09:9e:06:0a:2d:57:23:cc:32:8a:cb:
         fd:57:69:58:58:0f:fe:3e:6c:69:2e:1b:4a:28:66:f8:46:3c:
         2e:b9:fe:22:0c:a5:81:57:2f:ac:24:de:ac:06:e0:e6:79:d6:
         fb:38:55:2c:9c:40:45:b4:b6:74:60:90:cc:0c:a4:e5:c1:1a:
         d2:07:09:31:cf:fa:92:f4:3b:2f:99:5b:0e:77:3d:c5:be:c8:
         43:ad:9a:a6:d0:4d:a9:cd:dd:c5:fa:82:e4:f9:95:cb:b0:05:
         f7:a7:c1:f5:5f:32:1b:bf:2d:5a:d7:1e:25:45:da:af:59:ce:
         4d:58:68:5e:36:a3:bd:e1:69:67:57:b1:68:09:fa:3e:92:da:
         d8:28:3c:d0:3b:b3:dd:88:11:19:0e:60:cb:2d:ed:13:d4:b8:
         af:08:bf:1d
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUWwcvIJX42A5lPWkQjMergwJRaOYwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTYyM1oX
DTI3MDMwMzA2MjEyM1owMzExMC8GA1UEAxMoQzMzMjI0QjYzRjNERkNDNUZBM0NB
NDJEMzFCOThFOTA3Nzk3MTQ0NjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALZve3sgHT/NzNZ2OTbHiFwuPpTp93NG3t6+Kznc5yYtuPQOGi9YuTC9fXjy
ZKcox/K3vKtoT9DhbtvDSbdInyyCuXrG/4a8EkFO/VUmxs9/WEIKMVSccBHskZ00
ZJGBuuGZ5hpKzcxhJAI/5B2nJdy1DCRYJGIheSb8wKCoO2DZ1xRARYKbvhVwlXhR
bk7pX4oBrlEsN8nDdhDDuy/U2S8h7qTDa05hXBVc/g8rBF24zp6tTrALSRmzj1TS
gU36/e5WHOZbvR+TVgaq9MZG4NyjGEjyoZF3TPi47whoi29uFhdrI64QvnQUAtvn
2Pgj/YyaiNAE8wLA6m3QwLksYPcCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBTDMiS2
Pz38xfo8pC0xuY6Qd5cURjAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDkzOC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
qPAwDQYJKoZIhvcNAQELBQADggEBAC1yjlbJ4/nTlo3CYU+K+V14W7VmMevDV7mi
1W59AjpP1MPnLQ88F+G+fuquEGkU7QEkUAxrX+3UJhJUtFHFdHBcpnwJi9kpMyeS
GsRAxk9WyTu2gts+M2W/8k3Znnzv+WsJngYKLVcjzDKKy/1XaVhYD/4+bGkuG0oo
ZvhGPC65/iIMpYFXL6wk3qwG4OZ51vs4VSycQEW0tnRgkMwMpOXBGtIHCTHP+pL0
Oy+ZWw53PcW+yEOtmqbQTanN3cX6guT5lcuwBfenwfVfMhu/LVrXHiVF2q9Zzk1Y
aF42o73haWdXsWgJ+j6S2tgoPNA7s92IERkOYMst7RPUuK8Ivx0=
-----END CERTIFICATE-----