Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145167.roa
File:                     AS145167.roa (raw, json)
Hash identifier:          dwXSPvqoY95CfUOh1KCG/GQW17p3uZkQ4ieT7/l6f28=
Subject key identifier:   B6:12:D0:4B:50:E9:EB:F7:28:76:4F:F6:0A:D9:3C:D9:A2:58:05:DA
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       3117C20E4BEF648E33A86A7A04085745D5D88CC8
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145167.roa
Signing time:             Wed 04 Mar 2026 06:21:05 +0000
ROA not before:           Wed 04 Mar 2026 06:16:05 +0000
ROA not after:            Wed 03 Mar 2027 06:21:05 +0000
asID:                     145167
IP address blocks:        240a:a9d5::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            31:17:c2:0e:4b:ef:64:8e:33:a8:6a:7a:04:08:57:45:d5:d8:8c:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:16:05 2026 GMT
            Not After : Mar  3 06:21:05 2027 GMT
        Subject: CN=B612D04B50E9EBF728764FF60AD93CD9A25805DA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:ed:95:5f:7c:37:09:e6:b7:7e:01:3e:1d:2e:
                    40:de:15:f6:48:6f:48:ee:d7:08:25:3d:84:73:aa:
                    61:92:2c:35:06:4f:18:25:47:ee:5e:f4:2f:6b:c7:
                    c1:89:40:91:7b:87:58:28:c8:43:ed:14:a8:e4:7e:
                    ed:e8:9c:83:ec:58:19:4c:7c:dc:5f:a4:8b:4d:b8:
                    35:55:af:7f:f6:f4:55:93:0a:c7:e6:b0:f8:10:2b:
                    2a:89:01:01:7a:30:bf:8e:68:bc:52:ae:e6:7f:c7:
                    6b:e8:7a:ad:73:8e:69:9e:95:8e:ef:e6:09:8b:5d:
                    3a:21:f7:c3:dd:b6:4b:73:22:2a:53:ee:06:55:c7:
                    df:c0:9c:c4:97:57:f5:23:49:33:ae:7d:d5:44:fc:
                    e1:25:ad:a4:4b:2e:53:5e:a4:d5:41:b7:8c:c9:6f:
                    72:3f:e2:bd:c8:38:c5:ff:fc:ce:3c:a1:9e:6e:32:
                    e3:19:0d:6d:3e:bc:8e:ba:f0:d8:4b:70:29:bf:1e:
                    d8:f5:71:8b:21:98:84:4f:78:e4:2f:1d:81:a0:09:
                    9b:9f:4f:de:80:4e:b5:9e:32:42:2c:f2:00:65:5a:
                    f9:c8:55:e9:f4:f6:14:cf:f6:b1:c5:a6:18:16:fc:
                    dd:3d:2a:4b:f9:07:46:fa:43:89:e6:45:74:e9:1d:
                    f9:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:12:D0:4B:50:E9:EB:F7:28:76:4F:F6:0A:D9:3C:D9:A2:58:05:DA
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145167.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a9d5::/32

    Signature Algorithm: sha256WithRSAEncryption
         02:06:4c:60:b4:c4:ad:db:a1:2b:2a:e6:9c:d6:60:ff:26:e0:
         d7:15:cb:c6:b4:f5:0d:0f:6a:fd:33:9d:af:9e:e4:d1:46:8c:
         e2:a1:0c:46:95:5e:b6:8f:b7:25:2a:74:00:1a:7d:29:fb:cf:
         98:81:2f:de:36:48:55:db:55:80:17:b3:6d:36:29:89:83:6e:
         f8:8f:46:c3:ed:a3:e0:93:72:e8:bd:c7:60:da:e0:53:12:a5:
         b3:3a:54:83:73:73:77:b5:6d:3a:fc:66:a4:23:77:11:fa:bd:
         91:90:09:ff:1a:92:91:cb:20:0f:c4:f9:fb:5d:ea:70:d6:5c:
         c0:8f:ea:ef:a1:22:08:97:f3:5c:1a:6f:0b:60:cf:f8:57:b1:
         1d:63:1d:99:c7:0a:c4:74:34:99:8a:af:60:24:6c:38:e1:77:
         35:51:30:da:c4:12:7d:8c:99:10:aa:7d:bc:fd:6a:a2:5c:86:
         0c:91:0e:54:8f:de:ef:1b:9b:a4:f7:e4:b5:eb:cc:9c:72:a5:
         81:71:ec:de:26:4f:5d:dc:a5:2c:9f:b7:86:1d:81:a8:05:fe:
         60:ba:29:15:4d:0b:0b:e2:61:e1:35:5b:cc:f2:01:9f:b3:6c:
         04:f8:d7:6b:4d:63:5e:77:25:d3:2a:66:54:b4:03:35:85:a8:
         2d:f4:af:c4
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUMRfCDkvvZI4zqGp6BAhXRdXYjMgwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTYwNVoX
DTI3MDMwMzA2MjEwNVowMzExMC8GA1UEAxMoQjYxMkQwNEI1MEU5RUJGNzI4NzY0
RkY2MEFEOTNDRDlBMjU4MDVEQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMPtlV98Nwnmt34BPh0uQN4V9khvSO7XCCU9hHOqYZIsNQZPGCVH7l70L2vH
wYlAkXuHWCjIQ+0UqOR+7eicg+xYGUx83F+ki024NVWvf/b0VZMKx+aw+BArKokB
AXowv45ovFKu5n/Ha+h6rXOOaZ6Vju/mCYtdOiH3w922S3MiKlPuBlXH38CcxJdX
9SNJM6591UT84SWtpEsuU16k1UG3jMlvcj/ivcg4xf/8zjyhnm4y4xkNbT68jrrw
2EtwKb8e2PVxiyGYhE945C8dgaAJm59P3oBOtZ4yQizyAGVa+chV6fT2FM/2scWm
GBb83T0qS/kHRvpDieZFdOkd+cUCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBS2EtBL
UOnr9yh2T/YK2TzZolgF2jAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTE2Ny5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
qdUwDQYJKoZIhvcNAQELBQADggEBAAIGTGC0xK3boSsq5pzWYP8m4NcVy8a09Q0P
av0zna+e5NFGjOKhDEaVXraPtyUqdAAafSn7z5iBL942SFXbVYAXs202KYmDbviP
RsPto+CTcui9x2Da4FMSpbM6VINzc3e1bTr8ZqQjdxH6vZGQCf8akpHLIA/E+ftd
6nDWXMCP6u+hIgiX81wabwtgz/hXsR1jHZnHCsR0NJmKr2AkbDjhdzVRMNrEEn2M
mRCqfbz9aqJchgyRDlSP3u8bm6T35LXrzJxypYFx7N4mT13cpSyft4YdgagF/mC6
KRVNCwviYeE1W8zyAZ+zbAT412tNY153JdMqZlS0AzWFqC30r8Q=
-----END CERTIFICATE-----