Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144972.roa
File:                     AS144972.roa (raw, json)
Hash identifier:          6+hK1UXUKCsGQDc2o6CuJ/LNGgqPmyjK6WFsiXfxySc=
Subject key identifier:   E1:47:84:07:C0:D3:47:40:6B:DF:6E:C3:6B:8E:72:A3:8C:D4:CD:33
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       69338E4C2C5AF30BFFD6C7BFA39B0F017C8877C2
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144972.roa
Signing time:             Wed 04 Mar 2026 06:21:30 +0000
ROA not before:           Wed 04 Mar 2026 06:16:30 +0000
ROA not after:            Wed 03 Mar 2027 06:21:30 +0000
asID:                     144972
IP address blocks:        240a:a912::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            69:33:8e:4c:2c:5a:f3:0b:ff:d6:c7:bf:a3:9b:0f:01:7c:88:77:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:16:30 2026 GMT
            Not After : Mar  3 06:21:30 2027 GMT
        Subject: CN=E1478407C0D347406BDF6EC36B8E72A38CD4CD33
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:36:af:10:f5:66:82:e3:05:e4:7d:11:26:a7:
                    f0:3b:1b:49:05:70:c6:3e:1d:00:f2:b1:c1:1e:a3:
                    61:76:e8:9d:a0:70:dd:ba:ff:6d:3d:40:d7:4d:ce:
                    68:ee:20:ab:41:9c:d8:78:ff:39:40:be:82:3f:30:
                    cd:e9:d9:3f:d3:a1:01:cb:bc:32:dd:e8:72:5e:c4:
                    1a:0f:51:96:c1:23:70:45:28:a1:29:d9:5f:d1:05:
                    6c:b6:02:5a:08:62:79:37:98:56:92:f8:4a:ca:2d:
                    ff:8c:df:95:90:5b:cc:c5:35:10:6f:75:be:b8:93:
                    fe:3d:05:c9:bd:64:8d:45:ab:9a:19:d3:35:d6:f9:
                    a5:bb:88:2b:ae:4f:d9:68:99:48:31:36:22:61:b5:
                    21:e9:a1:33:ec:9e:73:1b:63:cc:cf:d0:70:9d:fe:
                    b3:7a:41:97:dc:2e:cb:09:60:a2:f1:62:14:92:97:
                    fd:6e:9c:9c:b5:d7:cc:e2:be:81:49:47:38:84:87:
                    b6:6c:e6:0b:af:3f:b7:a0:f7:93:6d:f0:de:3f:6e:
                    30:d0:f4:e1:86:75:f2:a4:8f:6e:93:4a:01:44:58:
                    d0:d8:85:f8:6e:22:45:0b:f0:8c:24:71:1e:ea:c4:
                    38:69:c5:db:04:14:b8:37:20:c7:07:81:2f:38:d9:
                    98:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:47:84:07:C0:D3:47:40:6B:DF:6E:C3:6B:8E:72:A3:8C:D4:CD:33
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144972.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a912::/32

    Signature Algorithm: sha256WithRSAEncryption
         21:e4:aa:93:49:00:09:8f:41:2c:06:c3:bc:d7:71:db:ee:1b:
         ba:ed:f5:93:2f:10:ec:b4:80:a6:9e:a3:95:3c:3b:86:b6:e8:
         09:cc:92:d8:a8:69:04:4d:43:29:40:60:2b:d6:8d:c6:7e:b3:
         2b:f4:ba:c6:5a:1d:77:b3:2b:4a:b8:c4:69:02:5b:96:25:10:
         39:ff:94:eb:04:ab:42:20:9e:b6:b3:dd:54:5c:2e:bd:77:bb:
         b6:92:8b:0d:af:9c:98:cd:a8:e8:d6:e8:75:67:9f:b2:e9:49:
         10:2f:71:1e:d7:fa:94:0a:49:f5:22:d5:67:5e:96:23:7a:d7:
         41:0c:e6:de:ea:37:f1:73:0b:50:7b:27:f1:b6:d4:d3:3d:d0:
         a2:97:bf:7b:c6:37:f1:73:28:52:3e:c2:8a:33:d0:cc:6c:61:
         0b:d0:37:53:a3:ef:9e:22:5a:5c:60:00:e6:b0:90:e9:e0:83:
         f7:6c:33:90:ac:43:ff:35:d2:a2:0f:2f:e6:8e:58:01:a1:42:
         17:10:b6:f8:4d:69:a7:38:ba:03:87:7e:bc:4b:55:a2:ea:12:
         0f:d3:fd:3d:dc:75:77:9b:eb:55:fe:a7:20:94:04:c2:d4:f8:
         7f:22:92:d4:e7:0b:51:7d:1c:68:53:2b:54:49:8b:19:f7:da:
         53:68:c7:ac
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUaTOOTCxa8wv/1se/o5sPAXyId8IwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTYzMFoX
DTI3MDMwMzA2MjEzMFowMzExMC8GA1UEAxMoRTE0Nzg0MDdDMEQzNDc0MDZCREY2
RUMzNkI4RTcyQTM4Q0Q0Q0QzMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANk2rxD1ZoLjBeR9ESan8DsbSQVwxj4dAPKxwR6jYXbonaBw3br/bT1A103O
aO4gq0Gc2Hj/OUC+gj8wzenZP9OhAcu8Mt3ocl7EGg9RlsEjcEUooSnZX9EFbLYC
WghieTeYVpL4Ssot/4zflZBbzMU1EG91vriT/j0Fyb1kjUWrmhnTNdb5pbuIK65P
2WiZSDE2ImG1IemhM+yecxtjzM/QcJ3+s3pBl9wuywlgovFiFJKX/W6cnLXXzOK+
gUlHOISHtmzmC68/t6D3k23w3j9uMND04YZ18qSPbpNKAURY0NiF+G4iRQvwjCRx
HurEOGnF2wQUuDcgxweBLzjZmB0CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBThR4QH
wNNHQGvfbsNrjnKjjNTNMzAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDk3Mi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
qRIwDQYJKoZIhvcNAQELBQADggEBACHkqpNJAAmPQSwGw7zXcdvuG7rt9ZMvEOy0
gKaeo5U8O4a26AnMktioaQRNQylAYCvWjcZ+syv0usZaHXezK0q4xGkCW5YlEDn/
lOsEq0Ignraz3VRcLr13u7aSiw2vnJjNqOjW6HVnn7LpSRAvcR7X+pQKSfUi1Wde
liN610EM5t7qN/FzC1B7J/G21NM90KKXv3vGN/FzKFI+wooz0MxsYQvQN1Oj754i
WlxgAOawkOngg/dsM5CsQ/810qIPL+aOWAGhQhcQtvhNaac4ugOHfrxLVaLqEg/T
/T3cdXeb61X+pyCUBMLU+H8iktTnC1F9HGhTK1RJixn32lNox6w=
-----END CERTIFICATE-----