Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144948.roa
File:                     AS144948.roa (raw, json)
Hash identifier:          Iz/Jd+PLIrMmkmy3Q8Hn4cjW4SCzxCUVQmcDlMFM/3E=
Subject key identifier:   2B:97:71:23:ED:DB:50:A6:AA:FB:6F:80:E6:67:DD:02:92:AE:A5:6A
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       6120C1FD013A6F52E0449BF624EE589FA70013CF
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144948.roa
Signing time:             Wed 04 Mar 2026 06:19:25 +0000
ROA not before:           Wed 04 Mar 2026 06:14:25 +0000
ROA not after:            Wed 03 Mar 2027 06:19:25 +0000
asID:                     144948
IP address blocks:        240a:a8fa::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:20:c1:fd:01:3a:6f:52:e0:44:9b:f6:24:ee:58:9f:a7:00:13:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:14:25 2026 GMT
            Not After : Mar  3 06:19:25 2027 GMT
        Subject: CN=2B977123EDDB50A6AAFB6F80E667DD0292AEA56A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:32:f7:c7:70:e2:0b:ec:57:3c:c8:46:80:36:
                    e2:22:06:7a:ac:a8:db:0f:31:ed:d0:19:35:dd:20:
                    e4:0c:d0:d1:f5:76:39:2f:bd:40:22:8d:0c:da:02:
                    e3:90:e0:e1:10:7b:56:3b:0b:57:11:d9:b8:61:72:
                    0b:94:f4:6f:6d:ae:35:51:9e:1b:f9:36:d0:92:c1:
                    7d:bd:41:f7:51:f8:11:ac:71:1d:79:93:54:b7:d3:
                    bf:0f:11:85:b3:ad:8a:e7:df:8d:fd:db:4c:00:87:
                    a1:2f:e8:fc:a5:51:65:5d:0b:ce:f3:67:9e:b7:9a:
                    1f:ed:37:60:d0:ba:fd:e0:87:55:60:e1:4d:5a:9e:
                    c9:29:25:3c:16:3e:de:c2:1d:ba:17:85:e1:80:c2:
                    96:bd:21:8f:ab:f1:a8:67:a0:23:6d:36:41:e1:42:
                    64:05:5f:50:ae:e5:7b:48:e1:16:30:a1:62:89:1d:
                    d2:f9:a2:fe:dd:4a:a7:7a:56:3f:cb:ae:6b:21:46:
                    2f:5d:27:2d:73:ad:62:a4:67:f4:a1:a2:f5:c1:25:
                    46:e4:5e:33:9c:d4:99:aa:8a:42:03:eb:45:60:8c:
                    d6:33:19:34:a4:73:ad:60:0a:cd:f8:5e:92:f3:43:
                    1c:de:4f:51:0f:9c:79:90:e7:9f:4c:67:d4:e5:43:
                    d6:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:97:71:23:ED:DB:50:A6:AA:FB:6F:80:E6:67:DD:02:92:AE:A5:6A
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144948.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a8fa::/32

    Signature Algorithm: sha256WithRSAEncryption
         4d:e5:e6:16:93:08:bd:58:11:53:a4:f2:1a:c9:d3:96:85:00:
         e2:15:79:ee:a4:18:08:47:e9:30:ef:c7:a2:f4:74:e1:36:c7:
         59:3a:07:8d:c8:b6:a9:e2:b2:5e:ab:ff:24:23:22:fc:ca:41:
         d5:59:ae:a2:e9:01:f1:53:fd:9a:0b:5c:d3:71:65:9f:78:dc:
         59:4c:45:2e:c3:1c:01:db:c3:05:1e:e9:6e:9e:f4:67:87:68:
         76:2b:d0:c6:4a:55:e2:fa:37:72:71:14:55:cc:66:6d:d3:fb:
         ef:aa:69:ea:e8:4a:e8:e1:09:ee:34:b4:1a:6d:80:8f:73:d0:
         11:7c:b7:5a:5b:2c:aa:03:b9:ee:50:50:c3:23:29:d9:4a:aa:
         82:c6:db:ba:72:3a:36:1f:df:70:51:18:c2:af:17:da:02:54:
         3d:e2:3a:06:ef:bc:08:3e:fa:36:18:f2:0f:aa:5e:4d:28:8f:
         ce:6d:64:ce:20:7b:e0:e8:c9:10:b8:1e:c5:3c:68:54:3b:60:
         ef:92:80:f8:6c:e6:76:27:3f:65:ea:c0:ae:23:d1:b9:a9:bd:
         b1:df:ad:a5:ca:08:ad:37:16:00:f2:41:cb:66:20:ac:fe:da:
         15:4d:2b:35:2c:1a:ee:4a:5b:3f:7b:48:79:94:0f:e8:b2:b5:
         bd:ad:50:66
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUYSDB/QE6b1LgRJv2JO5Yn6cAE88wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTQyNVoX
DTI3MDMwMzA2MTkyNVowMzExMC8GA1UEAxMoMkI5NzcxMjNFRERCNTBBNkFBRkI2
RjgwRTY2N0REMDI5MkFFQTU2QTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAM0y98dw4gvsVzzIRoA24iIGeqyo2w8x7dAZNd0g5AzQ0fV2OS+9QCKNDNoC
45Dg4RB7VjsLVxHZuGFyC5T0b22uNVGeG/k20JLBfb1B91H4EaxxHXmTVLfTvw8R
hbOtiuffjf3bTACHoS/o/KVRZV0LzvNnnreaH+03YNC6/eCHVWDhTVqeySklPBY+
3sIduheF4YDClr0hj6vxqGegI202QeFCZAVfUK7le0jhFjChYokd0vmi/t1Kp3pW
P8uuayFGL10nLXOtYqRn9KGi9cElRuReM5zUmaqKQgPrRWCM1jMZNKRzrWAKzfhe
kvNDHN5PUQ+ceZDnn0xn1OVD1i8CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQrl3Ej
7dtQpqr7b4DmZ90Ckq6lajAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDk0OC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
qPowDQYJKoZIhvcNAQELBQADggEBAE3l5haTCL1YEVOk8hrJ05aFAOIVee6kGAhH
6TDvx6L0dOE2x1k6B43Itqnisl6r/yQjIvzKQdVZrqLpAfFT/ZoLXNNxZZ943FlM
RS7DHAHbwwUe6W6e9GeHaHYr0MZKVeL6N3JxFFXMZm3T+++qaeroSujhCe40tBpt
gI9z0BF8t1pbLKoDue5QUMMjKdlKqoLG27pyOjYf33BRGMKvF9oCVD3iOgbvvAg+
+jYY8g+qXk0oj85tZM4ge+DoyRC4HsU8aFQ7YO+SgPhs5nYnP2XqwK4j0bmpvbHf
raXKCK03FgDyQctmIKz+2hVNKzUsGu5KWz97SHmUD+iytb2tUGY=
-----END CERTIFICATE-----