Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145068.roa
File:                     AS145068.roa (raw, json)
Hash identifier:          mYKrrkigTrVvuinAV45TqcrnqXRzyRTK+hEdbI0cTtI=
Subject key identifier:   4A:8F:EF:0E:74:45:0E:1F:9E:4E:28:5C:42:58:E0:80:5D:AE:20:71
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       3BE656D8011F160F8359DEEC42208EBAC6A72E32
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145068.roa
Signing time:             Wed 04 Mar 2026 06:20:07 +0000
ROA not before:           Wed 04 Mar 2026 06:15:07 +0000
ROA not after:            Wed 03 Mar 2027 06:20:07 +0000
asID:                     145068
IP address blocks:        240a:a972::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3b:e6:56:d8:01:1f:16:0f:83:59:de:ec:42:20:8e:ba:c6:a7:2e:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:15:07 2026 GMT
            Not After : Mar  3 06:20:07 2027 GMT
        Subject: CN=4A8FEF0E74450E1F9E4E285C4258E0805DAE2071
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:9b:ef:ba:be:34:b4:fa:16:a1:b9:05:f6:d2:
                    22:82:df:29:c2:04:76:e8:62:bb:89:fd:98:97:a7:
                    7f:48:56:ed:84:83:ca:22:93:32:65:c3:c1:ec:7e:
                    be:52:01:f1:d0:38:9d:b2:6d:3a:a3:05:a1:37:d8:
                    43:ac:b0:4b:00:8c:f4:f5:fd:87:ff:0f:7a:ba:15:
                    19:71:d5:43:36:06:6c:f6:81:39:3d:4b:b3:66:58:
                    67:5e:b4:0e:56:fc:6c:ea:26:1d:fc:3b:90:29:65:
                    ed:93:6e:f5:8d:31:67:b4:5e:aa:c4:ce:35:ca:2d:
                    8e:47:51:71:39:7d:48:1a:00:00:9f:40:ee:57:ff:
                    85:ca:cb:92:c9:dc:f1:10:ea:89:32:7d:67:90:67:
                    74:ff:13:dc:03:3a:8e:52:17:43:5e:f7:31:b2:fe:
                    9d:c8:0f:63:87:d5:b2:30:aa:da:1a:13:9b:a9:e9:
                    81:04:c0:f3:1d:3f:37:17:c0:c7:5c:74:e6:e9:bd:
                    ac:40:6e:bd:eb:e2:6b:81:29:1c:fb:9d:fe:c5:4d:
                    a3:fe:e6:02:4f:79:b6:bd:98:5a:0a:27:43:6a:f6:
                    77:ad:cb:16:9f:9b:c8:d7:33:b0:cc:2c:d2:92:d8:
                    cc:9b:0d:16:31:22:a6:cb:60:7e:32:55:f4:37:e6:
                    7f:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:8F:EF:0E:74:45:0E:1F:9E:4E:28:5C:42:58:E0:80:5D:AE:20:71
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145068.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a972::/32

    Signature Algorithm: sha256WithRSAEncryption
         4c:af:55:3a:6a:9d:50:03:c4:09:2e:1f:08:3c:cc:98:f8:95:
         29:b2:bb:53:c5:e5:ce:c2:a8:5d:69:a3:d9:8c:e1:9b:27:82:
         55:10:80:05:35:07:d8:58:3e:b1:15:55:68:67:0c:47:86:e2:
         69:0c:2b:24:fd:24:e5:94:19:50:ea:b1:ed:69:91:6c:79:fe:
         b6:b5:8a:de:a6:91:58:70:5f:78:cb:d0:eb:e0:81:b3:0c:dc:
         39:1f:4f:73:f1:b6:32:32:63:30:69:0f:e3:ac:79:92:69:76:
         69:0f:5e:42:17:97:d8:87:4b:8a:34:de:02:ea:7d:20:d0:94:
         f1:38:a9:67:0a:2a:10:1f:dd:3e:ac:cd:ac:4f:ac:37:58:14:
         5f:26:a9:ec:4f:6c:e1:8c:3c:fc:ba:43:1b:07:4c:91:ed:d8:
         a7:cc:e2:2a:7e:f6:f4:98:ae:43:8c:12:ee:67:59:65:a4:84:
         58:df:90:fa:e4:1e:ef:60:24:50:57:8a:6e:a7:00:83:cb:7f:
         29:df:66:ca:73:f6:42:4b:d8:63:1f:24:ed:8a:55:a9:87:72:
         9f:bc:71:ae:c2:fc:ec:7a:cd:ed:1b:35:4d:1f:fc:63:98:9c:
         f4:23:31:aa:8e:a1:fd:85:5a:c2:91:5a:b0:20:f8:ce:69:4b:
         ce:7a:4b:51
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUO+ZW2AEfFg+DWd7sQiCOusanLjIwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTUwN1oX
DTI3MDMwMzA2MjAwN1owMzExMC8GA1UEAxMoNEE4RkVGMEU3NDQ1MEUxRjlFNEUy
ODVDNDI1OEUwODA1REFFMjA3MTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAN2b77q+NLT6FqG5BfbSIoLfKcIEduhiu4n9mJenf0hW7YSDyiKTMmXDwex+
vlIB8dA4nbJtOqMFoTfYQ6ywSwCM9PX9h/8PeroVGXHVQzYGbPaBOT1Ls2ZYZ160
Dlb8bOomHfw7kCll7ZNu9Y0xZ7ReqsTONcotjkdRcTl9SBoAAJ9A7lf/hcrLksnc
8RDqiTJ9Z5BndP8T3AM6jlIXQ173MbL+ncgPY4fVsjCq2hoTm6npgQTA8x0/NxfA
x1x05um9rEBuvevia4EpHPud/sVNo/7mAk95tr2YWgonQ2r2d63LFp+byNczsMws
0pLYzJsNFjEipstgfjJV9Dfmf9sCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBRKj+8O
dEUOH55OKFxCWOCAXa4gcTAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTA2OC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
qXIwDQYJKoZIhvcNAQELBQADggEBAEyvVTpqnVADxAkuHwg8zJj4lSmyu1PF5c7C
qF1po9mM4ZsnglUQgAU1B9hYPrEVVWhnDEeG4mkMKyT9JOWUGVDqse1pkWx5/ra1
it6mkVhwX3jL0OvggbMM3DkfT3PxtjIyYzBpD+OseZJpdmkPXkIXl9iHS4o03gLq
fSDQlPE4qWcKKhAf3T6szaxPrDdYFF8mqexPbOGMPPy6QxsHTJHt2KfM4ip+9vSY
rkOMEu5nWWWkhFjfkPrkHu9gJFBXim6nAIPLfynfZspz9kJL2GMfJO2KVamHcp+8
ca7C/Ox6ze0bNU0f/GOYnPQjMaqOof2FWsKRWrAg+M5pS856S1E=
-----END CERTIFICATE-----