Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145552.roa
File:                     AS145552.roa (raw, json)
Hash identifier:          9gMM0hcJMqDMvSY0mg8r4u6s1JC3LZVIIgADO8Vq21g=
Subject key identifier:   59:71:A7:F3:7B:5C:A7:34:F4:22:23:CC:A0:28:05:D2:D6:CC:F0:E1
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       474F88674C60A6E81ACBC50D18D9E1A3190B3EE4
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145552.roa
Signing time:             Wed 04 Mar 2026 06:29:42 +0000
ROA not before:           Wed 04 Mar 2026 06:24:42 +0000
ROA not after:            Wed 03 Mar 2027 06:29:42 +0000
asID:                     145552
IP address blocks:        240a:ab56::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:4f:88:67:4c:60:a6:e8:1a:cb:c5:0d:18:d9:e1:a3:19:0b:3e:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:24:42 2026 GMT
            Not After : Mar  3 06:29:42 2027 GMT
        Subject: CN=5971A7F37B5CA734F42223CCA02805D2D6CCF0E1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:1d:8d:f3:6c:6d:57:f8:02:b2:26:ad:6b:ce:
                    af:0b:5e:36:6b:f3:17:1a:22:da:21:43:b7:36:a2:
                    16:7f:31:c5:8c:0d:52:51:2e:7a:01:51:10:e9:3f:
                    0b:0d:d4:79:02:db:bd:20:d0:b4:62:c0:2f:83:b4:
                    e6:b1:30:bb:57:56:b4:9e:7f:28:24:09:9d:06:d8:
                    95:0d:c5:6c:82:e6:67:5b:d3:fb:f4:c4:58:c0:8f:
                    dc:c8:28:c3:d9:e1:bb:6d:87:84:90:68:5b:b0:65:
                    d3:2b:ff:18:79:6f:7e:8d:c9:2c:a9:68:9b:bb:78:
                    8a:69:b1:4e:c4:84:98:5e:46:a6:57:d1:04:1a:7c:
                    3b:ce:80:d6:60:45:3f:0d:a5:e1:c7:60:71:84:0e:
                    4f:05:85:b6:fd:a4:b9:97:2e:a2:3a:c5:da:ce:19:
                    03:58:37:05:09:f7:25:1b:d8:3f:2e:a9:b1:bd:48:
                    c4:73:35:27:5b:03:3b:a1:83:64:33:19:fe:da:9d:
                    0f:02:d8:f7:63:9e:4c:fd:ac:0e:ea:7e:3e:8c:ed:
                    46:c6:2f:1c:c8:5e:39:38:f9:14:19:36:13:51:b4:
                    94:6b:17:5d:ce:18:2f:17:7d:82:e5:a5:df:96:a7:
                    1a:02:23:ba:25:83:06:96:ee:ce:01:6e:3c:b8:09:
                    c8:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:71:A7:F3:7B:5C:A7:34:F4:22:23:CC:A0:28:05:D2:D6:CC:F0:E1
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145552.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:ab56::/32

    Signature Algorithm: sha256WithRSAEncryption
         0e:e6:22:e8:e2:ec:4a:a4:7f:5a:ff:0d:eb:86:50:e2:a4:ce:
         3f:c9:2f:23:af:51:64:ac:85:06:88:f3:31:54:ef:2b:46:53:
         95:1d:b2:af:fe:86:86:bf:56:e9:97:a6:99:ce:70:65:22:af:
         b1:47:ea:8f:8f:f7:03:66:6f:b3:c9:e6:d0:61:ed:eb:09:37:
         2e:3e:eb:1f:94:b6:c6:f1:9b:6f:4a:9d:ec:08:d9:97:31:2a:
         1b:1a:08:78:56:ea:be:f5:ff:f9:53:fb:d4:e6:51:a9:6f:5c:
         86:e7:b2:b5:93:1b:1f:7c:6c:6e:93:3e:be:8f:9a:b1:cf:6c:
         19:0b:a9:de:7f:fd:bf:aa:0c:38:97:d4:bf:c3:ef:81:37:49:
         b7:de:14:7e:02:cf:ee:d9:d6:6f:05:92:e6:f9:74:f4:1d:28:
         80:5b:41:75:a9:bc:f1:f6:db:4d:88:77:e9:77:b2:25:ae:81:
         cd:e5:ee:c4:5b:24:76:02:e3:8b:56:1f:84:63:bb:54:22:b8:
         b3:e9:aa:8e:ea:49:74:68:63:d3:b9:32:b3:c8:ab:bb:4b:49:
         1c:fb:b4:fe:b7:1c:45:46:7f:04:5b:fd:32:f2:8d:d8:df:a6:
         4e:10:c7:71:43:16:c6:14:fa:d3:fb:ed:9f:23:81:70:50:08:
         25:07:32:fd
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUR0+IZ0xgpugay8UNGNnhoxkLPuQwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MjQ0MloX
DTI3MDMwMzA2Mjk0MlowMzExMC8GA1UEAxMoNTk3MUE3RjM3QjVDQTczNEY0MjIy
M0NDQTAyODA1RDJENkNDRjBFMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJYdjfNsbVf4ArImrWvOrwteNmvzFxoi2iFDtzaiFn8xxYwNUlEuegFREOk/
Cw3UeQLbvSDQtGLAL4O05rEwu1dWtJ5/KCQJnQbYlQ3FbILmZ1vT+/TEWMCP3Mgo
w9nhu22HhJBoW7Bl0yv/GHlvfo3JLKlom7t4immxTsSEmF5GplfRBBp8O86A1mBF
Pw2l4cdgcYQOTwWFtv2kuZcuojrF2s4ZA1g3BQn3JRvYPy6psb1IxHM1J1sDO6GD
ZDMZ/tqdDwLY92OeTP2sDup+PoztRsYvHMheOTj5FBk2E1G0lGsXXc4YLxd9guWl
35anGgIjuiWDBpbuzgFuPLgJyM8CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBRZcafz
e1ynNPQiI8ygKAXS1szw4TAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTU1Mi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
q1YwDQYJKoZIhvcNAQELBQADggEBAA7mIuji7Eqkf1r/DeuGUOKkzj/JLyOvUWSs
hQaI8zFU7ytGU5Udsq/+hoa/VumXppnOcGUir7FH6o+P9wNmb7PJ5tBh7esJNy4+
6x+Utsbxm29KnewI2ZcxKhsaCHhW6r71//lT+9TmUalvXIbnsrWTGx98bG6TPr6P
mrHPbBkLqd5//b+qDDiX1L/D74E3SbfeFH4Cz+7Z1m8Fkub5dPQdKIBbQXWpvPH2
202Id+l3siWugc3l7sRbJHYC44tWH4Rju1QiuLPpqo7qSXRoY9O5MrPIq7tLSRz7
tP63HEVGfwRb/TLyjdjfpk4Qx3FDFsYU+tP77Z8jgXBQCCUHMv0=
-----END CERTIFICATE-----