Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145096.roa
File:                     AS145096.roa (raw, json)
Hash identifier:          yANf/PsuDHO00q5bck5BJv+5KqXg3q6V2gMLVS2ZgvM=
Subject key identifier:   71:B0:A0:C5:6B:2B:74:DA:7C:8C:4B:5F:C5:87:79:D7:28:D3:FA:E1
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       36858703BE2DB0DC94D7330C118A69FF5D7A5C95
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145096.roa
Signing time:             Wed 04 Mar 2026 06:20:12 +0000
ROA not before:           Wed 04 Mar 2026 06:15:12 +0000
ROA not after:            Wed 03 Mar 2027 06:20:12 +0000
asID:                     145096
IP address blocks:        240a:a98e::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            36:85:87:03:be:2d:b0:dc:94:d7:33:0c:11:8a:69:ff:5d:7a:5c:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:15:12 2026 GMT
            Not After : Mar  3 06:20:12 2027 GMT
        Subject: CN=71B0A0C56B2B74DA7C8C4B5FC58779D728D3FAE1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:84:a8:f1:c2:30:48:6f:76:73:ce:49:26:f9:
                    f1:66:49:7d:44:70:f3:c3:13:f4:64:54:cb:7d:a5:
                    09:5c:28:5a:95:45:ca:d0:dd:ff:5e:87:48:41:f4:
                    39:82:f8:bc:6d:a2:6b:68:36:08:8d:f4:06:7f:ba:
                    d8:48:cd:13:65:f1:eb:ff:f3:14:f6:6f:23:8f:80:
                    7e:7d:71:0e:5c:3d:8d:d9:67:6f:c4:a1:8a:f0:7e:
                    fb:e4:e9:11:a9:35:2a:27:18:c3:40:91:25:30:b4:
                    60:bc:2a:88:b4:e6:a3:ed:7d:5e:1c:b5:b3:59:8e:
                    17:d5:f1:5d:c5:dd:a9:ac:9b:76:c3:46:b3:95:50:
                    b7:31:bb:fb:64:29:17:ba:d6:7c:b3:f3:27:f4:09:
                    52:1d:da:cf:86:76:87:67:fa:30:91:69:da:1d:23:
                    b1:ef:38:7e:ad:fb:a0:63:b7:ef:c3:68:f1:53:56:
                    1f:15:07:85:0c:53:f6:f1:2d:22:d7:c1:2b:82:b8:
                    74:3f:70:ac:f1:42:f3:4e:66:42:d5:a9:9f:ac:c9:
                    e4:d1:d8:80:da:66:f7:85:f0:47:8e:2d:6f:f5:99:
                    9c:99:2d:ba:d6:bd:29:94:0b:1b:94:6e:f4:7d:4d:
                    97:ab:f1:d4:11:91:ad:f9:d2:a8:5e:c2:8b:30:6f:
                    9d:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:B0:A0:C5:6B:2B:74:DA:7C:8C:4B:5F:C5:87:79:D7:28:D3:FA:E1
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145096.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a98e::/32

    Signature Algorithm: sha256WithRSAEncryption
         35:13:00:f7:cd:9f:08:da:d9:45:9c:bd:41:5e:38:70:ef:39:
         68:54:dd:68:95:6d:05:e0:d9:87:3d:da:c1:e9:56:f2:e9:ed:
         f6:cc:48:ed:03:c2:2b:39:fb:54:14:22:4b:06:a4:2d:52:1a:
         bf:a4:35:01:50:cd:ee:4c:1e:b6:96:98:53:28:be:ee:5a:f0:
         e2:3c:3b:ec:96:19:60:55:cb:5f:a7:9e:ae:08:ed:b4:8d:27:
         19:4e:13:15:75:c5:d2:52:e6:66:84:1e:d6:53:21:0d:73:cd:
         65:73:86:88:a4:4a:d1:70:bb:66:ed:0d:68:67:2d:1b:5d:0c:
         33:7c:11:60:7c:69:b0:83:9b:38:39:34:ea:eb:56:41:38:fb:
         11:a5:c8:88:03:67:7b:d1:e1:88:33:15:82:fc:7f:7a:11:dd:
         64:ea:7f:a1:d3:22:a2:27:95:25:70:83:ff:c9:2c:01:6c:7e:
         73:4d:b6:69:e5:a4:1f:5a:f7:85:96:b8:c0:62:9e:76:b6:c4:
         e5:9f:e6:f4:1b:cd:9d:13:7a:02:df:e7:93:9d:cb:2c:8c:fe:
         71:45:51:a4:23:da:90:1e:24:a2:b2:72:a3:50:ee:1c:7a:72:
         db:5f:c9:2f:66:63:51:96:a9:06:0a:93:dc:bb:96:48:8c:e2:
         0a:b0:b7:69
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUNoWHA74tsNyU1zMMEYpp/116XJUwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTUxMloX
DTI3MDMwMzA2MjAxMlowMzExMC8GA1UEAxMoNzFCMEEwQzU2QjJCNzREQTdDOEM0
QjVGQzU4Nzc5RDcyOEQzRkFFMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALeEqPHCMEhvdnPOSSb58WZJfURw88MT9GRUy32lCVwoWpVFytDd/16HSEH0
OYL4vG2ia2g2CI30Bn+62EjNE2Xx6//zFPZvI4+Afn1xDlw9jdlnb8ShivB+++Tp
Eak1KicYw0CRJTC0YLwqiLTmo+19Xhy1s1mOF9XxXcXdqaybdsNGs5VQtzG7+2Qp
F7rWfLPzJ/QJUh3az4Z2h2f6MJFp2h0jse84fq37oGO378No8VNWHxUHhQxT9vEt
ItfBK4K4dD9wrPFC805mQtWpn6zJ5NHYgNpm94XwR44tb/WZnJktuta9KZQLG5Ru
9H1Nl6vx1BGRrfnSqF7CizBvncsCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBRxsKDF
ayt02nyMS1/Fh3nXKNP64TAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTA5Ni5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
qY4wDQYJKoZIhvcNAQELBQADggEBADUTAPfNnwja2UWcvUFeOHDvOWhU3WiVbQXg
2Yc92sHpVvLp7fbMSO0Dwis5+1QUIksGpC1SGr+kNQFQze5MHraWmFMovu5a8OI8
O+yWGWBVy1+nnq4I7bSNJxlOExV1xdJS5maEHtZTIQ1zzWVzhoikStFwu2btDWhn
LRtdDDN8EWB8abCDmzg5NOrrVkE4+xGlyIgDZ3vR4YgzFYL8f3oR3WTqf6HTIqIn
lSVwg//JLAFsfnNNtmnlpB9a94WWuMBinna2xOWf5vQbzZ0TegLf55OdyyyM/nFF
UaQj2pAeJKKycqNQ7hx6cttfyS9mY1GWqQYKk9y7lkiM4gqwt2k=
-----END CERTIFICATE-----