Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145523.roa
File:                     AS145523.roa (raw, json)
Hash identifier:          EgmWHbVSjM4k6iqrz7GfRxFgoeuDBGLfrI4JATjZ50k=
Subject key identifier:   18:B0:17:94:8B:CC:6D:50:19:FC:3B:46:96:75:A3:53:8A:79:CD:11
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       619E873430C46665CD84870CBB2A9BB1D2CBCB57
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145523.roa
Signing time:             Wed 04 Mar 2026 06:29:35 +0000
ROA not before:           Wed 04 Mar 2026 06:24:35 +0000
ROA not after:            Wed 03 Mar 2027 06:29:35 +0000
asID:                     145523
IP address blocks:        240a:ab39::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:9e:87:34:30:c4:66:65:cd:84:87:0c:bb:2a:9b:b1:d2:cb:cb:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:24:35 2026 GMT
            Not After : Mar  3 06:29:35 2027 GMT
        Subject: CN=18B017948BCC6D5019FC3B469675A3538A79CD11
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:74:6e:bc:db:59:fb:5c:c0:45:7c:f5:b4:c4:
                    de:3d:56:dd:91:12:83:08:e1:ad:d9:01:e1:81:b6:
                    50:33:26:e5:ae:f4:60:54:ac:89:55:40:00:49:aa:
                    2a:54:0d:46:1f:57:78:37:34:3e:e5:b6:24:c5:57:
                    57:2e:f4:65:dd:61:dc:68:f9:01:cf:3b:dd:b8:e9:
                    16:5c:23:71:89:21:dc:f9:87:46:65:21:b9:22:2c:
                    c0:c7:1e:aa:e5:d6:7a:1f:5c:07:21:00:25:a8:14:
                    27:90:27:b1:96:d6:38:4a:25:4d:d1:f3:74:85:dd:
                    36:8a:df:d6:f1:1c:d8:17:c8:5b:c0:67:4d:5e:64:
                    35:65:fa:89:7e:4e:2a:37:83:a9:7a:6e:d2:96:14:
                    be:9a:5a:26:e3:26:58:d1:b9:e1:c1:00:8e:27:fc:
                    f9:0b:89:41:cb:44:50:68:1e:a0:6e:44:31:9d:57:
                    33:c3:47:b0:6f:d8:01:92:d1:24:1c:0e:2b:33:9a:
                    7c:2f:f8:f9:3d:48:32:81:20:85:1c:b8:58:48:52:
                    1b:c1:18:39:e4:81:90:c0:55:a3:e7:52:c0:cb:1b:
                    fb:5f:44:e0:d4:27:ab:6a:93:c8:c7:02:44:fd:63:
                    60:86:c3:d5:a4:07:58:05:c9:6e:2f:e9:5a:3f:b7:
                    8b:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:B0:17:94:8B:CC:6D:50:19:FC:3B:46:96:75:A3:53:8A:79:CD:11
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145523.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:ab39::/32

    Signature Algorithm: sha256WithRSAEncryption
         ad:c1:90:7d:fc:11:1e:69:79:49:ec:5f:47:f0:6d:a0:19:7b:
         3e:25:98:53:1d:dd:62:1e:c6:2b:8a:50:5b:7c:da:57:a4:08:
         2b:ef:c9:d8:80:d3:12:d1:72:04:24:9e:1c:60:2e:8e:5c:2b:
         0f:54:8d:75:ec:5b:dd:ff:f1:a0:c1:3a:25:8c:5d:74:89:95:
         28:af:92:5e:b3:28:c0:f3:c9:4b:e9:4a:27:7a:28:26:96:c2:
         62:e4:e0:64:8a:12:5c:6d:7e:3a:24:8f:0f:80:a1:7d:66:26:
         38:38:07:b8:e8:da:64:b5:3e:87:d3:a0:c9:3e:95:27:7d:3b:
         57:19:11:bf:98:83:5d:dd:62:35:b9:10:d5:da:f8:8c:c6:f4:
         8e:a8:c8:c5:2f:3b:82:3f:6d:b2:85:55:16:b4:c5:03:9b:3f:
         9e:6d:3d:c3:89:33:4a:69:94:87:a5:56:aa:e4:ee:dd:09:6a:
         68:f1:d9:c9:d2:fa:bf:94:82:64:f1:d8:af:20:9c:63:1a:16:
         f4:0d:4c:45:9d:87:20:e7:de:41:71:6e:1f:b1:ae:e5:20:b6:
         84:6e:1c:9a:d8:d7:72:0b:66:6e:ab:fd:3d:5a:f1:84:68:71:
         cb:57:fa:33:b9:70:42:3d:e7:d1:8c:b7:95:ff:77:2a:f1:fa:
         b6:2b:f3:7d
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUYZ6HNDDEZmXNhIcMuyqbsdLLy1cwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MjQzNVoX
DTI3MDMwMzA2MjkzNVowMzExMC8GA1UEAxMoMThCMDE3OTQ4QkNDNkQ1MDE5RkMz
QjQ2OTY3NUEzNTM4QTc5Q0QxMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK90brzbWftcwEV89bTE3j1W3ZESgwjhrdkB4YG2UDMm5a70YFSsiVVAAEmq
KlQNRh9XeDc0PuW2JMVXVy70Zd1h3Gj5Ac873bjpFlwjcYkh3PmHRmUhuSIswMce
quXWeh9cByEAJagUJ5AnsZbWOEolTdHzdIXdNorf1vEc2BfIW8BnTV5kNWX6iX5O
KjeDqXpu0pYUvppaJuMmWNG54cEAjif8+QuJQctEUGgeoG5EMZ1XM8NHsG/YAZLR
JBwOKzOafC/4+T1IMoEghRy4WEhSG8EYOeSBkMBVo+dSwMsb+19E4NQnq2qTyMcC
RP1jYIbD1aQHWAXJbi/pWj+3i1kCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQYsBeU
i8xtUBn8O0aWdaNTinnNETAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTUyMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
qzkwDQYJKoZIhvcNAQELBQADggEBAK3BkH38ER5peUnsX0fwbaAZez4lmFMd3WIe
xiuKUFt82lekCCvvydiA0xLRcgQknhxgLo5cKw9UjXXsW93/8aDBOiWMXXSJlSiv
kl6zKMDzyUvpSid6KCaWwmLk4GSKElxtfjokjw+AoX1mJjg4B7jo2mS1PofToMk+
lSd9O1cZEb+Yg13dYjW5ENXa+IzG9I6oyMUvO4I/bbKFVRa0xQObP55tPcOJM0pp
lIelVqrk7t0Jamjx2cnS+r+UgmTx2K8gnGMaFvQNTEWdhyDn3kFxbh+xruUgtoRu
HJrY13ILZm6r/T1a8YRocctX+jO5cEI959GMt5X/dyrx+rYr830=
-----END CERTIFICATE-----