Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145200.roa
File:                     AS145200.roa (raw, json)
Hash identifier:          2xwwEp4droM1HGgdOQzT3wT/KpfuLpP9i+8oocAEEpU=
Subject key identifier:   64:71:5C:39:97:AF:D4:86:A4:C8:75:68:2A:D3:43:DC:4B:E5:F1:B9
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       107F93A9DB14648940265FD6A85C8D6BB967A954
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145200.roa
Signing time:             Wed 04 Mar 2026 06:21:12 +0000
ROA not before:           Wed 04 Mar 2026 06:16:12 +0000
ROA not after:            Wed 03 Mar 2027 06:21:12 +0000
asID:                     145200
IP address blocks:        240a:a9f6::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:7f:93:a9:db:14:64:89:40:26:5f:d6:a8:5c:8d:6b:b9:67:a9:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:16:12 2026 GMT
            Not After : Mar  3 06:21:12 2027 GMT
        Subject: CN=64715C3997AFD486A4C875682AD343DC4BE5F1B9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:33:c9:77:3c:db:91:f5:38:f8:0b:b5:84:32:
                    7b:c8:65:50:21:a2:d7:95:e3:20:10:dc:55:32:95:
                    03:49:1d:6f:c5:86:3e:b5:b2:58:fb:2a:57:7e:8e:
                    ce:94:6c:3e:e2:33:9e:d8:9d:ac:f8:04:76:63:05:
                    09:51:1b:82:39:61:a7:4d:3d:b5:55:90:ef:33:86:
                    f6:cb:77:5f:8b:1d:1d:0e:08:b9:1f:87:ad:0d:e8:
                    01:f4:cd:47:99:56:17:16:9a:c2:47:3e:9d:43:34:
                    35:f4:65:dc:6c:24:48:8a:81:6a:b3:eb:9f:18:c7:
                    fe:66:05:35:9e:ef:51:3e:ea:4f:f2:76:4a:21:f8:
                    fe:8a:66:43:0f:27:84:99:08:6c:5f:95:9b:00:95:
                    b0:c1:57:5e:7c:1b:fd:a7:48:10:98:6b:d1:b4:13:
                    8b:f2:27:7d:5a:14:b3:e6:06:f8:f9:c5:d1:1b:3b:
                    42:13:d8:50:a3:b2:4b:70:05:71:f0:aa:79:72:62:
                    ba:1e:98:23:40:90:02:eb:12:7f:3a:d7:f9:5b:03:
                    6c:bc:71:26:f6:41:48:e7:46:60:a5:2c:50:6d:99:
                    35:8a:fc:d8:58:a3:8f:f0:9c:d1:f8:53:9d:8e:bc:
                    f8:cc:64:15:ed:98:45:fa:c6:46:c4:50:3d:c1:34:
                    2c:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:71:5C:39:97:AF:D4:86:A4:C8:75:68:2A:D3:43:DC:4B:E5:F1:B9
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145200.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a9f6::/32

    Signature Algorithm: sha256WithRSAEncryption
         55:54:d3:f3:16:ab:5b:bc:ec:b3:fd:b7:da:ba:11:c4:a8:92:
         c0:a0:28:a6:fa:f7:d1:27:49:5a:13:05:8d:5a:80:36:49:e6:
         94:f5:af:4f:ab:67:78:c4:24:db:da:b5:b3:81:fb:4a:3c:48:
         9f:25:a9:e0:70:9c:3a:ac:1d:e1:ac:59:78:0b:9c:7a:98:5e:
         eb:a9:d0:47:ed:8f:79:68:57:bb:fa:ea:01:ac:7d:37:ef:3f:
         65:e1:37:83:e9:27:b6:f4:fb:e0:2a:7a:1a:43:28:90:8d:33:
         a2:66:74:8c:2f:c2:81:0c:de:a1:ff:23:0e:86:70:02:76:25:
         0b:f5:03:64:d7:5e:fa:7e:1a:1f:75:4b:1c:78:7a:30:f1:ea:
         77:4a:33:90:a8:d3:cc:90:99:1f:cc:70:4c:18:ce:cc:5d:91:
         11:f6:fb:67:4d:9c:34:22:65:e4:fc:6c:e1:90:63:21:eb:8a:
         60:f3:58:ec:20:4b:69:ab:a7:4a:18:29:71:00:6f:d5:ea:39:
         29:1b:c8:7e:bc:0a:77:58:35:96:82:36:09:5d:86:5b:2c:d2:
         9e:ea:08:a6:07:66:04:32:e2:7c:43:03:d4:7b:65:7a:c5:2d:
         fd:c1:8f:86:17:c1:5a:38:9f:e3:77:3c:9d:a9:2f:99:90:93:
         fa:d5:f6:02
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUEH+TqdsUZIlAJl/WqFyNa7lnqVQwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTYxMloX
DTI3MDMwMzA2MjExMlowMzExMC8GA1UEAxMoNjQ3MTVDMzk5N0FGRDQ4NkE0Qzg3
NTY4MkFEMzQzREM0QkU1RjFCOTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANMzyXc825H1OPgLtYQye8hlUCGi15XjIBDcVTKVA0kdb8WGPrWyWPsqV36O
zpRsPuIzntidrPgEdmMFCVEbgjlhp009tVWQ7zOG9st3X4sdHQ4IuR+HrQ3oAfTN
R5lWFxaawkc+nUM0NfRl3GwkSIqBarPrnxjH/mYFNZ7vUT7qT/J2SiH4/opmQw8n
hJkIbF+VmwCVsMFXXnwb/adIEJhr0bQTi/InfVoUs+YG+PnF0Rs7QhPYUKOyS3AF
cfCqeXJiuh6YI0CQAusSfzrX+VsDbLxxJvZBSOdGYKUsUG2ZNYr82Fijj/Cc0fhT
nY68+MxkFe2YRfrGRsRQPcE0LGcCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBRkcVw5
l6/UhqTIdWgq00PcS+XxuTAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTIwMC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
qfYwDQYJKoZIhvcNAQELBQADggEBAFVU0/MWq1u87LP9t9q6EcSoksCgKKb699En
SVoTBY1agDZJ5pT1r0+rZ3jEJNvatbOB+0o8SJ8lqeBwnDqsHeGsWXgLnHqYXuup
0Eftj3loV7v66gGsfTfvP2XhN4PpJ7b0++AqehpDKJCNM6JmdIwvwoEM3qH/Iw6G
cAJ2JQv1A2TXXvp+Gh91Sxx4ejDx6ndKM5Co08yQmR/McEwYzsxdkRH2+2dNnDQi
ZeT8bOGQYyHrimDzWOwgS2mrp0oYKXEAb9XqOSkbyH68CndYNZaCNgldhlss0p7q
CKYHZgQy4nxDA9R7ZXrFLf3Bj4YXwVo4n+N3PJ2pL5mQk/rV9gI=
-----END CERTIFICATE-----