Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145487.roa
File:                     AS145487.roa (raw, json)
Hash identifier:          BGLUY6kkSa08eq2D09WycxPMTjvdxq1WwZ1xDE6zuJM=
Subject key identifier:   B5:31:B7:BF:AA:C7:82:FC:F0:90:A3:27:4C:8E:04:21:9F:94:49:91
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       144094C39C2462B55B7644549964C49AE4EDB44E
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145487.roa
Signing time:             Wed 04 Mar 2026 06:21:00 +0000
ROA not before:           Wed 04 Mar 2026 06:16:00 +0000
ROA not after:            Wed 03 Mar 2027 06:21:00 +0000
asID:                     145487
IP address blocks:        240a:ab15::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            14:40:94:c3:9c:24:62:b5:5b:76:44:54:99:64:c4:9a:e4:ed:b4:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:16:00 2026 GMT
            Not After : Mar  3 06:21:00 2027 GMT
        Subject: CN=B531B7BFAAC782FCF090A3274C8E04219F944991
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:15:56:ca:96:a4:c9:0e:8e:12:ae:eb:85:8d:
                    1a:f7:03:0c:d9:b8:7c:62:de:23:e3:f8:18:fd:c6:
                    c0:86:1c:11:bb:3b:e1:d7:9b:a4:af:de:f2:9f:db:
                    51:64:29:dc:58:f0:8e:7b:07:eb:66:2d:8c:5b:e2:
                    bb:8e:5b:1c:dc:c1:d8:68:d0:26:71:08:5b:a9:5d:
                    66:ff:09:9e:a7:6d:ad:00:3d:c3:cc:5f:05:53:2d:
                    d3:99:26:7c:cb:2b:c7:76:32:9d:76:26:65:52:cb:
                    ca:cd:ae:81:6d:c7:46:a3:5e:09:0c:a4:3a:1a:d0:
                    b3:9f:99:85:db:ab:59:2c:a2:56:3d:08:5c:69:c1:
                    e9:d0:40:60:f6:24:56:2e:c8:7c:75:d7:9e:d5:39:
                    bb:9b:c5:51:68:39:e9:ee:3c:d3:9f:6d:3d:cb:53:
                    2e:58:21:91:6e:30:23:9a:05:2c:d8:d4:c9:e0:18:
                    bd:8b:60:4b:a2:fd:97:37:d8:e0:df:71:71:65:fe:
                    3e:92:f7:22:6c:37:ad:94:31:1e:1a:b4:ad:40:6c:
                    23:4d:38:f1:78:1f:10:56:80:6e:d4:4b:ce:39:fd:
                    9e:42:52:b9:b7:ee:fc:cc:dd:14:2d:a9:fd:09:ad:
                    1e:65:02:1e:b3:7c:07:50:e1:f0:75:13:39:a3:56:
                    a0:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:31:B7:BF:AA:C7:82:FC:F0:90:A3:27:4C:8E:04:21:9F:94:49:91
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145487.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:ab15::/32

    Signature Algorithm: sha256WithRSAEncryption
         3d:14:03:e3:01:4d:c7:ff:45:69:cc:fc:70:ff:a3:63:3e:07:
         38:ad:5f:08:5d:73:54:a9:2b:08:c2:45:fc:b6:ca:91:85:2f:
         2c:e7:55:71:76:75:70:70:96:bd:21:fd:fd:fa:96:c8:3b:5e:
         ee:17:1a:17:88:c4:c9:19:2f:87:eb:18:d7:17:6e:d6:94:52:
         5d:ab:de:9d:27:ad:ca:ff:bd:e8:87:c3:57:87:2b:c2:8e:5f:
         5e:dd:c3:7f:77:5b:e6:e7:b1:2d:14:57:77:e0:12:98:f1:53:
         dd:b7:0c:19:b3:d8:7a:0c:be:b1:92:53:94:78:59:1b:87:72:
         0d:56:39:f0:68:cc:63:b5:95:ae:e5:bf:7b:d8:d0:78:43:a8:
         66:f5:79:25:ca:fc:83:a4:34:1e:b7:e2:0f:1e:2c:07:19:59:
         54:09:b1:71:f6:ce:49:dc:c7:38:79:0c:0f:0c:e7:73:8c:9b:
         9e:0b:2e:ee:95:50:02:f9:5d:db:da:cc:9e:29:61:aa:89:05:
         bb:1b:31:c7:ea:86:17:1e:26:53:91:da:d7:c1:83:2e:67:e6:
         54:6e:0a:c9:26:95:76:09:34:3e:4f:2b:c8:74:48:25:0e:4f:
         22:37:44:72:01:96:65:4d:cf:2d:5f:fa:d5:15:9d:33:ab:33:
         0f:59:34:ca
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUFECUw5wkYrVbdkRUmWTEmuTttE4wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTYwMFoX
DTI3MDMwMzA2MjEwMFowMzExMC8GA1UEAxMoQjUzMUI3QkZBQUM3ODJGQ0YwOTBB
MzI3NEM4RTA0MjE5Rjk0NDk5MTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJ0VVsqWpMkOjhKu64WNGvcDDNm4fGLeI+P4GP3GwIYcEbs74debpK/e8p/b
UWQp3FjwjnsH62YtjFviu45bHNzB2GjQJnEIW6ldZv8JnqdtrQA9w8xfBVMt05km
fMsrx3YynXYmZVLLys2ugW3HRqNeCQykOhrQs5+ZhdurWSyiVj0IXGnB6dBAYPYk
Vi7IfHXXntU5u5vFUWg56e48059tPctTLlghkW4wI5oFLNjUyeAYvYtgS6L9lzfY
4N9xcWX+PpL3Imw3rZQxHhq0rUBsI0048XgfEFaAbtRLzjn9nkJSubfu/MzdFC2p
/QmtHmUCHrN8B1Dh8HUTOaNWoNkCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBS1Mbe/
qseC/PCQoydMjgQhn5RJkTAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTQ4Ny5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
qxUwDQYJKoZIhvcNAQELBQADggEBAD0UA+MBTcf/RWnM/HD/o2M+BzitXwhdc1Sp
KwjCRfy2ypGFLyznVXF2dXBwlr0h/f36lsg7Xu4XGheIxMkZL4frGNcXbtaUUl2r
3p0nrcr/veiHw1eHK8KOX17dw393W+bnsS0UV3fgEpjxU923DBmz2HoMvrGSU5R4
WRuHcg1WOfBozGO1la7lv3vY0HhDqGb1eSXK/IOkNB634g8eLAcZWVQJsXH2zknc
xzh5DA8M53OMm54LLu6VUAL5XdvazJ4pYaqJBbsbMcfqhhceJlOR2tfBgy5n5lRu
CskmlXYJND5PK8h0SCUOTyI3RHIBlmVNzy1f+tUVnTOrMw9ZNMo=
-----END CERTIFICATE-----