Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145546.roa
File:                     AS145546.roa (raw, json)
Hash identifier:          lgjqPK9yu77JtFYyDzJlrIpx+Td9+i6YLGVqqrybr04=
Subject key identifier:   86:95:3B:DB:76:A7:72:82:A7:DC:43:3D:5A:01:DE:B1:63:72:9B:46
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       2B546490369339345096B6526ED63D1C84E4F667
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145546.roa
Signing time:             Wed 04 Mar 2026 06:30:07 +0000
ROA not before:           Wed 04 Mar 2026 06:25:07 +0000
ROA not after:            Wed 03 Mar 2027 06:30:07 +0000
asID:                     145546
IP address blocks:        240a:ab50::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2b:54:64:90:36:93:39:34:50:96:b6:52:6e:d6:3d:1c:84:e4:f6:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:25:07 2026 GMT
            Not After : Mar  3 06:30:07 2027 GMT
        Subject: CN=86953BDB76A77282A7DC433D5A01DEB163729B46
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:b7:f1:a3:db:db:bb:b2:6c:97:d5:99:89:13:
                    a8:84:61:99:c9:f4:38:8f:e7:93:53:4e:24:e9:41:
                    b5:1c:18:01:7a:b8:11:a9:7b:76:69:f0:0f:cc:a6:
                    9b:3b:7e:30:f7:26:a6:8d:77:63:b3:b9:ee:2b:90:
                    a5:c0:13:11:81:ba:38:85:fc:7d:3b:fe:50:da:c7:
                    1a:25:da:91:62:ef:38:bd:11:df:a4:03:ba:51:36:
                    38:a1:ee:8e:0e:29:f2:8b:fe:2c:49:02:8e:34:40:
                    d3:33:20:38:df:6f:da:b6:d6:02:ca:b2:76:aa:56:
                    6f:64:ad:4e:e4:d1:b2:9b:80:30:cb:d7:0b:de:4f:
                    50:43:b1:e7:df:34:f9:7c:5d:78:15:b2:9d:ec:85:
                    66:28:b2:68:9f:be:73:13:a3:b7:bd:7b:f4:dd:02:
                    7b:8d:88:72:db:0f:24:5c:96:aa:52:d8:76:ef:26:
                    17:1c:b2:39:d2:01:f4:c8:80:17:72:5c:0c:62:0d:
                    53:90:f4:96:10:b7:18:ee:a4:4b:a0:e7:be:a4:1b:
                    a0:87:ae:20:5e:35:ad:cb:b9:01:49:90:71:81:f1:
                    79:b9:57:83:eb:d8:db:ee:77:fa:0f:d9:a9:c1:82:
                    6b:dc:58:04:7c:3a:b8:1d:92:4b:b9:eb:61:60:03:
                    76:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:95:3B:DB:76:A7:72:82:A7:DC:43:3D:5A:01:DE:B1:63:72:9B:46
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145546.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:ab50::/32

    Signature Algorithm: sha256WithRSAEncryption
         85:4b:12:f1:c5:c3:d5:9a:65:46:8c:e2:e6:f6:81:c2:97:cd:
         7d:0a:ef:64:84:24:ba:87:0c:ac:fd:9e:85:f0:67:f3:d2:3e:
         07:61:73:7d:94:2e:6c:78:b7:20:8c:63:30:6d:d8:6d:7b:50:
         db:c8:88:18:fd:5f:0e:83:d4:55:48:8f:ff:aa:08:27:ff:c7:
         07:9b:ca:72:d3:4e:e0:a8:f8:78:34:29:35:47:12:eb:b9:58:
         bc:bd:3a:4e:0c:38:e7:e9:bb:de:24:b0:6b:25:8a:3b:4d:bf:
         c9:8f:9d:cd:17:73:16:fb:97:91:22:4a:0a:23:b0:65:77:43:
         6e:f1:45:ec:c0:6b:45:bb:b7:ab:24:ec:65:2f:ed:4f:82:15:
         5a:1e:7e:4a:08:a3:37:47:9d:c3:da:c5:eb:b5:25:af:7c:68:
         7f:79:98:36:ff:79:2e:64:f4:73:cf:a0:e2:84:6e:37:50:da:
         d1:3a:36:64:39:28:0f:1d:bb:fc:d4:b5:9f:9d:18:c6:d3:95:
         22:ab:67:5d:e5:6f:5a:68:77:38:44:c4:9b:f1:ee:00:07:57:
         a1:fb:8f:49:a9:20:09:49:39:50:cd:98:28:00:8f:14:46:12:
         f0:fa:c0:54:99:f1:a5:cf:8c:72:28:52:d1:46:4c:eb:4a:b5:
         6a:eb:40:d9
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUK1RkkDaTOTRQlrZSbtY9HITk9mcwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MjUwN1oX
DTI3MDMwMzA2MzAwN1owMzExMC8GA1UEAxMoODY5NTNCREI3NkE3NzI4MkE3REM0
MzNENUEwMURFQjE2MzcyOUI0NjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJ638aPb27uybJfVmYkTqIRhmcn0OI/nk1NOJOlBtRwYAXq4Eal7dmnwD8ym
mzt+MPcmpo13Y7O57iuQpcATEYG6OIX8fTv+UNrHGiXakWLvOL0R36QDulE2OKHu
jg4p8ov+LEkCjjRA0zMgON9v2rbWAsqydqpWb2StTuTRspuAMMvXC95PUEOx5980
+XxdeBWyneyFZiiyaJ++cxOjt7179N0Ce42IctsPJFyWqlLYdu8mFxyyOdIB9MiA
F3JcDGINU5D0lhC3GO6kS6DnvqQboIeuIF41rcu5AUmQcYHxeblXg+vY2+53+g/Z
qcGCa9xYBHw6uB2SS7nrYWADdvUCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBSGlTvb
dqdygqfcQz1aAd6xY3KbRjAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTU0Ni5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
q1AwDQYJKoZIhvcNAQELBQADggEBAIVLEvHFw9WaZUaM4ub2gcKXzX0K72SEJLqH
DKz9noXwZ/PSPgdhc32ULmx4tyCMYzBt2G17UNvIiBj9Xw6D1FVIj/+qCCf/xweb
ynLTTuCo+Hg0KTVHEuu5WLy9Ok4MOOfpu94ksGslijtNv8mPnc0Xcxb7l5EiSgoj
sGV3Q27xRezAa0W7t6sk7GUv7U+CFVoefkoIozdHncPaxeu1Ja98aH95mDb/eS5k
9HPPoOKEbjdQ2tE6NmQ5KA8du/zUtZ+dGMbTlSKrZ13lb1podzhExJvx7gAHV6H7
j0mpIAlJOVDNmCgAjxRGEvD6wFSZ8aXPjHIoUtFGTOtKtWrrQNk=
-----END CERTIFICATE-----