Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144989.roa
File:                     AS144989.roa (raw, json)
Hash identifier:          HyslkJRMpyh7U6OC655h0rcbQY3cAeKVoc2o7rIGOHM=
Subject key identifier:   1B:FC:53:B1:72:1B:EE:0E:84:B3:6F:0C:CE:DE:EE:80:13:C0:F9:BA
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       53C82FE8AF5CD698CFDFAEEC537214F24FDC96C2
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144989.roa
Signing time:             Wed 04 Mar 2026 06:20:54 +0000
ROA not before:           Wed 04 Mar 2026 06:15:54 +0000
ROA not after:            Wed 03 Mar 2027 06:20:54 +0000
asID:                     144989
IP address blocks:        240a:a923::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:c8:2f:e8:af:5c:d6:98:cf:df:ae:ec:53:72:14:f2:4f:dc:96:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:15:54 2026 GMT
            Not After : Mar  3 06:20:54 2027 GMT
        Subject: CN=1BFC53B1721BEE0E84B36F0CCEDEEE8013C0F9BA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:de:c7:59:0d:f1:ca:38:13:40:64:e5:c3:e3:
                    54:87:65:3d:fb:4a:2d:62:1b:2a:30:6c:c8:22:5d:
                    63:f9:d5:ac:77:52:39:91:26:55:88:cc:77:a3:64:
                    2d:4b:89:68:64:34:d3:23:39:6b:ca:bb:c2:b3:f7:
                    24:e4:28:ec:83:07:a6:03:55:7d:51:be:43:9c:6d:
                    9d:97:95:3e:a2:c1:eb:8f:53:e6:27:54:9d:bb:4b:
                    42:96:cd:c4:b9:84:56:73:71:43:da:7a:63:ef:d2:
                    5a:d4:91:05:f0:9b:ee:48:4a:af:20:d0:87:01:07:
                    3c:68:31:ce:7e:25:e2:94:32:7e:dc:d5:e1:51:26:
                    33:c1:c5:44:0e:34:d1:4d:0d:38:be:8c:59:01:a7:
                    47:8c:99:2e:49:5a:33:83:5a:c0:93:49:d4:e2:4d:
                    75:81:02:1e:d6:85:b6:b9:ec:4d:4c:32:13:e3:d0:
                    72:a5:0a:f3:9f:ef:06:fa:6d:41:cd:a3:1e:09:19:
                    bd:31:f0:d9:d2:38:e1:91:c8:26:88:9f:b7:a4:04:
                    bf:34:5e:8a:9f:b9:76:21:55:72:44:02:7e:bc:bc:
                    3a:2d:8d:db:04:ef:18:18:10:de:f4:bf:52:16:17:
                    19:18:1b:c6:9e:ce:2d:8b:81:8e:ed:4f:39:16:bd:
                    4d:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:FC:53:B1:72:1B:EE:0E:84:B3:6F:0C:CE:DE:EE:80:13:C0:F9:BA
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144989.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a923::/32

    Signature Algorithm: sha256WithRSAEncryption
         8c:46:f3:7d:a3:86:36:57:37:44:db:20:b9:c2:cb:c4:d7:96:
         c5:f2:63:41:32:4b:6c:e5:64:b2:23:79:81:c1:a9:a4:f5:5a:
         a7:62:2d:24:f6:bb:eb:46:0a:90:14:dc:7b:9d:92:57:e9:8e:
         b1:bb:36:e7:1f:75:85:12:98:c6:5c:26:18:57:25:71:b5:fd:
         73:7b:33:07:17:1c:ed:be:ff:96:51:ce:33:9a:61:d3:79:48:
         3e:19:32:b6:ea:73:53:c6:b0:23:2b:6a:56:7a:1a:a8:ff:96:
         56:8e:08:22:b6:db:20:bf:46:88:96:c4:b9:73:94:ca:09:bc:
         7e:c8:40:3b:aa:01:0f:44:95:5b:98:92:37:2b:5b:b6:67:bc:
         86:21:ef:0d:a3:72:f2:56:ec:a2:66:3e:38:03:d5:f0:33:c0:
         ed:c8:63:cf:f0:3b:81:d7:e7:c7:38:41:b8:c2:db:f8:ad:4a:
         43:97:c9:aa:c2:37:0f:de:e1:08:92:e5:ae:06:21:bd:61:98:
         7e:43:00:53:86:6b:cc:22:64:14:57:84:aa:a0:9f:37:aa:d1:
         33:5e:5e:72:c0:aa:04:ec:99:77:3a:be:de:26:d6:ab:3d:74:
         e4:41:f4:cc:9d:88:35:a5:4a:ee:ad:f3:e1:af:03:67:32:d9:
         46:03:ef:38
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUU8gv6K9c1pjP367sU3IU8k/clsIwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTU1NFoX
DTI3MDMwMzA2MjA1NFowMzExMC8GA1UEAxMoMUJGQzUzQjE3MjFCRUUwRTg0QjM2
RjBDQ0VERUVFODAxM0MwRjlCQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAIbex1kN8co4E0Bk5cPjVIdlPftKLWIbKjBsyCJdY/nVrHdSOZEmVYjMd6Nk
LUuJaGQ00yM5a8q7wrP3JOQo7IMHpgNVfVG+Q5xtnZeVPqLB649T5idUnbtLQpbN
xLmEVnNxQ9p6Y+/SWtSRBfCb7khKryDQhwEHPGgxzn4l4pQyftzV4VEmM8HFRA40
0U0NOL6MWQGnR4yZLklaM4NawJNJ1OJNdYECHtaFtrnsTUwyE+PQcqUK85/vBvpt
Qc2jHgkZvTHw2dI44ZHIJoift6QEvzReip+5diFVckQCfry8Oi2N2wTvGBgQ3vS/
UhYXGRgbxp7OLYuBju1PORa9TacCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQb/FOx
chvuDoSzbwzO3u6AE8D5ujAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDk4OS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
qSMwDQYJKoZIhvcNAQELBQADggEBAIxG832jhjZXN0TbILnCy8TXlsXyY0EyS2zl
ZLIjeYHBqaT1WqdiLST2u+tGCpAU3HudklfpjrG7NucfdYUSmMZcJhhXJXG1/XN7
MwcXHO2+/5ZRzjOaYdN5SD4ZMrbqc1PGsCMralZ6Gqj/llaOCCK22yC/RoiWxLlz
lMoJvH7IQDuqAQ9ElVuYkjcrW7ZnvIYh7w2jcvJW7KJmPjgD1fAzwO3IY8/wO4HX
58c4QbjC2/itSkOXyarCNw/e4QiS5a4GIb1hmH5DAFOGa8wiZBRXhKqgnzeq0TNe
XnLAqgTsmXc6vt4m1qs9dORB9MydiDWlSu6t8+GvA2cy2UYD7zg=
-----END CERTIFICATE-----