Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145187.roa
File:                     AS145187.roa (raw, json)
Hash identifier:          Kaerz5FB7aF+qLJWcpalJm2wfH2gyQiCsM3eLC0l00g=
Subject key identifier:   3F:CC:E2:97:C1:A4:B7:5A:D5:96:C7:98:FA:C2:E3:1C:F9:DB:B7:25
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       78E6ADCEEECFEF883DD6840F874554CF8A40E42E
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145187.roa
Signing time:             Wed 04 Mar 2026 06:20:16 +0000
ROA not before:           Wed 04 Mar 2026 06:15:16 +0000
ROA not after:            Wed 03 Mar 2027 06:20:16 +0000
asID:                     145187
IP address blocks:        240a:a9e9::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            78:e6:ad:ce:ee:cf:ef:88:3d:d6:84:0f:87:45:54:cf:8a:40:e4:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:15:16 2026 GMT
            Not After : Mar  3 06:20:16 2027 GMT
        Subject: CN=3FCCE297C1A4B75AD596C798FAC2E31CF9DBB725
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:14:5d:9a:18:2d:33:7f:72:2f:cc:6d:c2:04:
                    8e:bf:a9:a6:b0:d9:aa:39:90:2f:38:59:f7:2c:ec:
                    ac:fe:b4:64:b0:8e:6d:cc:de:c7:0a:52:a9:41:96:
                    d1:65:2f:3b:db:d4:19:23:c7:6f:27:61:50:4d:7d:
                    2d:74:bf:b6:2b:4e:6a:a5:41:a9:18:9e:8f:62:1c:
                    da:f6:dc:71:61:57:e2:9e:ba:c8:c4:1a:09:b2:54:
                    06:40:bd:54:c6:95:2b:23:c5:7d:38:b6:42:6f:d4:
                    46:98:ae:1e:52:da:1b:d6:e2:86:16:17:be:e8:94:
                    cd:bf:dd:ef:f5:bd:49:5d:fa:52:9c:a0:3c:ba:df:
                    90:ab:7f:eb:6f:bc:78:d7:f4:dd:af:9a:5c:c3:28:
                    e4:42:db:2b:42:b7:22:bf:95:dd:62:d8:66:ab:1b:
                    03:04:b0:1d:91:30:9b:ab:7a:5f:b0:6b:cb:7a:5f:
                    f5:e7:4c:b3:55:5a:55:cd:56:74:e1:f4:ac:b0:b7:
                    af:46:c7:6f:54:5e:bd:59:0c:d4:38:8f:32:ec:da:
                    1b:e9:a1:0a:81:65:f8:88:d9:5e:6a:75:fe:82:98:
                    53:19:92:c5:21:1a:9e:53:f0:87:58:67:09:bf:b3:
                    2b:28:47:b1:e6:09:55:39:8c:28:8f:63:63:ac:f8:
                    bf:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:CC:E2:97:C1:A4:B7:5A:D5:96:C7:98:FA:C2:E3:1C:F9:DB:B7:25
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145187.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a9e9::/32

    Signature Algorithm: sha256WithRSAEncryption
         6a:8c:bb:18:8f:7c:fe:0c:94:bd:a9:9e:c2:25:58:6b:d2:9f:
         bd:cf:56:a9:d9:43:0c:b0:7b:0c:8c:6e:71:fa:38:f0:4d:1c:
         28:80:75:03:00:fe:a7:b6:24:a7:ea:74:23:48:fc:73:be:4e:
         0e:93:02:2e:72:f4:51:a9:c5:ef:c8:15:7a:69:39:5c:0e:19:
         0d:59:e5:b8:86:a7:d2:3e:77:ce:a0:f7:ee:ff:c4:13:b1:5d:
         4a:5a:40:08:f1:89:02:58:d2:ee:2d:e6:45:68:eb:9f:0c:87:
         19:5a:2e:9e:e1:e0:0e:9b:0c:bf:de:73:50:ca:58:3c:76:59:
         96:95:4f:c7:ac:1c:b3:de:22:a9:af:b0:79:3c:83:35:4c:ef:
         1c:e9:7c:c2:42:b2:a4:56:29:9f:46:61:98:6e:02:2c:19:64:
         82:88:5a:95:7a:0a:c5:51:29:b1:52:52:28:f8:41:c3:b3:5b:
         77:7f:01:b0:d4:00:dd:54:a9:db:3d:ba:d6:c3:5a:19:c2:74:
         a2:67:e2:be:9e:47:24:c5:23:c5:52:f1:85:a5:40:3c:c1:de:
         2d:19:d2:ea:58:6f:0f:6e:65:10:de:36:34:46:e8:f3:38:67:
         82:bd:e4:db:48:55:c4:68:00:e6:f6:71:e8:8f:b7:d6:fb:49:
         87:62:24:20
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUeOatzu7P74g91oQPh0VUz4pA5C4wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTUxNloX
DTI3MDMwMzA2MjAxNlowMzExMC8GA1UEAxMoM0ZDQ0UyOTdDMUE0Qjc1QUQ1OTZD
Nzk4RkFDMkUzMUNGOURCQjcyNTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALoUXZoYLTN/ci/MbcIEjr+pprDZqjmQLzhZ9yzsrP60ZLCObczexwpSqUGW
0WUvO9vUGSPHbydhUE19LXS/titOaqVBqRiej2Ic2vbccWFX4p66yMQaCbJUBkC9
VMaVKyPFfTi2Qm/URpiuHlLaG9bihhYXvuiUzb/d7/W9SV36UpygPLrfkKt/62+8
eNf03a+aXMMo5ELbK0K3Ir+V3WLYZqsbAwSwHZEwm6t6X7Bry3pf9edMs1VaVc1W
dOH0rLC3r0bHb1RevVkM1DiPMuzaG+mhCoFl+IjZXmp1/oKYUxmSxSEanlPwh1hn
Cb+zKyhHseYJVTmMKI9jY6z4v1UCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQ/zOKX
waS3WtWWx5j6wuMc+du3JTAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTE4Ny5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
qekwDQYJKoZIhvcNAQELBQADggEBAGqMuxiPfP4MlL2pnsIlWGvSn73PVqnZQwyw
ewyMbnH6OPBNHCiAdQMA/qe2JKfqdCNI/HO+Tg6TAi5y9FGpxe/IFXppOVwOGQ1Z
5biGp9I+d86g9+7/xBOxXUpaQAjxiQJY0u4t5kVo658MhxlaLp7h4A6bDL/ec1DK
WDx2WZaVT8esHLPeIqmvsHk8gzVM7xzpfMJCsqRWKZ9GYZhuAiwZZIKIWpV6CsVR
KbFSUij4QcOzW3d/AbDUAN1Uqds9utbDWhnCdKJn4r6eRyTFI8VS8YWlQDzB3i0Z
0upYbw9uZRDeNjRG6PM4Z4K95NtIVcRoAOb2ceiPt9b7SYdiJCA=
-----END CERTIFICATE-----