Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145568.roa
File:                     AS145568.roa (raw, json)
Hash identifier:          QdvtQUIXxDCSnTlotMheFYpWm8t2Wc93HkqrTsT3Hl8=
Subject key identifier:   67:66:95:AD:23:ED:76:1F:1D:0F:AE:06:43:85:C4:B3:B6:97:0C:D5
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       3A19D0DBDB58284750DFC9F896BEB4DD368E9DCE
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145568.roa
Signing time:             Wed 04 Mar 2026 06:31:05 +0000
ROA not before:           Wed 04 Mar 2026 06:26:05 +0000
ROA not after:            Wed 03 Mar 2027 06:31:05 +0000
asID:                     145568
IP address blocks:        240a:ab66::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3a:19:d0:db:db:58:28:47:50:df:c9:f8:96:be:b4:dd:36:8e:9d:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:26:05 2026 GMT
            Not After : Mar  3 06:31:05 2027 GMT
        Subject: CN=676695AD23ED761F1D0FAE064385C4B3B6970CD5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:2a:7e:85:1a:35:6c:63:81:e3:92:4f:8d:77:
                    99:8a:02:1e:ba:c2:38:96:1f:e5:6a:aa:82:e8:3a:
                    76:d7:9b:fe:aa:c4:4a:64:68:55:70:b3:b7:d3:f4:
                    31:c9:e3:3d:28:9c:c3:2c:ec:75:04:76:ee:27:b2:
                    94:54:02:5c:14:15:cb:1d:e1:30:d7:6b:1f:dd:94:
                    09:d3:89:1e:ab:f9:56:c8:ca:38:eb:e2:30:3c:93:
                    aa:e4:40:48:b4:c1:0e:4a:aa:70:ec:a4:f2:cc:57:
                    3c:e4:ca:7a:8c:fe:e5:27:2a:18:05:1c:c7:11:55:
                    f2:4a:3c:12:b1:51:c1:87:d4:59:a0:98:7a:b5:08:
                    b0:ba:23:ff:20:09:f5:38:38:50:cb:d9:ef:49:30:
                    b5:cd:ab:f4:66:d6:2d:0a:03:21:18:ed:a2:93:36:
                    ad:11:be:78:b0:c5:56:70:04:41:58:95:78:a5:95:
                    18:cb:31:69:7d:4a:63:a0:3a:fc:c1:b7:c3:d6:bb:
                    08:8c:56:50:1f:49:83:3d:5d:c2:20:5e:d5:08:d7:
                    7f:79:8d:68:3b:4f:8b:8a:e4:7a:d8:55:d0:88:30:
                    ff:d5:bb:9d:89:e6:c2:77:42:46:0f:b4:26:b9:d0:
                    26:1d:12:9b:5e:c5:31:dd:cc:f3:e0:30:a1:31:3d:
                    a7:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:66:95:AD:23:ED:76:1F:1D:0F:AE:06:43:85:C4:B3:B6:97:0C:D5
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145568.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:ab66::/32

    Signature Algorithm: sha256WithRSAEncryption
         c3:65:fd:ec:c8:de:3a:57:61:a0:af:27:37:3a:f5:7c:7f:67:
         0b:2b:36:69:ba:a5:0a:18:26:e5:b5:b1:36:a1:64:49:b3:ef:
         0e:d4:47:32:56:34:49:95:80:9d:f8:2e:db:9a:a7:1a:f1:22:
         d3:b7:bb:16:1d:7d:84:9c:58:aa:bc:ad:b8:8a:68:91:80:57:
         4a:ca:bb:a1:73:b2:b8:73:15:84:14:98:b0:23:2c:27:2a:bb:
         e8:f1:71:f7:ee:de:79:87:bb:5a:99:c2:61:89:8b:d9:62:9a:
         6c:fc:b2:4c:60:52:01:b7:b0:83:3f:00:90:24:85:51:96:7e:
         a1:7d:d0:fc:a9:a5:41:71:60:15:6d:9a:b6:73:c9:ff:8f:e3:
         25:cd:51:d3:f3:73:af:61:a8:9d:93:b5:0d:23:cc:25:ca:f8:
         ab:70:17:2a:dc:26:ba:57:bc:fc:fe:6e:41:fe:ec:cb:20:44:
         df:08:df:08:14:40:16:f0:77:3f:97:01:46:f6:7a:43:c3:d6:
         ac:23:db:cc:42:c2:5e:9b:d6:d5:6e:c6:84:34:30:38:5b:53:
         0a:d8:d6:b0:b3:e5:47:b0:ab:9f:32:74:04:75:9d:85:a2:b8:
         cc:7c:61:f6:2e:92:5f:16:1b:17:0c:39:91:ca:a3:c4:10:5e:
         0d:1f:28:9e
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUOhnQ29tYKEdQ38n4lr603TaOnc4wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MjYwNVoX
DTI3MDMwMzA2MzEwNVowMzExMC8GA1UEAxMoNjc2Njk1QUQyM0VENzYxRjFEMEZB
RTA2NDM4NUM0QjNCNjk3MENENTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK4qfoUaNWxjgeOST413mYoCHrrCOJYf5Wqqgug6dteb/qrESmRoVXCzt9P0
McnjPSicwyzsdQR27ieylFQCXBQVyx3hMNdrH92UCdOJHqv5VsjKOOviMDyTquRA
SLTBDkqqcOyk8sxXPOTKeoz+5ScqGAUcxxFV8ko8ErFRwYfUWaCYerUIsLoj/yAJ
9Tg4UMvZ70kwtc2r9GbWLQoDIRjtopM2rRG+eLDFVnAEQViVeKWVGMsxaX1KY6A6
/MG3w9a7CIxWUB9Jgz1dwiBe1QjXf3mNaDtPi4rkethV0Igw/9W7nYnmwndCRg+0
JrnQJh0Sm17FMd3M8+AwoTE9p0kCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBRnZpWt
I+12Hx0PrgZDhcSztpcM1TAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTU2OC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
q2YwDQYJKoZIhvcNAQELBQADggEBAMNl/ezI3jpXYaCvJzc69Xx/ZwsrNmm6pQoY
JuW1sTahZEmz7w7URzJWNEmVgJ34LtuapxrxItO3uxYdfYScWKq8rbiKaJGAV0rK
u6FzsrhzFYQUmLAjLCcqu+jxcffu3nmHu1qZwmGJi9limmz8skxgUgG3sIM/AJAk
hVGWfqF90PyppUFxYBVtmrZzyf+P4yXNUdPzc69hqJ2TtQ0jzCXK+KtwFyrcJrpX
vPz+bkH+7MsgRN8I3wgUQBbwdz+XAUb2ekPD1qwj28xCwl6b1tVuxoQ0MDhbUwrY
1rCz5Uewq58ydAR1nYWiuMx8YfYukl8WGxcMOZHKo8QQXg0fKJ4=
-----END CERTIFICATE-----