Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145577.roa
File:                     AS145577.roa (raw, json)
Hash identifier:          HvotF9T99H85OKx1RYwykqhTAwmxg9xxFEcQdeVpsUQ=
Subject key identifier:   53:88:00:07:89:21:0F:B8:B8:DD:D9:C0:22:0D:4F:53:6F:F7:0B:85
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       1F35DB2EFD52AD70A6631042C6D899B68D5687ED
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145577.roa
Signing time:             Wed 04 Mar 2026 06:29:50 +0000
ROA not before:           Wed 04 Mar 2026 06:24:50 +0000
ROA not after:            Wed 03 Mar 2027 06:29:50 +0000
asID:                     145577
IP address blocks:        240a:ab6f::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1f:35:db:2e:fd:52:ad:70:a6:63:10:42:c6:d8:99:b6:8d:56:87:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:24:50 2026 GMT
            Not After : Mar  3 06:29:50 2027 GMT
        Subject: CN=5388000789210FB8B8DDD9C0220D4F536FF70B85
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:51:4e:c7:e9:bd:4e:31:de:e3:25:e1:f0:a8:
                    ca:0b:8b:d0:f9:50:2f:35:29:75:00:a1:3d:92:f8:
                    5b:3b:b9:b6:f2:e1:47:f4:01:c9:88:14:ec:85:15:
                    5a:45:1c:1c:07:fb:cf:f8:02:f2:8c:f2:a9:0c:93:
                    e3:56:a1:af:fa:6a:b3:60:82:f4:ae:69:44:81:46:
                    13:92:4f:7c:cc:c1:9b:ad:df:d2:2e:be:c2:ac:1e:
                    53:a5:97:2d:5e:f7:e6:d4:04:e9:8d:d1:16:3a:7b:
                    d4:a6:b9:f6:9e:58:b6:8a:e9:ee:ef:42:68:bd:ea:
                    97:40:12:da:f8:d9:4f:6a:8a:54:c1:0a:c4:c5:08:
                    b3:50:3a:01:b7:f2:9d:1a:43:47:9e:df:4e:0e:bd:
                    c0:9f:f2:17:b0:a7:2e:ce:39:dc:d5:12:6d:28:e8:
                    56:79:3b:5a:62:24:3a:5d:d1:79:ff:af:fa:df:e8:
                    08:c7:82:dd:80:a1:c2:68:96:93:4a:a5:68:fc:4a:
                    30:f9:02:5d:b2:ff:54:7b:e6:43:70:12:a7:b4:05:
                    69:af:65:39:7e:1e:0e:8d:d6:90:0f:61:f9:f9:04:
                    4d:12:91:06:35:af:83:bc:23:4b:c8:bb:5f:bf:71:
                    65:5d:66:c9:b7:d2:8f:6f:77:74:95:e6:58:48:e9:
                    c8:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:88:00:07:89:21:0F:B8:B8:DD:D9:C0:22:0D:4F:53:6F:F7:0B:85
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145577.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:ab6f::/32

    Signature Algorithm: sha256WithRSAEncryption
         70:89:1f:a1:44:9e:e7:64:64:04:4a:0f:08:2c:ba:f6:97:be:
         3a:2d:d2:d8:7f:bf:dc:d0:3e:99:d9:6b:f3:e6:d6:63:f9:8e:
         de:eb:52:da:7f:70:88:0e:49:31:7b:43:f5:c6:35:3a:65:79:
         9a:eb:34:6e:ff:c5:b4:80:2a:6f:2f:a8:2d:c5:45:bc:ae:1b:
         b3:7f:b9:ea:ae:eb:3a:79:2b:5c:0b:1a:eb:84:8a:2f:aa:fb:
         a8:50:d2:b6:e8:11:84:48:9b:66:76:b8:88:b3:0f:38:34:95:
         f7:1f:9c:e8:fa:0e:9f:e3:0e:e3:83:3f:72:de:e9:1a:35:53:
         10:93:da:26:d0:ec:d7:df:97:0b:f0:93:69:7a:0c:01:3e:b9:
         c4:e5:a9:36:25:75:dc:f0:8d:c4:b7:18:63:88:26:b0:47:77:
         81:c6:24:bd:f5:fe:7a:3b:bd:e4:a8:7d:31:c8:46:db:f6:dc:
         34:c3:a1:14:60:14:16:94:37:af:03:97:b0:80:79:b3:39:15:
         04:a1:80:8d:e0:4e:3c:5d:0b:2d:8e:48:f4:81:68:ef:22:e3:
         55:64:98:05:22:6b:d0:f9:46:d7:f7:30:c9:ce:ba:13:b3:66:
         3a:79:b8:09:30:c6:39:a8:59:db:2c:d5:82:4d:a1:3d:2b:68:
         91:3f:6f:30
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUHzXbLv1SrXCmYxBCxtiZto1Wh+0wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MjQ1MFoX
DTI3MDMwMzA2Mjk1MFowMzExMC8GA1UEAxMoNTM4ODAwMDc4OTIxMEZCOEI4RERE
OUMwMjIwRDRGNTM2RkY3MEI4NTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMFRTsfpvU4x3uMl4fCoyguL0PlQLzUpdQChPZL4Wzu5tvLhR/QByYgU7IUV
WkUcHAf7z/gC8ozyqQyT41ahr/pqs2CC9K5pRIFGE5JPfMzBm63f0i6+wqweU6WX
LV735tQE6Y3RFjp71Ka59p5Ytorp7u9CaL3ql0AS2vjZT2qKVMEKxMUIs1A6Abfy
nRpDR57fTg69wJ/yF7CnLs453NUSbSjoVnk7WmIkOl3Ref+v+t/oCMeC3YChwmiW
k0qlaPxKMPkCXbL/VHvmQ3ASp7QFaa9lOX4eDo3WkA9h+fkETRKRBjWvg7wjS8i7
X79xZV1mybfSj293dJXmWEjpyAUCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBRTiAAH
iSEPuLjd2cAiDU9Tb/cLhTAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTU3Ny5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
q28wDQYJKoZIhvcNAQELBQADggEBAHCJH6FEnudkZARKDwgsuvaXvjot0th/v9zQ
PpnZa/Pm1mP5jt7rUtp/cIgOSTF7Q/XGNTpleZrrNG7/xbSAKm8vqC3FRbyuG7N/
uequ6zp5K1wLGuuEii+q+6hQ0rboEYRIm2Z2uIizDzg0lfcfnOj6Dp/jDuODP3Le
6Ro1UxCT2ibQ7Nfflwvwk2l6DAE+ucTlqTYlddzwjcS3GGOIJrBHd4HGJL31/no7
veSofTHIRtv23DTDoRRgFBaUN68Dl7CAebM5FQShgI3gTjxdCy2OSPSBaO8i41Vk
mAUia9D5Rtf3MMnOuhOzZjp5uAkwxjmoWdss1YJNoT0raJE/bzA=
-----END CERTIFICATE-----