Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145560.roa
File:                     AS145560.roa (raw, json)
Hash identifier:          dBItrFgs4WdzabTvvTrFIQngdKQByH5QyeGKvI7iGBI=
Subject key identifier:   FA:6C:DC:94:DC:30:D3:98:F5:1E:55:E0:B2:09:F5:61:4E:39:22:63
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       227945F3165DEEA8F95D52EF027A6EC54600E6A0
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145560.roa
Signing time:             Wed 04 Mar 2026 06:30:01 +0000
ROA not before:           Wed 04 Mar 2026 06:25:01 +0000
ROA not after:            Wed 03 Mar 2027 06:30:01 +0000
asID:                     145560
IP address blocks:        240a:ab5e::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:79:45:f3:16:5d:ee:a8:f9:5d:52:ef:02:7a:6e:c5:46:00:e6:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:25:01 2026 GMT
            Not After : Mar  3 06:30:01 2027 GMT
        Subject: CN=FA6CDC94DC30D398F51E55E0B209F5614E392263
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:db:fd:34:d3:e7:f8:d2:16:84:89:8e:25:9f:
                    cb:94:4e:66:ce:3c:0d:44:27:ef:9d:6b:df:56:d9:
                    73:17:b2:a3:96:cc:d2:75:ae:1f:77:3f:98:fe:8d:
                    4b:44:d0:37:09:89:ba:c7:77:0d:1f:42:03:99:69:
                    4d:8d:eb:42:88:e4:15:74:21:c6:f9:59:6c:e6:0a:
                    67:10:e4:d0:a1:a4:19:75:cb:75:49:f0:91:9f:50:
                    c4:f8:17:95:85:c2:cf:cc:b1:ae:50:b1:b9:af:89:
                    ed:a8:47:9b:e6:3b:fe:07:1a:0c:43:25:f1:ae:f6:
                    10:60:47:55:dc:39:e5:2f:85:81:54:c2:e7:4c:b1:
                    19:a7:bb:ec:49:b7:90:d1:10:59:69:25:74:6c:93:
                    f8:10:04:01:6f:6c:63:3e:77:9b:bf:d6:34:8b:07:
                    d6:f8:c2:8d:7c:fb:08:e2:7c:49:d7:cc:0d:09:75:
                    57:d9:f9:2e:14:c7:cf:4d:bc:a4:82:e3:fa:17:0f:
                    4e:78:16:d5:00:2f:5d:14:90:0c:4d:e9:c8:7e:81:
                    75:0e:6f:66:e3:3e:06:be:2f:7a:f5:d1:cc:18:ab:
                    aa:5e:a0:c0:ac:4b:6b:fd:6a:64:f5:61:11:89:97:
                    00:55:79:1c:13:56:93:ac:44:c1:b7:d1:e3:54:34:
                    2a:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:6C:DC:94:DC:30:D3:98:F5:1E:55:E0:B2:09:F5:61:4E:39:22:63
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145560.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:ab5e::/32

    Signature Algorithm: sha256WithRSAEncryption
         a1:86:92:79:89:39:86:68:9e:31:0d:d5:a6:7a:a2:f4:c2:04:
         2b:ac:3a:25:8f:f5:34:f7:35:38:1e:05:d8:be:cd:8c:41:83:
         63:49:b3:5c:c3:6e:c7:5e:94:03:88:48:01:45:40:7c:25:80:
         3d:db:3e:c8:1c:e7:80:74:e6:62:ee:9c:98:70:bb:c6:ef:54:
         54:f0:d7:76:45:50:50:28:cd:d8:e9:4e:2e:80:9e:f4:95:2d:
         6d:51:c9:d5:b0:d3:26:73:60:85:34:2f:2f:de:fb:16:32:90:
         9f:f6:78:b4:13:ce:69:c0:40:ce:85:a6:80:38:46:a4:65:12:
         1d:cb:4b:18:e5:f6:29:ae:4d:bc:3f:36:f7:8e:52:9f:6c:d5:
         6b:36:a2:e5:7c:c1:68:a1:5e:fe:90:cc:98:b9:36:6e:6d:fc:
         a0:00:4d:47:ef:3b:fc:72:fb:22:ed:24:5b:79:0c:9c:0e:81:
         23:9d:e4:35:93:00:a2:e4:ff:44:81:40:95:f3:97:51:5e:1d:
         3c:81:44:f3:22:85:5b:03:8b:e3:0d:23:03:a5:0d:45:25:0e:
         9d:5d:ba:ad:40:77:2d:dd:0a:97:46:a5:54:46:4a:64:df:12:
         4e:e4:d4:5e:2f:8d:77:83:03:31:46:a2:f4:9c:98:e2:d4:2d:
         ab:18:3b:eb
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUInlF8xZd7qj5XVLvAnpuxUYA5qAwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MjUwMVoX
DTI3MDMwMzA2MzAwMVowMzExMC8GA1UEAxMoRkE2Q0RDOTREQzMwRDM5OEY1MUU1
NUUwQjIwOUY1NjE0RTM5MjI2MzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMPb/TTT5/jSFoSJjiWfy5ROZs48DUQn751r31bZcxeyo5bM0nWuH3c/mP6N
S0TQNwmJusd3DR9CA5lpTY3rQojkFXQhxvlZbOYKZxDk0KGkGXXLdUnwkZ9QxPgX
lYXCz8yxrlCxua+J7ahHm+Y7/gcaDEMl8a72EGBHVdw55S+FgVTC50yxGae77Em3
kNEQWWkldGyT+BAEAW9sYz53m7/WNIsH1vjCjXz7COJ8SdfMDQl1V9n5LhTHz028
pILj+hcPTngW1QAvXRSQDE3pyH6BdQ5vZuM+Br4vevXRzBirql6gwKxLa/1qZPVh
EYmXAFV5HBNWk6xEwbfR41Q0KicCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBT6bNyU
3DDTmPUeVeCyCfVhTjkiYzAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTU2MC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
q14wDQYJKoZIhvcNAQELBQADggEBAKGGknmJOYZonjEN1aZ6ovTCBCusOiWP9TT3
NTgeBdi+zYxBg2NJs1zDbsdelAOISAFFQHwlgD3bPsgc54B05mLunJhwu8bvVFTw
13ZFUFAozdjpTi6AnvSVLW1RydWw0yZzYIU0Ly/e+xYykJ/2eLQTzmnAQM6FpoA4
RqRlEh3LSxjl9imuTbw/NveOUp9s1Ws2ouV8wWihXv6QzJi5Nm5t/KAATUfvO/xy
+yLtJFt5DJwOgSOd5DWTAKLk/0SBQJXzl1FeHTyBRPMihVsDi+MNIwOlDUUlDp1d
uq1Ady3dCpdGpVRGSmTfEk7k1F4vjXeDAzFGovScmOLULasYO+s=
-----END CERTIFICATE-----