Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145578.roa
File:                     AS145578.roa (raw, json)
Hash identifier:          jiUcPpatjkiHm6Fx6gAdNFyWX/0AM8lEuv95HWoeeGc=
Subject key identifier:   B8:0E:27:DD:F0:5A:91:13:B1:83:94:41:1C:67:39:DC:BC:DC:2F:80
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       22D5256E1E7AED88474880F7E3E0C0BC452E58BE
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145578.roa
Signing time:             Wed 04 Mar 2026 06:30:58 +0000
ROA not before:           Wed 04 Mar 2026 06:25:58 +0000
ROA not after:            Wed 03 Mar 2027 06:30:58 +0000
asID:                     145578
IP address blocks:        240a:ab70::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:d5:25:6e:1e:7a:ed:88:47:48:80:f7:e3:e0:c0:bc:45:2e:58:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:25:58 2026 GMT
            Not After : Mar  3 06:30:58 2027 GMT
        Subject: CN=B80E27DDF05A9113B18394411C6739DCBCDC2F80
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:ac:7d:59:25:41:fc:43:c6:9a:b0:fd:56:bc:
                    1c:2b:ee:15:10:01:1e:8f:be:d1:96:42:f8:57:ee:
                    01:b2:f7:bc:a0:65:3c:46:3a:9b:99:f4:fd:22:9d:
                    f2:38:34:6c:6c:98:af:23:23:08:a3:3e:2d:4e:ba:
                    2c:40:8d:46:1c:d8:e4:c3:4a:79:8e:88:14:e2:52:
                    df:51:c7:d3:34:25:44:d8:32:3f:20:2e:91:69:48:
                    df:21:9e:a6:36:9c:23:f8:16:3b:e9:a7:4d:85:5d:
                    34:9c:ff:67:63:26:e3:00:03:e4:d8:77:6e:f2:80:
                    94:0e:c2:cf:27:23:fb:61:df:bf:14:f2:24:c8:89:
                    ae:75:23:45:ef:8a:63:ed:3d:3c:85:02:5c:7a:d2:
                    62:ed:35:38:12:2f:2b:ab:d2:67:f7:8b:f8:ce:71:
                    a1:de:6b:a7:af:e5:a8:2c:fe:7e:ec:62:f6:b5:f8:
                    35:9d:ee:e9:b7:ef:74:e1:ab:70:2c:3a:79:35:0d:
                    69:26:92:97:88:2b:bb:6d:48:0b:cb:50:0e:bb:e9:
                    fa:69:1b:9c:11:11:83:a1:32:10:d6:e8:ef:4d:05:
                    cd:f1:18:64:bd:86:3f:a5:a2:6d:ba:6e:f6:8b:5b:
                    5a:5a:2c:2e:cd:4a:82:9b:d0:a1:be:e1:19:5c:22:
                    ed:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:0E:27:DD:F0:5A:91:13:B1:83:94:41:1C:67:39:DC:BC:DC:2F:80
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145578.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:ab70::/32

    Signature Algorithm: sha256WithRSAEncryption
         53:95:fd:c1:cf:65:d3:46:e5:d2:ef:08:e0:4e:fc:0c:4a:5a:
         42:68:08:db:6f:39:fb:9f:28:b2:df:8f:ac:0f:14:2a:d7:11:
         02:cb:03:14:c7:cb:36:c6:73:69:b8:61:6b:f3:9a:d2:91:7b:
         2a:d5:08:58:29:32:e9:46:a6:46:5f:5a:fa:62:a1:0d:16:a7:
         2b:56:29:0c:75:d8:29:8b:43:63:df:1c:8c:64:f2:01:9d:7f:
         19:a1:70:4e:5c:cc:c3:6d:22:79:02:d0:61:38:b8:6f:bd:61:
         2e:a0:3d:3f:e4:cf:0e:86:bd:0e:ad:85:76:20:62:6a:b6:13:
         6e:ae:e3:b0:a6:d6:74:54:a0:8b:1f:45:2b:eb:88:9b:31:d0:
         14:07:e3:03:dc:64:e1:ce:cd:db:20:e9:1f:61:de:4b:46:f6:
         7a:6c:58:d5:16:aa:b8:f0:27:99:1c:f5:b0:18:09:43:c7:85:
         a4:81:64:ff:82:85:96:ae:ca:ef:21:82:60:c9:5a:ee:48:19:
         9e:08:aa:7d:aa:3f:7b:45:7e:77:9a:09:95:dd:4f:4c:eb:30:
         79:56:de:8c:1f:4a:e0:00:34:e9:ee:57:cf:be:e7:7f:01:d0:
         82:ce:f0:a0:c4:67:07:3b:f5:34:80:33:1d:29:35:d9:44:b5:
         71:0e:d4:46
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUItUlbh567YhHSID34+DAvEUuWL4wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MjU1OFoX
DTI3MDMwMzA2MzA1OFowMzExMC8GA1UEAxMoQjgwRTI3RERGMDVBOTExM0IxODM5
NDQxMUM2NzM5RENCQ0RDMkY4MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALqsfVklQfxDxpqw/Va8HCvuFRABHo++0ZZC+FfuAbL3vKBlPEY6m5n0/SKd
8jg0bGyYryMjCKM+LU66LECNRhzY5MNKeY6IFOJS31HH0zQlRNgyPyAukWlI3yGe
pjacI/gWO+mnTYVdNJz/Z2Mm4wAD5Nh3bvKAlA7Czycj+2HfvxTyJMiJrnUjRe+K
Y+09PIUCXHrSYu01OBIvK6vSZ/eL+M5xod5rp6/lqCz+fuxi9rX4NZ3u6bfvdOGr
cCw6eTUNaSaSl4gru21IC8tQDrvp+mkbnBERg6EyENbo700FzfEYZL2GP6Wibbpu
9otbWlosLs1KgpvQob7hGVwi7XMCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBS4Difd
8FqRE7GDlEEcZzncvNwvgDAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTU3OC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
q3AwDQYJKoZIhvcNAQELBQADggEBAFOV/cHPZdNG5dLvCOBO/AxKWkJoCNtvOfuf
KLLfj6wPFCrXEQLLAxTHyzbGc2m4YWvzmtKReyrVCFgpMulGpkZfWvpioQ0WpytW
KQx12CmLQ2PfHIxk8gGdfxmhcE5czMNtInkC0GE4uG+9YS6gPT/kzw6GvQ6thXYg
Ymq2E26u47Cm1nRUoIsfRSvriJsx0BQH4wPcZOHOzdsg6R9h3ktG9npsWNUWqrjw
J5kc9bAYCUPHhaSBZP+ChZauyu8hgmDJWu5IGZ4Iqn2qP3tFfneaCZXdT0zrMHlW
3owfSuAANOnuV8++538B0ILO8KDEZwc79TSAMx0pNdlEtXEO1EY=
-----END CERTIFICATE-----