Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145065.roa
File:                     AS145065.roa (raw, json)
Hash identifier:          HkMfbzfS560Hij+L6atcd1ooYmJz+q9GhbCoumNdXOc=
Subject key identifier:   99:CD:50:B1:2C:45:EB:0E:C7:B0:53:BA:DF:F2:79:C9:D1:F7:19:DC
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       30EFB2696AF82C76E69C8867F0CA1EBCBEBEA2A2
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145065.roa
Signing time:             Wed 04 Mar 2026 06:21:20 +0000
ROA not before:           Wed 04 Mar 2026 06:16:20 +0000
ROA not after:            Wed 03 Mar 2027 06:21:20 +0000
asID:                     145065
IP address blocks:        240a:a96f::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            30:ef:b2:69:6a:f8:2c:76:e6:9c:88:67:f0:ca:1e:bc:be:be:a2:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:16:20 2026 GMT
            Not After : Mar  3 06:21:20 2027 GMT
        Subject: CN=99CD50B12C45EB0EC7B053BADFF279C9D1F719DC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:f0:bc:cb:36:e9:58:76:59:53:8a:cc:ca:e5:
                    4e:5b:f1:20:cd:30:70:c6:5e:e5:a1:11:b8:e7:d1:
                    78:80:42:63:f1:73:4a:a9:aa:96:d4:43:a2:df:48:
                    12:64:4d:a9:60:7a:5b:ef:fe:86:16:57:87:cf:cd:
                    34:b7:61:aa:2d:d5:eb:ff:7d:59:ae:e3:c9:3f:0e:
                    af:0c:0f:0c:e8:31:93:e1:dc:9f:3d:ee:40:8c:ed:
                    69:8d:db:eb:73:18:01:6f:08:25:3d:09:80:d6:4f:
                    bc:88:53:e4:62:b2:33:26:8c:8f:be:ae:42:86:2c:
                    aa:05:33:d4:39:98:0b:eb:b0:0c:73:9e:bd:33:af:
                    59:60:7e:56:00:02:77:37:72:c2:a1:93:71:0c:bf:
                    dd:c1:35:b4:ef:33:e4:93:85:e5:ac:f9:1b:1b:c3:
                    87:12:d2:e7:d7:43:98:7e:c2:95:44:35:f7:40:25:
                    cf:72:c8:a9:87:97:c0:56:e1:33:19:5f:a3:a7:3f:
                    5e:a8:bd:e5:72:d6:27:60:46:a0:f8:2f:ae:2a:48:
                    e9:ca:33:69:e6:3a:e6:34:b7:22:22:fe:e2:b8:b7:
                    58:ea:2a:a1:85:ac:be:05:0b:48:be:1b:3a:69:88:
                    2f:a8:8d:ff:15:16:60:d9:b8:bf:50:b3:95:db:f7:
                    14:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:CD:50:B1:2C:45:EB:0E:C7:B0:53:BA:DF:F2:79:C9:D1:F7:19:DC
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145065.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a96f::/32

    Signature Algorithm: sha256WithRSAEncryption
         94:20:34:81:24:1e:c2:28:7c:8d:8b:2c:88:7c:05:b4:98:ea:
         8a:8d:d3:0d:79:2b:0e:86:08:4c:be:99:76:48:2d:69:41:fe:
         1c:f2:ad:ca:9a:18:13:43:95:a3:f9:22:01:1b:8c:a0:3e:75:
         a3:9a:b6:2b:e1:da:92:cb:10:cb:57:d8:42:78:58:b9:95:9d:
         77:d3:1f:66:37:24:30:d9:18:f9:08:9e:0a:bb:10:4a:50:47:
         95:82:eb:c4:70:53:63:6b:a6:f2:e6:aa:b0:10:90:34:14:88:
         10:f9:0d:3a:de:37:40:5d:09:28:01:30:7b:a6:73:9f:8f:61:
         d4:08:3f:0c:1d:13:5f:06:20:4b:84:cf:a5:5b:9b:10:58:e8:
         f4:bb:4e:60:9d:e4:e8:e8:49:ac:01:3c:d0:dd:de:cc:06:7d:
         52:9f:70:02:45:19:26:c3:fe:3f:79:50:aa:27:54:ec:fe:ba:
         70:17:68:14:84:f2:14:ef:27:87:60:50:50:61:37:58:aa:f6:
         53:26:9d:5d:64:ea:d1:2d:bd:c3:86:b5:06:2a:5a:90:0b:45:
         2f:5e:0e:a9:9e:e0:95:19:58:7d:7c:b2:ed:7a:30:f2:56:42:
         ca:5c:f1:e8:6a:e6:e9:a3:f2:1b:07:ea:04:d7:32:53:80:0e:
         16:f0:4c:4e
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUMO+yaWr4LHbmnIhn8MoevL6+oqIwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTYyMFoX
DTI3MDMwMzA2MjEyMFowMzExMC8GA1UEAxMoOTlDRDUwQjEyQzQ1RUIwRUM3QjA1
M0JBREZGMjc5QzlEMUY3MTlEQzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALnwvMs26Vh2WVOKzMrlTlvxIM0wcMZe5aERuOfReIBCY/FzSqmqltRDot9I
EmRNqWB6W+/+hhZXh8/NNLdhqi3V6/99Wa7jyT8OrwwPDOgxk+Hcnz3uQIztaY3b
63MYAW8IJT0JgNZPvIhT5GKyMyaMj76uQoYsqgUz1DmYC+uwDHOevTOvWWB+VgAC
dzdywqGTcQy/3cE1tO8z5JOF5az5GxvDhxLS59dDmH7ClUQ190Alz3LIqYeXwFbh
Mxlfo6c/Xqi95XLWJ2BGoPgvripI6cozaeY65jS3IiL+4ri3WOoqoYWsvgULSL4b
OmmIL6iN/xUWYNm4v1Czldv3FP8CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBSZzVCx
LEXrDsewU7rf8nnJ0fcZ3DAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTA2NS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
qW8wDQYJKoZIhvcNAQELBQADggEBAJQgNIEkHsIofI2LLIh8BbSY6oqN0w15Kw6G
CEy+mXZILWlB/hzyrcqaGBNDlaP5IgEbjKA+daOativh2pLLEMtX2EJ4WLmVnXfT
H2Y3JDDZGPkIngq7EEpQR5WC68RwU2NrpvLmqrAQkDQUiBD5DTreN0BdCSgBMHum
c5+PYdQIPwwdE18GIEuEz6VbmxBY6PS7TmCd5OjoSawBPNDd3swGfVKfcAJFGSbD
/j95UKonVOz+unAXaBSE8hTvJ4dgUFBhN1iq9lMmnV1k6tEtvcOGtQYqWpALRS9e
Dqme4JUZWH18su16MPJWQspc8ehq5umj8hsH6gTXMlOADhbwTE4=
-----END CERTIFICATE-----