Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145386.roa
File:                     AS145386.roa (raw, json)
Hash identifier:          Sp/uhbdvWofYFfut3+/IIMg6PWCMqZRqR8iWQohssUE=
Subject key identifier:   13:06:3F:11:76:E7:E7:53:CE:2E:A8:0A:3B:3F:AD:93:EB:38:00:68
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       58BDDF02F77AB3728A202CF95FEC8DA02DA2D95D
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145386.roa
Signing time:             Wed 04 Mar 2026 06:22:33 +0000
ROA not before:           Wed 04 Mar 2026 06:17:33 +0000
ROA not after:            Wed 03 Mar 2027 06:22:33 +0000
asID:                     145386
IP address blocks:        240a:aab0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:bd:df:02:f7:7a:b3:72:8a:20:2c:f9:5f:ec:8d:a0:2d:a2:d9:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:17:33 2026 GMT
            Not After : Mar  3 06:22:33 2027 GMT
        Subject: CN=13063F1176E7E753CE2EA80A3B3FAD93EB380068
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:85:d2:d2:f1:eb:de:6d:8e:8b:c2:f4:2f:dd:
                    b8:1f:05:01:3e:52:3f:27:96:c5:fe:c5:4c:b7:23:
                    1f:70:8b:a1:e2:b2:db:15:3f:2f:43:8f:64:cb:d7:
                    9c:62:42:5f:e0:f2:77:93:37:d8:6b:e5:fe:33:eb:
                    bc:47:87:cf:29:e3:41:7b:ae:a9:72:48:48:3f:d2:
                    54:6c:e7:6c:f3:ef:98:4b:9f:c8:d5:47:4d:9c:b4:
                    af:21:0a:fb:4e:70:7c:fb:f7:27:40:c0:57:4d:86:
                    c4:ab:d9:76:40:9b:86:bf:b3:c0:42:db:e9:fd:58:
                    31:e5:70:a0:5a:2b:e2:4e:45:54:7f:63:a8:71:83:
                    4a:9c:46:4e:3d:54:f6:1c:28:f5:cf:43:58:72:65:
                    02:f9:cd:6b:6f:96:14:07:6c:da:75:97:58:04:d6:
                    0c:7e:ba:fe:3b:1c:a2:4e:00:d4:3e:03:49:e6:5d:
                    32:9c:6c:83:38:1d:fd:8b:38:07:24:1e:1f:d8:1d:
                    36:81:06:2e:5c:a4:c0:f7:de:2c:c6:e4:2c:08:7a:
                    91:78:15:5d:5c:03:07:29:a4:bf:ff:78:1f:f7:8c:
                    37:43:82:86:f6:19:5f:65:3b:08:c6:f5:53:da:67:
                    6c:fb:54:8d:9d:4f:a4:97:75:de:24:fb:0c:80:07:
                    86:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:06:3F:11:76:E7:E7:53:CE:2E:A8:0A:3B:3F:AD:93:EB:38:00:68
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145386.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:aab0::/32

    Signature Algorithm: sha256WithRSAEncryption
         b4:c0:c9:3f:8f:39:68:06:ff:78:d0:b8:09:6a:a4:46:dd:60:
         ef:7a:12:b2:93:2a:28:eb:1e:91:ce:ec:af:a5:06:2c:11:5b:
         fe:6b:07:49:db:50:c1:f1:33:57:ee:66:04:82:0f:d5:0d:f9:
         30:89:78:cd:4a:57:af:fa:36:a9:2e:17:32:9b:12:55:6a:76:
         27:58:b9:40:47:a3:26:49:9e:c4:ae:68:fe:e3:9b:f7:d6:c3:
         50:48:72:88:ba:40:c3:61:53:6d:df:b9:be:7f:f9:53:df:3b:
         be:e6:96:4e:16:ff:13:fb:17:9e:89:44:7a:09:b8:f9:94:b0:
         df:f7:e7:2f:9e:9e:bb:c5:f0:e5:ab:9a:5a:7e:12:97:f3:7d:
         da:a6:62:01:2d:0d:86:15:8d:d9:f0:8f:ac:a0:bf:91:6b:37:
         97:47:28:34:cb:18:42:9d:92:c2:d5:91:e9:f9:74:65:d9:61:
         55:eb:5e:bc:b4:39:53:02:be:52:d9:00:d0:52:c7:61:93:53:
         6f:12:29:7f:8a:6d:78:fa:74:f9:40:49:b4:c5:c2:97:97:ab:
         44:42:29:f2:46:8b:24:6c:34:b1:31:bd:65:ec:fb:a7:73:56:
         02:5f:53:98:17:cf:ec:e1:2e:dc:23:f1:b5:e7:e9:ec:fd:60:
         b1:51:cf:56
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUWL3fAvd6s3KKICz5X+yNoC2i2V0wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTczM1oX
DTI3MDMwMzA2MjIzM1owMzExMC8GA1UEAxMoMTMwNjNGMTE3NkU3RTc1M0NFMkVB
ODBBM0IzRkFEOTNFQjM4MDA2ODCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKCF0tLx695tjovC9C/duB8FAT5SPyeWxf7FTLcjH3CLoeKy2xU/L0OPZMvX
nGJCX+Dyd5M32Gvl/jPrvEeHzynjQXuuqXJISD/SVGznbPPvmEufyNVHTZy0ryEK
+05wfPv3J0DAV02GxKvZdkCbhr+zwELb6f1YMeVwoFor4k5FVH9jqHGDSpxGTj1U
9hwo9c9DWHJlAvnNa2+WFAds2nWXWATWDH66/jscok4A1D4DSeZdMpxsgzgd/Ys4
ByQeH9gdNoEGLlykwPfeLMbkLAh6kXgVXVwDBymkv/94H/eMN0OChvYZX2U7CMb1
U9pnbPtUjZ1PpJd13iT7DIAHhk8CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQTBj8R
dufnU84uqAo7P62T6zgAaDAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTM4Ni5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
qrAwDQYJKoZIhvcNAQELBQADggEBALTAyT+POWgG/3jQuAlqpEbdYO96ErKTKijr
HpHO7K+lBiwRW/5rB0nbUMHxM1fuZgSCD9UN+TCJeM1KV6/6NqkuFzKbElVqdidY
uUBHoyZJnsSuaP7jm/fWw1BIcoi6QMNhU23fub5/+VPfO77mlk4W/xP7F56JRHoJ
uPmUsN/35y+enrvF8OWrmlp+EpfzfdqmYgEtDYYVjdnwj6ygv5FrN5dHKDTLGEKd
ksLVken5dGXZYVXrXry0OVMCvlLZANBSx2GTU28SKX+KbXj6dPlASbTFwpeXq0RC
KfJGiyRsNLExvWXs+6dzVgJfU5gXz+zhLtwj8bXn6ez9YLFRz1Y=
-----END CERTIFICATE-----