Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145469.roa
File:                     AS145469.roa (raw, json)
Hash identifier:          4gYxY+hwkDqCfwX0oXN9Ba20BCAYUKvIHE0j+wMf5Qs=
Subject key identifier:   59:81:16:88:CF:7B:6D:74:C5:D7:30:CE:A7:20:7B:8E:AD:75:06:75
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       5807196A1195AF52317303306894665B37A85DC7
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145469.roa
Signing time:             Wed 04 Mar 2026 06:19:57 +0000
ROA not before:           Wed 04 Mar 2026 06:14:57 +0000
ROA not after:            Wed 03 Mar 2027 06:19:57 +0000
asID:                     145469
IP address blocks:        240a:ab03::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:07:19:6a:11:95:af:52:31:73:03:30:68:94:66:5b:37:a8:5d:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:14:57 2026 GMT
            Not After : Mar  3 06:19:57 2027 GMT
        Subject: CN=59811688CF7B6D74C5D730CEA7207B8EAD750675
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:37:04:f9:cb:dd:3c:75:7a:8d:69:1c:ed:e4:
                    32:c0:40:7a:b1:25:4e:bb:aa:2f:01:ee:26:7a:ff:
                    3b:f3:ac:f6:74:45:1b:51:e4:4b:86:1e:9b:41:be:
                    26:64:db:00:78:c2:a6:3d:80:6c:a9:5d:fd:a4:2c:
                    2e:73:07:42:79:5c:7d:41:87:09:f7:57:af:68:07:
                    32:39:b9:6b:52:a6:87:17:5e:be:6f:f7:f1:d5:d0:
                    84:cf:dd:66:87:ba:e4:b8:75:cc:3d:8f:bf:cc:af:
                    4f:2c:45:05:c0:3e:2c:54:92:e4:14:29:70:f1:36:
                    0c:69:f4:8d:5e:e4:7d:0e:ab:f2:a9:bc:e1:9c:1a:
                    2c:39:e9:44:ef:cb:72:93:78:2b:9b:7d:db:38:6a:
                    0c:0b:eb:36:d5:4d:d8:76:b0:81:86:f3:88:d8:12:
                    16:9e:1a:f6:ec:43:3e:82:23:69:27:1c:66:43:81:
                    53:37:86:d7:c3:5d:57:25:8e:17:d2:81:5a:50:c2:
                    63:c7:0e:09:d3:8e:42:db:ff:5c:2d:0e:ca:00:e5:
                    f1:78:45:27:37:48:a6:91:8e:a5:2a:d3:b7:8d:ef:
                    69:b0:c9:8a:a3:f1:e1:37:fd:e6:34:a9:c4:e3:7f:
                    3d:4b:af:ae:83:7b:af:ec:35:5b:49:62:1c:c8:0a:
                    b5:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:81:16:88:CF:7B:6D:74:C5:D7:30:CE:A7:20:7B:8E:AD:75:06:75
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145469.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:ab03::/32

    Signature Algorithm: sha256WithRSAEncryption
         97:68:82:46:3e:3a:fa:86:06:4a:a5:cc:fe:68:bc:f5:3f:77:
         d4:b8:48:f7:6c:6b:30:94:38:d5:64:5c:53:c3:d1:29:66:10:
         a6:c5:fc:b8:86:6c:8c:5d:f2:15:3e:5b:40:69:43:38:ff:36:
         0f:7b:88:f1:d1:4d:0f:b8:ce:d2:36:25:04:23:43:49:18:80:
         c3:e5:63:3d:3e:d0:8e:0f:86:6f:14:2d:6c:6d:6d:d5:dd:79:
         c2:08:1e:11:e0:a0:ab:3a:de:06:3c:98:16:68:37:21:39:cc:
         f3:72:32:07:6f:0f:1c:98:bd:53:a5:b0:f3:00:11:26:85:c5:
         03:46:e0:05:5f:7e:0c:4d:6e:e6:30:9f:94:b9:a6:20:ec:a9:
         15:81:da:8c:5d:32:5d:cc:a7:85:ea:0d:b9:f7:ce:27:df:24:
         3a:d4:59:a4:03:80:2f:7b:57:30:68:9c:3e:68:4e:ed:fa:6a:
         d3:24:30:9c:49:be:07:9d:d3:c8:e0:14:09:cb:73:b5:80:78:
         04:b9:cb:e6:7b:f7:06:f9:af:d4:8a:3b:6b:92:d0:b7:38:33:
         da:f2:60:c5:9c:18:9a:34:23:a3:22:e9:79:c5:5c:a6:82:ef:
         ae:aa:80:7b:64:9b:b7:98:11:92:d4:7c:be:f9:2e:41:c2:8b:
         9e:ea:15:1e
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUWAcZahGVr1IxcwMwaJRmWzeoXccwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTQ1N1oX
DTI3MDMwMzA2MTk1N1owMzExMC8GA1UEAxMoNTk4MTE2ODhDRjdCNkQ3NEM1RDcz
MENFQTcyMDdCOEVBRDc1MDY3NTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALA3BPnL3Tx1eo1pHO3kMsBAerElTruqLwHuJnr/O/Os9nRFG1HkS4Yem0G+
JmTbAHjCpj2AbKld/aQsLnMHQnlcfUGHCfdXr2gHMjm5a1Kmhxdevm/38dXQhM/d
Zoe65Lh1zD2Pv8yvTyxFBcA+LFSS5BQpcPE2DGn0jV7kfQ6r8qm84ZwaLDnpRO/L
cpN4K5t92zhqDAvrNtVN2HawgYbziNgSFp4a9uxDPoIjaSccZkOBUzeG18NdVyWO
F9KBWlDCY8cOCdOOQtv/XC0OygDl8XhFJzdIppGOpSrTt43vabDJiqPx4Tf95jSp
xON/PUuvroN7r+w1W0liHMgKtfcCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBRZgRaI
z3ttdMXXMM6nIHuOrXUGdTAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTQ2OS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
qwMwDQYJKoZIhvcNAQELBQADggEBAJdogkY+OvqGBkqlzP5ovPU/d9S4SPdsazCU
ONVkXFPD0SlmEKbF/LiGbIxd8hU+W0BpQzj/Ng97iPHRTQ+4ztI2JQQjQ0kYgMPl
Yz0+0I4Phm8ULWxtbdXdecIIHhHgoKs63gY8mBZoNyE5zPNyMgdvDxyYvVOlsPMA
ESaFxQNG4AVffgxNbuYwn5S5piDsqRWB2oxdMl3Mp4XqDbn3ziffJDrUWaQDgC97
VzBonD5oTu36atMkMJxJvged08jgFAnLc7WAeAS5y+Z79wb5r9SKO2uS0Lc4M9ry
YMWcGJo0I6Mi6XnFXKaC766qgHtkm7eYEZLUfL75LkHCi57qFR4=
-----END CERTIFICATE-----