Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145482.roa
File:                     AS145482.roa (raw, json)
Hash identifier:          vlko2mYAved14o2ApT2efzvY6guq1HzBz5AgbwTnzzo=
Subject key identifier:   B5:98:B1:C9:CC:87:C0:02:4E:1D:E9:86:D4:23:94:66:DE:11:E8:96
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       7B1C7B37F60B99CFF84D37550D26C9CE0FB58C55
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145482.roa
Signing time:             Wed 04 Mar 2026 06:22:06 +0000
ROA not before:           Wed 04 Mar 2026 06:17:06 +0000
ROA not after:            Wed 03 Mar 2027 06:22:06 +0000
asID:                     145482
IP address blocks:        240a:ab10::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7b:1c:7b:37:f6:0b:99:cf:f8:4d:37:55:0d:26:c9:ce:0f:b5:8c:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:17:06 2026 GMT
            Not After : Mar  3 06:22:06 2027 GMT
        Subject: CN=B598B1C9CC87C0024E1DE986D4239466DE11E896
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:32:35:71:83:7c:88:b1:d4:a4:ca:4e:e1:ed:
                    08:4c:44:ff:c9:f0:35:93:1f:f0:85:b4:50:f2:ee:
                    01:c8:6a:6e:39:07:00:29:3e:c2:5c:14:e1:89:95:
                    66:66:e1:80:37:30:0d:01:1f:24:31:5a:f0:4a:f5:
                    6b:27:a6:5e:4d:6e:69:b8:87:20:4b:2e:3b:a7:b9:
                    85:d6:43:c3:9d:52:b9:6f:56:fa:34:d5:1f:2a:ea:
                    26:0c:89:34:1d:dd:b5:37:67:53:33:2e:4c:ce:bf:
                    15:f8:c9:7b:ca:68:c2:f9:54:fe:56:00:f9:4c:15:
                    0c:7d:82:10:6c:76:0a:14:6b:a7:a5:dd:a6:32:32:
                    a4:c8:62:15:6f:00:c6:4d:e9:df:c4:f3:02:82:9c:
                    1a:9f:71:77:69:fa:66:c5:fe:25:37:c5:f2:e6:92:
                    e3:f5:79:cc:cc:e1:5e:10:21:19:26:24:1f:da:a6:
                    52:6c:6c:fb:65:61:32:eb:bc:c2:89:d2:b3:f3:c1:
                    22:de:79:bb:50:aa:86:44:9f:99:b6:5d:d4:e0:ae:
                    da:e9:0e:ca:4a:2f:f5:83:d5:3f:3f:ba:78:bc:a5:
                    e7:49:c5:99:e5:64:8b:64:ee:25:bb:86:26:02:74:
                    68:e0:56:57:b7:62:59:81:54:db:8e:14:42:29:45:
                    16:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:98:B1:C9:CC:87:C0:02:4E:1D:E9:86:D4:23:94:66:DE:11:E8:96
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145482.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:ab10::/32

    Signature Algorithm: sha256WithRSAEncryption
         8e:c2:dd:bb:53:53:7c:ec:78:97:ce:13:13:e5:4c:7a:40:08:
         4e:c1:dd:4c:3f:05:92:62:e8:2e:25:e9:f1:a0:59:c7:fc:39:
         80:e7:3f:1b:3a:a9:db:0c:2c:fa:2b:41:45:d6:37:50:de:f2:
         60:d7:b4:81:b9:77:7f:ec:6e:91:ab:f5:6c:0d:a5:33:c9:63:
         56:32:02:e5:a8:cc:ac:40:f9:25:c8:cc:e8:4a:f5:df:09:8a:
         ee:9b:c0:23:f4:b3:78:da:22:ba:08:55:82:c7:37:92:41:66:
         b6:46:ba:cd:6e:9d:ee:71:d2:4d:03:7a:40:f7:10:07:2f:63:
         56:35:e8:c9:e7:64:7e:21:28:70:37:e4:14:d0:90:4e:6d:9c:
         80:17:b9:da:f6:32:1f:5b:fd:b9:90:88:7c:0e:99:65:62:c6:
         73:be:c0:96:13:1e:43:06:62:90:79:fe:10:85:d2:d4:20:c0:
         50:29:3c:f5:56:d1:43:75:34:a8:e5:7f:c1:c3:1c:8c:e6:0c:
         42:61:09:4f:c8:bb:ca:1f:f5:61:3b:5c:ca:ba:9f:15:2f:26:
         01:cd:9b:de:f3:f7:e9:96:28:9f:94:bc:09:56:f0:7a:06:8c:
         18:52:7b:dc:c2:51:f8:39:47:48:f6:bc:b5:b5:79:0d:38:4d:
         5a:fb:a6:3a
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUexx7N/YLmc/4TTdVDSbJzg+1jFUwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTcwNloX
DTI3MDMwMzA2MjIwNlowMzExMC8GA1UEAxMoQjU5OEIxQzlDQzg3QzAwMjRFMURF
OTg2RDQyMzk0NjZERTExRTg5NjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANoyNXGDfIix1KTKTuHtCExE/8nwNZMf8IW0UPLuAchqbjkHACk+wlwU4YmV
ZmbhgDcwDQEfJDFa8Er1ayemXk1uabiHIEsuO6e5hdZDw51SuW9W+jTVHyrqJgyJ
NB3dtTdnUzMuTM6/FfjJe8powvlU/lYA+UwVDH2CEGx2ChRrp6XdpjIypMhiFW8A
xk3p38TzAoKcGp9xd2n6ZsX+JTfF8uaS4/V5zMzhXhAhGSYkH9qmUmxs+2VhMuu8
wonSs/PBIt55u1CqhkSfmbZd1OCu2ukOykov9YPVPz+6eLyl50nFmeVki2TuJbuG
JgJ0aOBWV7diWYFU244UQilFFl0CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBS1mLHJ
zIfAAk4d6YbUI5Rm3hHoljAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTQ4Mi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
qxAwDQYJKoZIhvcNAQELBQADggEBAI7C3btTU3zseJfOExPlTHpACE7B3Uw/BZJi
6C4l6fGgWcf8OYDnPxs6qdsMLPorQUXWN1De8mDXtIG5d3/sbpGr9WwNpTPJY1Yy
AuWozKxA+SXIzOhK9d8Jiu6bwCP0s3jaIroIVYLHN5JBZrZGus1une5x0k0DekD3
EAcvY1Y16MnnZH4hKHA35BTQkE5tnIAXudr2Mh9b/bmQiHwOmWVixnO+wJYTHkMG
YpB5/hCF0tQgwFApPPVW0UN1NKjlf8HDHIzmDEJhCU/Iu8of9WE7XMq6nxUvJgHN
m97z9+mWKJ+UvAlW8HoGjBhSe9zCUfg5R0j2vLW1eQ04TVr7pjo=
-----END CERTIFICATE-----