Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144992.roa
File:                     AS144992.roa (raw, json)
Hash identifier:          mhhdqqwotdwul8p0LVeXAnMInuuQE3exArbpZCR3RcY=
Subject key identifier:   D9:92:E6:2B:BF:97:B4:F8:41:57:6A:D5:5E:78:F0:22:4E:5E:6B:1F
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       1D12B60B2A700C0B4C2E845EB765A29514A57AD5
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144992.roa
Signing time:             Wed 04 Mar 2026 06:20:15 +0000
ROA not before:           Wed 04 Mar 2026 06:15:15 +0000
ROA not after:            Wed 03 Mar 2027 06:20:15 +0000
asID:                     144992
IP address blocks:        240a:a926::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:12:b6:0b:2a:70:0c:0b:4c:2e:84:5e:b7:65:a2:95:14:a5:7a:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:15:15 2026 GMT
            Not After : Mar  3 06:20:15 2027 GMT
        Subject: CN=D992E62BBF97B4F841576AD55E78F0224E5E6B1F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:dd:27:5b:54:4b:f7:b5:7f:1f:03:09:f3:ba:
                    8a:82:19:be:3a:c4:66:28:af:a2:f9:a5:12:f6:fc:
                    d3:b6:e1:b9:49:1e:c3:46:1d:c2:9f:72:4e:c9:be:
                    38:69:a5:bb:04:1c:d0:04:6d:37:cd:e7:8e:b7:18:
                    a3:b2:74:52:fd:e2:d5:86:df:07:0a:0f:4d:15:67:
                    03:9a:79:5e:11:e6:eb:2b:04:d3:81:e6:80:7d:ee:
                    b8:97:9a:9b:12:bf:87:0c:e9:a6:dd:94:f2:d5:7b:
                    4d:c2:88:05:95:b7:13:1f:02:94:70:fa:b1:32:9d:
                    57:3a:34:ff:3e:d1:64:59:86:06:81:20:b5:5d:38:
                    68:9d:f3:1a:d6:ba:a5:be:e6:d7:7f:53:cd:9c:87:
                    94:71:f7:ca:63:bd:d3:c7:43:e0:5b:72:c1:c1:b0:
                    43:1f:af:c3:4e:36:44:33:51:98:48:c4:95:6a:4f:
                    d4:d6:af:36:26:41:ed:53:a8:95:5a:83:71:6c:3f:
                    8e:a1:a6:29:fd:70:2b:e5:89:55:1a:68:c6:08:1a:
                    5c:cc:62:09:07:c6:04:60:c6:c1:ab:dc:f9:b5:ff:
                    87:2f:ba:47:02:41:f9:00:26:ca:9d:50:9b:be:6d:
                    dc:a7:98:ce:c8:0a:1e:68:e9:5d:88:0f:f8:1d:bb:
                    06:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:92:E6:2B:BF:97:B4:F8:41:57:6A:D5:5E:78:F0:22:4E:5E:6B:1F
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144992.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a926::/32

    Signature Algorithm: sha256WithRSAEncryption
         76:bf:05:d2:f7:8c:84:e3:dc:99:9c:62:5f:fc:3b:07:82:c0:
         6a:89:4f:2f:12:ec:7a:5d:17:38:77:d5:a7:6e:93:f9:3b:54:
         1b:89:c7:3b:0f:6a:39:44:2b:b4:17:a0:f3:ae:93:b7:a3:1c:
         cd:4b:63:7b:8f:66:00:d4:1d:d1:31:25:d7:9d:67:72:08:e3:
         55:a9:ae:37:c3:02:84:bb:ec:4f:be:aa:7c:cc:dd:cc:ba:52:
         ac:ad:ac:9d:80:ef:95:09:45:b9:32:e1:39:39:53:88:51:29:
         18:ff:5a:86:f2:e3:43:06:43:70:fc:c6:1c:64:0f:ce:54:b4:
         84:00:5a:48:6c:32:f7:c3:9e:47:51:cb:21:6a:e1:2c:a6:0f:
         3e:78:00:35:16:b0:c1:99:44:0c:d1:56:ba:cb:05:d0:41:25:
         48:30:89:e3:95:22:92:1c:38:8a:8c:7f:13:35:8d:de:09:2e:
         fe:9e:ed:30:02:40:f6:71:4a:96:7c:ed:15:a6:f0:a7:4a:1e:
         b6:3d:b2:c2:49:8d:03:aa:4a:52:14:ee:7f:da:fe:a0:4b:fc:
         c2:1b:df:39:ab:91:fc:ec:f8:7a:b4:75:14:15:8d:45:9c:66:
         40:f3:f0:31:7f:eb:03:e8:f9:d9:ee:98:2f:e0:3b:8f:33:66:
         5a:a2:f4:dd
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUHRK2CypwDAtMLoRet2WilRSletUwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTUxNVoX
DTI3MDMwMzA2MjAxNVowMzExMC8GA1UEAxMoRDk5MkU2MkJCRjk3QjRGODQxNTc2
QUQ1NUU3OEYwMjI0RTVFNkIxRjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMvdJ1tUS/e1fx8DCfO6ioIZvjrEZiivovmlEvb807bhuUkew0Ydwp9yTsm+
OGmluwQc0ARtN83njrcYo7J0Uv3i1YbfBwoPTRVnA5p5XhHm6ysE04HmgH3uuJea
mxK/hwzppt2U8tV7TcKIBZW3Ex8ClHD6sTKdVzo0/z7RZFmGBoEgtV04aJ3zGta6
pb7m139TzZyHlHH3ymO908dD4FtywcGwQx+vw042RDNRmEjElWpP1NavNiZB7VOo
lVqDcWw/jqGmKf1wK+WJVRpoxggaXMxiCQfGBGDGwavc+bX/hy+6RwJB+QAmyp1Q
m75t3KeYzsgKHmjpXYgP+B27Bh0CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBTZkuYr
v5e0+EFXatVeePAiTl5rHzAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDk5Mi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
qSYwDQYJKoZIhvcNAQELBQADggEBAHa/BdL3jITj3JmcYl/8OweCwGqJTy8S7Hpd
Fzh31aduk/k7VBuJxzsPajlEK7QXoPOuk7ejHM1LY3uPZgDUHdExJdedZ3II41Wp
rjfDAoS77E++qnzM3cy6UqytrJ2A75UJRbky4Tk5U4hRKRj/Woby40MGQ3D8xhxk
D85UtIQAWkhsMvfDnkdRyyFq4SymDz54ADUWsMGZRAzRVrrLBdBBJUgwieOVIpIc
OIqMfxM1jd4JLv6e7TACQPZxSpZ87RWm8KdKHrY9ssJJjQOqSlIU7n/a/qBL/MIb
3zmrkfzs+Hq0dRQVjUWcZkDz8DF/6wPo+dnumC/gO48zZlqi9N0=
-----END CERTIFICATE-----