Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144970.roa
File:                     AS144970.roa (raw, json)
Hash identifier:          T9SMqY8J6I32ZSSL+VvJBckn9WMaoZaLbHnvJFd78L4=
Subject key identifier:   BE:D2:87:53:99:0F:43:33:AB:6D:2A:B6:CB:F3:2B:52:56:58:37:59
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       7760E8B395C519F1CEC3FBD6AF129F20127DAC10
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144970.roa
Signing time:             Wed 04 Mar 2026 06:22:10 +0000
ROA not before:           Wed 04 Mar 2026 06:17:10 +0000
ROA not after:            Wed 03 Mar 2027 06:22:10 +0000
asID:                     144970
IP address blocks:        240a:a910::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            77:60:e8:b3:95:c5:19:f1:ce:c3:fb:d6:af:12:9f:20:12:7d:ac:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:17:10 2026 GMT
            Not After : Mar  3 06:22:10 2027 GMT
        Subject: CN=BED28753990F4333AB6D2AB6CBF32B5256583759
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:34:13:ba:ae:95:1a:7b:a3:6a:36:30:22:87:
                    6f:a2:9c:e5:9b:5b:61:63:30:d8:48:2e:50:fe:78:
                    5c:59:e3:c4:db:80:e3:19:54:aa:b1:cc:f2:2b:f4:
                    f4:6f:47:d8:bb:9c:65:8d:5f:89:54:ad:f5:c4:ba:
                    63:f0:df:c1:8e:02:d5:85:fd:7e:c5:06:b0:da:81:
                    27:cf:5f:fe:7e:71:87:88:ff:33:3c:e5:f7:c0:6b:
                    55:c6:b9:b5:14:40:0f:84:41:aa:34:05:c1:7f:55:
                    8a:a7:88:3b:55:bd:4d:3b:ff:e0:b8:e9:81:8d:db:
                    17:91:84:4d:92:54:93:d2:36:09:86:8a:16:8f:86:
                    27:fa:a8:a1:72:3b:da:19:4c:fd:35:cb:26:00:d6:
                    c3:bc:7e:be:1c:d4:10:b7:a3:c6:03:1d:f5:3e:4c:
                    74:4a:c8:33:70:d1:1e:05:07:a4:d6:b0:b0:94:d7:
                    f6:b8:53:0f:a6:c4:24:c0:0d:97:ea:d5:be:1f:c9:
                    e0:b5:41:57:82:89:39:12:c9:c1:21:60:72:21:32:
                    5f:95:db:8f:20:9d:9e:c6:6d:b3:b4:0b:85:5c:45:
                    8a:4c:c1:ad:df:d3:c4:52:9c:a9:35:25:d8:2a:49:
                    c3:9c:67:3f:b2:c9:9c:15:82:d8:ca:41:b8:13:14:
                    27:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:D2:87:53:99:0F:43:33:AB:6D:2A:B6:CB:F3:2B:52:56:58:37:59
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144970.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a910::/32

    Signature Algorithm: sha256WithRSAEncryption
         84:08:c8:68:84:09:b5:14:5c:3f:de:20:11:01:8c:45:f9:e0:
         0c:df:1d:32:db:0a:e2:13:91:38:fa:fb:fd:85:ac:5a:2d:af:
         8e:1c:ab:2e:fd:51:99:ef:f7:7f:0c:5b:cd:a2:1e:d2:0f:0f:
         e3:08:b2:52:fb:a1:90:c3:e5:63:15:07:7f:97:da:d9:19:a7:
         07:79:5a:8e:d7:40:b1:80:5f:bb:c8:8a:41:40:1c:f9:29:f4:
         16:19:ab:e6:51:08:60:c4:17:66:fc:d3:d4:d7:51:eb:3e:3c:
         af:14:47:4e:5d:f1:e7:d1:a2:22:7e:dd:87:cd:1c:3c:ad:14:
         86:52:77:fb:2c:5a:88:67:0f:25:95:53:d5:90:38:45:b3:1e:
         ad:22:13:af:22:1d:72:c1:0e:07:bf:51:ea:ad:14:32:c2:bc:
         36:86:ea:f5:5d:fa:41:e1:a2:76:93:c1:fb:d9:8f:09:9d:7c:
         1f:f8:66:16:f8:9f:ef:67:ef:54:6b:9c:1d:11:5b:fb:d0:95:
         dd:e0:96:cc:21:f4:4e:ec:34:6b:08:a5:ac:48:93:08:bf:7d:
         23:08:ff:a2:0f:c9:a5:fa:73:ed:91:73:e3:aa:f3:05:cd:59:
         4f:38:70:9d:2f:12:54:21:12:c7:8a:69:f9:af:f9:36:d2:6b:
         d9:6b:7b:c6
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUd2Dos5XFGfHOw/vWrxKfIBJ9rBAwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTcxMFoX
DTI3MDMwMzA2MjIxMFowMzExMC8GA1UEAxMoQkVEMjg3NTM5OTBGNDMzM0FCNkQy
QUI2Q0JGMzJCNTI1NjU4Mzc1OTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALk0E7qulRp7o2o2MCKHb6Kc5ZtbYWMw2EguUP54XFnjxNuA4xlUqrHM8iv0
9G9H2LucZY1fiVSt9cS6Y/DfwY4C1YX9fsUGsNqBJ89f/n5xh4j/Mzzl98BrVca5
tRRAD4RBqjQFwX9ViqeIO1W9TTv/4LjpgY3bF5GETZJUk9I2CYaKFo+GJ/qooXI7
2hlM/TXLJgDWw7x+vhzUELejxgMd9T5MdErIM3DRHgUHpNawsJTX9rhTD6bEJMAN
l+rVvh/J4LVBV4KJORLJwSFgciEyX5XbjyCdnsZts7QLhVxFikzBrd/TxFKcqTUl
2CpJw5xnP7LJnBWC2MpBuBMUJxMCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBS+0odT
mQ9DM6ttKrbL8ytSVlg3WTAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDk3MC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
qRAwDQYJKoZIhvcNAQELBQADggEBAIQIyGiECbUUXD/eIBEBjEX54AzfHTLbCuIT
kTj6+/2FrFotr44cqy79UZnv938MW82iHtIPD+MIslL7oZDD5WMVB3+X2tkZpwd5
Wo7XQLGAX7vIikFAHPkp9BYZq+ZRCGDEF2b809TXUes+PK8UR05d8efRoiJ+3YfN
HDytFIZSd/ssWohnDyWVU9WQOEWzHq0iE68iHXLBDge/UeqtFDLCvDaG6vVd+kHh
onaTwfvZjwmdfB/4Zhb4n+9n71RrnB0RW/vQld3glswh9E7sNGsIpaxIkwi/fSMI
/6IPyaX6c+2Rc+Oq8wXNWU84cJ0vElQhEseKafmv+TbSa9lre8Y=
-----END CERTIFICATE-----