Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145549.roa
File:                     AS145549.roa (raw, json)
Hash identifier:          qHNf6vsl9nQ/YSVQr4OV1bTB02ti7iVWm6ncyiQ/0/Y=
Subject key identifier:   14:67:BC:39:6C:60:60:6A:EC:F1:11:F8:39:C1:5B:29:CE:CB:77:ED
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       6F79A873FA3FF5DDF4CDB5A0227E481A6777FCB1
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145549.roa
Signing time:             Wed 04 Mar 2026 06:29:52 +0000
ROA not before:           Wed 04 Mar 2026 06:24:52 +0000
ROA not after:            Wed 03 Mar 2027 06:29:52 +0000
asID:                     145549
IP address blocks:        240a:ab53::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6f:79:a8:73:fa:3f:f5:dd:f4:cd:b5:a0:22:7e:48:1a:67:77:fc:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:24:52 2026 GMT
            Not After : Mar  3 06:29:52 2027 GMT
        Subject: CN=1467BC396C60606AECF111F839C15B29CECB77ED
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:41:ab:2d:5a:4c:ce:c6:f3:a3:af:bc:42:4b:
                    b8:51:62:af:de:30:b5:e8:b2:07:bf:ed:45:83:49:
                    d9:59:1a:f5:e4:e9:c5:eb:ca:cb:f8:1e:65:bf:2f:
                    14:d2:b7:47:d3:c9:be:45:09:5f:3f:f2:cb:d2:1d:
                    50:79:de:d7:25:57:3b:d3:5a:e8:1a:02:a8:8b:83:
                    11:31:f4:2e:d7:8c:83:ae:67:84:08:8b:4e:4a:28:
                    00:3e:f8:9f:86:56:0e:64:dc:c8:99:15:45:4e:1f:
                    33:f8:70:c9:18:9a:7f:0c:3d:a0:8d:f9:e0:ab:fc:
                    d4:e3:10:d8:ff:94:e0:36:4b:e8:6e:d8:a1:df:47:
                    2f:ca:89:54:95:1b:ad:9f:8f:33:fa:2a:fb:6c:3b:
                    8c:9a:42:20:84:85:0c:88:b0:13:b6:d2:f5:ca:62:
                    c4:8e:10:f0:10:fe:91:54:40:3e:fe:f9:8e:ce:14:
                    7a:3d:fc:9b:29:d4:e1:7f:42:7e:3c:ea:7c:69:d8:
                    91:3e:34:3d:a1:0e:b9:3b:42:01:d0:9c:4a:62:48:
                    e6:23:05:09:e5:29:01:54:72:a7:dd:c5:25:e4:b3:
                    cf:4c:a5:80:e5:b3:52:05:1c:64:a7:3f:7a:c4:41:
                    e0:85:59:d6:d8:d4:6e:eb:3a:bd:b7:d4:d8:b4:7a:
                    29:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:67:BC:39:6C:60:60:6A:EC:F1:11:F8:39:C1:5B:29:CE:CB:77:ED
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145549.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:ab53::/32

    Signature Algorithm: sha256WithRSAEncryption
         b2:2a:87:8d:3e:cc:9a:c6:6e:e5:b6:af:f6:ff:e7:44:62:52:
         54:1d:c6:a1:be:a4:7b:4d:08:21:5a:4f:67:66:70:81:f2:cf:
         a8:79:dc:29:83:ff:1f:58:44:14:43:7e:6d:76:8a:30:63:37:
         32:45:b5:57:f7:db:a8:f9:cc:d3:28:fa:32:48:dd:e7:a3:d7:
         1f:ef:ca:02:33:ef:5a:15:5b:f2:ac:71:8d:25:79:0b:c1:e6:
         16:c1:d1:09:43:01:69:01:16:72:21:54:16:ab:04:82:cd:ee:
         51:48:8e:2d:6e:86:6f:92:16:e3:ca:5c:2a:2d:00:99:4f:7d:
         7a:24:15:15:45:9d:b1:32:4a:00:01:5c:df:bf:ae:99:58:eb:
         0f:02:5a:58:31:70:c5:dd:ae:96:a0:c6:9e:26:08:9d:37:8c:
         22:05:89:d8:2f:1c:4e:98:42:6d:f9:d0:c5:55:e0:26:85:12:
         a0:50:49:9c:39:0d:40:0e:fc:63:de:05:3e:d9:c0:cb:76:04:
         3f:a0:df:ef:b1:43:e7:e9:da:99:94:fd:ba:04:0d:bc:ae:31:
         3a:ec:56:4c:db:93:41:48:12:49:91:f6:09:24:64:e6:82:53:
         a4:e7:d2:12:76:e1:ea:e4:2e:4e:d7:7b:26:f1:45:06:34:31:
         b1:06:e2:a2
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUb3moc/o/9d30zbWgIn5IGmd3/LEwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MjQ1MloX
DTI3MDMwMzA2Mjk1MlowMzExMC8GA1UEAxMoMTQ2N0JDMzk2QzYwNjA2QUVDRjEx
MUY4MzlDMTVCMjlDRUNCNzdFRDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKFBqy1aTM7G86OvvEJLuFFir94wteiyB7/tRYNJ2Vka9eTpxevKy/geZb8v
FNK3R9PJvkUJXz/yy9IdUHne1yVXO9Na6BoCqIuDETH0LteMg65nhAiLTkooAD74
n4ZWDmTcyJkVRU4fM/hwyRiafww9oI354Kv81OMQ2P+U4DZL6G7Yod9HL8qJVJUb
rZ+PM/oq+2w7jJpCIISFDIiwE7bS9cpixI4Q8BD+kVRAPv75js4Uej38mynU4X9C
fjzqfGnYkT40PaEOuTtCAdCcSmJI5iMFCeUpAVRyp93FJeSzz0ylgOWzUgUcZKc/
esRB4IVZ1tjUbus6vbfU2LR6KTcCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQUZ7w5
bGBgauzxEfg5wVspzst37TAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTU0OS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
q1MwDQYJKoZIhvcNAQELBQADggEBALIqh40+zJrGbuW2r/b/50RiUlQdxqG+pHtN
CCFaT2dmcIHyz6h53CmD/x9YRBRDfm12ijBjNzJFtVf326j5zNMo+jJI3eej1x/v
ygIz71oVW/KscY0leQvB5hbB0QlDAWkBFnIhVBarBILN7lFIji1uhm+SFuPKXCot
AJlPfXokFRVFnbEySgABXN+/rplY6w8CWlgxcMXdrpagxp4mCJ03jCIFidgvHE6Y
Qm350MVV4CaFEqBQSZw5DUAO/GPeBT7ZwMt2BD+g3++xQ+fp2pmU/boEDbyuMTrs
Vkzbk0FIEkmR9gkkZOaCU6Tn0hJ24erkLk7XeybxRQY0MbEG4qI=
-----END CERTIFICATE-----