Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144996.roa
File:                     AS144996.roa (raw, json)
Hash identifier:          FKTC9U1yvT6lJTdwO9o/cCOO21tjn4u7Do0qAtB4yvs=
Subject key identifier:   51:29:92:3E:3D:CE:E6:78:1D:A9:0B:17:C7:6D:90:06:16:D2:2D:2F
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       33442CC419F63990423A8680DF9E306947664069
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144996.roa
Signing time:             Wed 04 Mar 2026 06:22:33 +0000
ROA not before:           Wed 04 Mar 2026 06:17:33 +0000
ROA not after:            Wed 03 Mar 2027 06:22:33 +0000
asID:                     144996
IP address blocks:        240a:a92a::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:44:2c:c4:19:f6:39:90:42:3a:86:80:df:9e:30:69:47:66:40:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:17:33 2026 GMT
            Not After : Mar  3 06:22:33 2027 GMT
        Subject: CN=5129923E3DCEE6781DA90B17C76D900616D22D2F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:1a:f0:f9:09:08:89:23:4e:8f:53:04:b0:6b:
                    a3:fd:52:8b:04:43:49:ff:5b:56:23:bb:54:a4:d1:
                    17:4a:d1:ec:29:35:22:13:ae:b0:42:e7:c7:d4:e1:
                    7e:a4:11:0f:15:86:f4:a2:c2:15:d7:b4:1d:b8:86:
                    75:44:b9:8a:12:bb:2f:d1:6c:15:7e:b3:f2:5d:12:
                    61:e8:5b:37:d6:aa:30:1a:82:7a:01:de:f9:a2:33:
                    9d:1e:bb:47:b1:55:0b:a8:83:e6:31:25:7e:ad:fa:
                    2f:8c:1c:30:bf:bd:6f:91:49:4d:d4:86:69:34:10:
                    ee:e7:04:c1:22:a1:a2:ae:a7:5e:2d:5f:9c:92:37:
                    19:76:9a:b1:b1:c0:78:c2:aa:f6:a2:96:7f:9a:d3:
                    b7:74:7e:f2:d0:25:fc:b9:f0:a0:28:af:cb:45:db:
                    6c:ad:30:bd:35:9e:0f:4a:13:fa:f4:37:f2:b3:3a:
                    9e:f8:d2:15:38:74:ab:51:45:b7:63:f6:35:51:65:
                    01:50:c4:7c:be:10:2c:e5:18:4f:e4:c3:a7:dd:a7:
                    b7:f7:a4:14:65:b8:66:6d:dd:a1:f8:00:3e:c6:76:
                    ed:32:38:b2:3e:a1:61:a5:4e:76:1e:55:1d:56:29:
                    30:ae:a8:c1:64:26:32:1f:01:72:3b:8e:fa:54:d5:
                    60:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:29:92:3E:3D:CE:E6:78:1D:A9:0B:17:C7:6D:90:06:16:D2:2D:2F
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144996.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a92a::/32

    Signature Algorithm: sha256WithRSAEncryption
         7d:31:7d:10:76:a5:d8:f3:b7:1b:c3:11:fd:c4:3f:9f:28:95:
         58:70:ff:a7:ef:34:2d:fa:b9:97:d7:fa:ce:5d:3c:2b:e3:b8:
         cc:80:7e:ff:b8:ef:0b:bc:6c:60:85:f7:f9:d7:9e:db:f3:1a:
         26:8f:86:8c:4c:20:ae:52:59:b1:a9:f8:5a:ba:51:49:ad:15:
         93:99:c2:ee:bc:78:ba:ac:b2:4b:2f:aa:d7:c3:4f:c3:6c:62:
         0f:9f:8c:ac:a1:39:e1:e9:b1:ca:f0:e0:0b:d5:a7:7c:4b:44:
         90:f0:1c:48:13:94:2d:47:65:14:7a:97:a7:b3:2f:50:9f:0f:
         94:06:c5:ed:dd:9e:57:9a:fe:b3:ff:44:c9:2c:f7:24:28:2e:
         83:50:b0:3b:8f:e1:5e:79:ca:61:0b:ec:c4:cd:62:ac:f4:59:
         4d:9b:87:73:05:05:56:4e:2c:f9:e5:03:95:32:4e:51:5c:ad:
         a7:3f:fb:e5:01:5e:52:c2:22:0c:76:13:63:a1:f8:c1:8a:4c:
         b1:2c:7a:38:49:55:b7:36:bb:24:a3:d5:8e:e8:4d:f2:d1:55:
         3d:0a:90:ad:14:1b:05:76:05:de:6a:06:03:df:5e:a8:f3:72:
         71:56:d6:ee:72:49:78:00:4d:6d:63:a9:cc:3b:b9:f3:8e:55:
         3f:7a:6a:d7
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUM0QsxBn2OZBCOoaA354waUdmQGkwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTczM1oX
DTI3MDMwMzA2MjIzM1owMzExMC8GA1UEAxMoNTEyOTkyM0UzRENFRTY3ODFEQTkw
QjE3Qzc2RDkwMDYxNkQyMkQyRjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANwa8PkJCIkjTo9TBLBro/1SiwRDSf9bViO7VKTRF0rR7Ck1IhOusELnx9Th
fqQRDxWG9KLCFde0HbiGdUS5ihK7L9FsFX6z8l0SYehbN9aqMBqCegHe+aIznR67
R7FVC6iD5jElfq36L4wcML+9b5FJTdSGaTQQ7ucEwSKhoq6nXi1fnJI3GXaasbHA
eMKq9qKWf5rTt3R+8tAl/LnwoCivy0XbbK0wvTWeD0oT+vQ38rM6nvjSFTh0q1FF
t2P2NVFlAVDEfL4QLOUYT+TDp92nt/ekFGW4Zm3dofgAPsZ27TI4sj6hYaVOdh5V
HVYpMK6owWQmMh8BcjuO+lTVYKUCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBRRKZI+
Pc7meB2pCxfHbZAGFtItLzAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDk5Ni5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
qSowDQYJKoZIhvcNAQELBQADggEBAH0xfRB2pdjztxvDEf3EP58olVhw/6fvNC36
uZfX+s5dPCvjuMyAfv+47wu8bGCF9/nXntvzGiaPhoxMIK5SWbGp+Fq6UUmtFZOZ
wu68eLqssksvqtfDT8NsYg+fjKyhOeHpscrw4AvVp3xLRJDwHEgTlC1HZRR6l6ez
L1CfD5QGxe3dnlea/rP/RMks9yQoLoNQsDuP4V55ymEL7MTNYqz0WU2bh3MFBVZO
LPnlA5UyTlFcrac/++UBXlLCIgx2E2Oh+MGKTLEsejhJVbc2uySj1Y7oTfLRVT0K
kK0UGwV2Bd5qBgPfXqjzcnFW1u5ySXgATW1jqcw7ufOOVT96atc=
-----END CERTIFICATE-----