Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145564.roa
File:                     AS145564.roa (raw, json)
Hash identifier:          d/B5mkAAQaYvPaqic4xAGBz1cN5H8Eh+k6xsYtcnVsk=
Subject key identifier:   D0:10:64:0B:2D:CD:79:E5:36:E4:72:73:92:01:9F:CB:5B:8A:88:A3
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       67F83F0B31DB50A67A17111D2FC5C0039CF7AB7E
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145564.roa
Signing time:             Wed 04 Mar 2026 06:30:27 +0000
ROA not before:           Wed 04 Mar 2026 06:25:27 +0000
ROA not after:            Wed 03 Mar 2027 06:30:27 +0000
asID:                     145564
IP address blocks:        240a:ab62::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            67:f8:3f:0b:31:db:50:a6:7a:17:11:1d:2f:c5:c0:03:9c:f7:ab:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:25:27 2026 GMT
            Not After : Mar  3 06:30:27 2027 GMT
        Subject: CN=D010640B2DCD79E536E4727392019FCB5B8A88A3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:be:3f:ab:e4:5d:16:a4:8d:64:04:14:93:5b:
                    14:06:d9:9f:53:cc:76:5e:e2:ed:bd:c3:68:16:aa:
                    71:02:4b:48:e7:12:b3:0a:0f:26:b4:b3:ac:42:69:
                    57:65:c0:2f:34:83:08:7b:ed:5b:8c:ac:67:86:72:
                    33:0d:79:8f:d6:84:ac:47:35:dc:26:59:7a:6e:24:
                    b6:df:2b:87:29:62:be:08:bc:bc:8a:81:ab:b9:5c:
                    8c:09:bf:3b:39:67:f3:6b:42:2b:cd:5c:9b:f4:06:
                    2a:91:45:03:61:6b:cf:32:58:ac:32:8f:78:74:3e:
                    36:6b:3e:29:ed:d2:d6:1b:06:e0:8e:6d:d2:83:17:
                    85:ce:a0:8d:2d:4f:6a:64:b0:bf:39:68:b3:69:a7:
                    d0:2d:21:5d:a1:26:df:7b:54:51:59:1c:f0:0a:21:
                    3d:3e:ee:e9:b1:77:f7:f2:a5:2d:40:d7:17:6d:b1:
                    99:df:1c:e3:a9:6f:20:0c:95:a4:4d:35:f2:6a:44:
                    1e:bb:08:7d:35:26:cf:ba:f5:17:9a:68:11:68:aa:
                    f0:26:95:1d:4a:d7:ef:51:cb:d8:75:ba:04:57:36:
                    dc:45:18:00:aa:06:06:1e:f2:2c:cf:ea:cd:88:2f:
                    70:58:e9:c0:1a:20:9d:37:7d:c6:49:f6:35:b1:a1:
                    11:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:10:64:0B:2D:CD:79:E5:36:E4:72:73:92:01:9F:CB:5B:8A:88:A3
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145564.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:ab62::/32

    Signature Algorithm: sha256WithRSAEncryption
         bd:07:ea:0d:21:db:dc:b8:ca:52:7a:50:20:33:8e:f7:d2:2e:
         3b:fa:74:a5:5e:53:ae:a3:1d:f9:8a:79:40:df:d0:db:71:cd:
         5b:5b:d8:21:ca:91:7c:66:24:b4:24:4c:09:c7:52:51:60:63:
         78:92:da:ab:f1:ad:d1:2f:ab:01:4f:75:d1:ad:15:48:4f:f0:
         df:86:67:f4:51:49:07:bb:a1:3c:5a:2c:4f:ef:5a:a4:c7:1b:
         7c:c8:72:37:36:cd:be:1c:a1:30:d0:45:8b:c0:07:3d:99:44:
         71:eb:98:b8:ce:b1:8b:7e:d9:fa:ce:6d:57:ec:57:d7:34:f1:
         02:79:c7:2d:53:67:63:d5:9c:03:45:91:39:d8:b8:fc:f5:c0:
         05:6d:f5:0d:d6:d7:ea:d3:06:08:a3:bf:0a:84:a9:36:ca:69:
         b9:a3:e1:2b:7f:23:94:81:f5:fe:9d:22:be:ee:9f:80:05:30:
         d9:60:2e:a3:d2:57:b5:c1:1f:7b:23:00:40:d2:8b:90:1e:ac:
         11:ed:07:c8:ec:25:83:38:98:a8:16:d7:2c:4e:74:b4:7b:11:
         e9:06:90:e3:2d:b9:c3:9b:68:fb:26:6e:7d:b2:24:5f:51:20:
         05:27:eb:40:fb:a9:c7:30:43:7f:a8:01:4f:97:16:0d:79:5e:
         40:24:d3:6d
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUZ/g/CzHbUKZ6FxEdL8XAA5z3q34wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MjUyN1oX
DTI3MDMwMzA2MzAyN1owMzExMC8GA1UEAxMoRDAxMDY0MEIyRENENzlFNTM2RTQ3
MjczOTIwMTlGQ0I1QjhBODhBMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANq+P6vkXRakjWQEFJNbFAbZn1PMdl7i7b3DaBaqcQJLSOcSswoPJrSzrEJp
V2XALzSDCHvtW4ysZ4ZyMw15j9aErEc13CZZem4ktt8rhylivgi8vIqBq7lcjAm/
Ozln82tCK81cm/QGKpFFA2FrzzJYrDKPeHQ+Nms+Ke3S1hsG4I5t0oMXhc6gjS1P
amSwvzlos2mn0C0hXaEm33tUUVkc8AohPT7u6bF39/KlLUDXF22xmd8c46lvIAyV
pE018mpEHrsIfTUmz7r1F5poEWiq8CaVHUrX71HL2HW6BFc23EUYAKoGBh7yLM/q
zYgvcFjpwBognTd9xkn2NbGhEXsCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBTQEGQL
Lc155TbkcnOSAZ/LW4qIozAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTU2NC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
q2IwDQYJKoZIhvcNAQELBQADggEBAL0H6g0h29y4ylJ6UCAzjvfSLjv6dKVeU66j
HfmKeUDf0NtxzVtb2CHKkXxmJLQkTAnHUlFgY3iS2qvxrdEvqwFPddGtFUhP8N+G
Z/RRSQe7oTxaLE/vWqTHG3zIcjc2zb4coTDQRYvABz2ZRHHrmLjOsYt+2frObVfs
V9c08QJ5xy1TZ2PVnANFkTnYuPz1wAVt9Q3W1+rTBgijvwqEqTbKabmj4St/I5SB
9f6dIr7un4AFMNlgLqPSV7XBH3sjAEDSi5AerBHtB8jsJYM4mKgW1yxOdLR7EekG
kOMtucObaPsmbn2yJF9RIAUn60D7qccwQ3+oAU+XFg15XkAk020=
-----END CERTIFICATE-----