Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145582.roa
File:                     AS145582.roa (raw, json)
Hash identifier:          O8DpBtO3SxvaZUR16D8CocVIsXHz3M8OnZIf75RzScA=
Subject key identifier:   A7:86:1D:DA:E5:B7:C7:7F:10:D0:10:B5:BE:32:3E:8F:3C:4F:D8:0C
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       199246FD069B0AE0235168DB2DD96B8AB1B0D32F
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145582.roa
Signing time:             Wed 04 Mar 2026 06:30:20 +0000
ROA not before:           Wed 04 Mar 2026 06:25:20 +0000
ROA not after:            Wed 03 Mar 2027 06:30:20 +0000
asID:                     145582
IP address blocks:        240a:ab74::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            19:92:46:fd:06:9b:0a:e0:23:51:68:db:2d:d9:6b:8a:b1:b0:d3:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:25:20 2026 GMT
            Not After : Mar  3 06:30:20 2027 GMT
        Subject: CN=A7861DDAE5B7C77F10D010B5BE323E8F3C4FD80C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:1d:24:91:5e:04:04:1c:96:f3:41:e8:13:f9:
                    5b:d5:94:e9:1d:94:e8:2c:a4:cf:ab:f1:37:33:4b:
                    eb:06:a8:d2:c1:4b:f0:9a:94:56:44:fb:56:7a:43:
                    7e:4c:a9:ef:ba:39:38:54:2c:92:bb:99:2e:fc:a5:
                    76:38:55:4b:05:52:93:ce:20:c7:fb:19:57:fd:28:
                    b4:a7:98:28:f5:54:2f:7b:b7:85:3d:55:0a:48:ad:
                    b3:f3:88:e2:67:22:a1:d3:8c:30:e7:9b:53:97:53:
                    ce:65:6f:22:69:ed:8b:02:fb:9d:d3:3d:62:e1:ad:
                    c7:5e:8e:12:ea:67:43:e8:27:e6:f6:f8:c3:f4:29:
                    4f:ee:b6:12:b6:3c:00:81:b6:5c:d5:79:68:ba:2c:
                    c8:43:2d:a9:ee:d4:5a:6a:f5:cd:f6:a9:89:26:f9:
                    a7:2d:08:c6:ed:1a:b6:a5:e4:32:79:46:c1:c0:e3:
                    07:4a:12:7e:82:8b:e6:55:11:ff:09:fc:88:98:f8:
                    b7:7c:8a:a5:b7:89:0a:07:ca:90:30:1a:a6:4d:22:
                    c8:5c:17:f2:b3:a4:08:c0:35:d2:56:9b:67:73:bc:
                    62:10:8f:34:bd:67:b3:b7:76:f8:e7:9b:d9:18:1e:
                    a3:fe:67:2a:cc:a4:bd:22:b8:41:85:02:23:ec:b2:
                    f5:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:86:1D:DA:E5:B7:C7:7F:10:D0:10:B5:BE:32:3E:8F:3C:4F:D8:0C
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145582.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:ab74::/32

    Signature Algorithm: sha256WithRSAEncryption
         5f:7d:84:26:7c:53:0f:a0:19:2d:42:cf:a6:e6:76:57:96:36:
         9c:8c:3d:3b:fc:dc:e2:89:c1:09:41:c4:c4:f7:35:aa:6c:63:
         3b:0c:71:59:d5:37:a9:3f:50:ec:3d:5f:73:7a:99:19:b9:e9:
         4f:15:fb:ac:c4:bc:1c:61:a0:cb:15:03:b8:d9:5d:5a:af:9b:
         9c:7b:16:5c:5b:fb:cf:78:43:fd:42:11:26:af:cd:06:f7:b1:
         25:d1:24:f2:8c:95:7e:a3:d5:9d:1f:47:cd:8d:a4:64:66:45:
         23:f1:5e:2a:4b:1e:be:a6:8c:41:25:35:b6:83:43:13:56:24:
         04:73:ac:19:a1:ec:c8:e5:7d:c6:7b:bc:15:33:09:3a:76:ae:
         ce:e0:93:98:f8:c1:66:2b:a3:95:53:df:65:42:09:a6:7a:d9:
         96:90:bb:e8:eb:fc:23:5e:24:55:bd:49:1c:4f:e9:ef:5b:cd:
         6c:75:32:f7:91:32:4e:9b:af:ad:0a:9a:c0:cc:7f:8b:89:37:
         3f:e0:76:10:a2:eb:8a:e0:e8:b9:89:3a:e4:53:b0:88:6d:8b:
         33:9d:58:05:4a:f1:0e:03:2b:6d:f3:7f:65:e1:99:c5:4d:4e:
         12:70:a8:37:b6:90:88:12:b1:6e:9b:22:3e:53:68:53:ed:a1:
         ef:b8:64:d5
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUGZJG/QabCuAjUWjbLdlrirGw0y8wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MjUyMFoX
DTI3MDMwMzA2MzAyMFowMzExMC8GA1UEAxMoQTc4NjFEREFFNUI3Qzc3RjEwRDAx
MEI1QkUzMjNFOEYzQzRGRDgwQzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALgdJJFeBAQclvNB6BP5W9WU6R2U6Cykz6vxNzNL6wao0sFL8JqUVkT7VnpD
fkyp77o5OFQskruZLvyldjhVSwVSk84gx/sZV/0otKeYKPVUL3u3hT1VCkits/OI
4mciodOMMOebU5dTzmVvImntiwL7ndM9YuGtx16OEupnQ+gn5vb4w/QpT+62ErY8
AIG2XNV5aLosyEMtqe7UWmr1zfapiSb5py0Ixu0atqXkMnlGwcDjB0oSfoKL5lUR
/wn8iJj4t3yKpbeJCgfKkDAapk0iyFwX8rOkCMA10labZ3O8YhCPNL1ns7d2+Oeb
2Rgeo/5nKsykvSK4QYUCI+yy9cMCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBSnhh3a
5bfHfxDQELW+Mj6PPE/YDDAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTU4Mi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
q3QwDQYJKoZIhvcNAQELBQADggEBAF99hCZ8Uw+gGS1Cz6bmdleWNpyMPTv83OKJ
wQlBxMT3NapsYzsMcVnVN6k/UOw9X3N6mRm56U8V+6zEvBxhoMsVA7jZXVqvm5x7
Flxb+894Q/1CESavzQb3sSXRJPKMlX6j1Z0fR82NpGRmRSPxXipLHr6mjEElNbaD
QxNWJARzrBmh7MjlfcZ7vBUzCTp2rs7gk5j4wWYro5VT32VCCaZ62ZaQu+jr/CNe
JFW9SRxP6e9bzWx1MveRMk6br60KmsDMf4uJNz/gdhCi64rg6LmJOuRTsIhtizOd
WAVK8Q4DK23zf2XhmcVNThJwqDe2kIgSsW6bIj5TaFPtoe+4ZNU=
-----END CERTIFICATE-----