Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145586.roa
File:                     AS145586.roa (raw, json)
Hash identifier:          i4PS28w9JtsB2wY9ZTZsWC6X3nVoDYDBxBQdzTLhqcc=
Subject key identifier:   01:84:F1:7C:21:08:57:0C:F7:F5:D9:C1:E7:E4:C2:54:A8:7B:6A:4D
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       3F8CC4218C6FDD8BA8551F365A7BC469B784FF84
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145586.roa
Signing time:             Wed 04 Mar 2026 06:29:55 +0000
ROA not before:           Wed 04 Mar 2026 06:24:55 +0000
ROA not after:            Wed 03 Mar 2027 06:29:55 +0000
asID:                     145586
IP address blocks:        240a:ab78::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3f:8c:c4:21:8c:6f:dd:8b:a8:55:1f:36:5a:7b:c4:69:b7:84:ff:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:24:55 2026 GMT
            Not After : Mar  3 06:29:55 2027 GMT
        Subject: CN=0184F17C2108570CF7F5D9C1E7E4C254A87B6A4D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:3f:6b:ce:b4:68:e7:2c:05:d9:fa:ec:2f:4e:
                    d2:95:23:28:35:fe:66:c1:0f:69:30:99:9e:17:d3:
                    33:db:b2:39:e5:11:f0:be:aa:54:42:45:92:5c:20:
                    27:5f:32:7d:53:81:62:08:b4:b7:30:3f:b5:ac:dc:
                    87:66:03:a4:22:51:18:fa:6a:e0:40:e5:8b:2c:62:
                    24:b7:84:a6:36:2a:3f:43:9d:7f:43:97:ab:80:18:
                    78:02:f8:03:51:c9:e4:1f:81:a1:6e:ce:2c:20:b2:
                    59:32:92:ec:4e:80:41:74:82:f4:f4:1c:44:4c:87:
                    6c:5e:05:f9:91:41:b9:b4:8a:c7:c0:8e:bc:57:04:
                    0b:11:f9:7f:9c:27:1f:8d:e5:b1:d6:16:74:09:e4:
                    f5:11:3b:67:de:dc:fc:43:d0:a1:ab:06:9d:5d:bf:
                    98:38:64:49:35:76:96:b9:39:5c:ef:24:15:0b:97:
                    93:1e:1a:54:e4:cd:8c:f1:f9:ac:d7:95:9b:fa:63:
                    45:1d:05:4f:27:53:08:3f:50:5f:58:7b:c7:ff:71:
                    72:01:0a:b8:5b:87:dc:14:c9:cf:7d:61:cf:2a:5a:
                    98:25:98:1a:5b:54:33:c5:c0:46:0c:7f:5d:44:c9:
                    b1:6e:ea:19:b8:d7:54:96:6d:2a:91:c6:16:a4:bf:
                    e0:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:84:F1:7C:21:08:57:0C:F7:F5:D9:C1:E7:E4:C2:54:A8:7B:6A:4D
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145586.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:ab78::/32

    Signature Algorithm: sha256WithRSAEncryption
         1d:36:85:8b:12:ee:ab:44:eb:fe:78:48:d0:66:e5:e0:25:f4:
         52:c1:e3:8d:78:d6:56:3e:7e:86:00:83:b8:47:ba:64:dc:a2:
         dd:7e:c2:b1:a3:87:3b:d7:3c:79:cc:66:f4:93:4a:53:a0:f4:
         65:1c:13:b5:f9:1b:d7:37:6c:16:a3:b2:ae:99:20:36:cb:d5:
         55:34:39:5f:80:d6:01:69:15:40:2d:6c:2d:a9:d0:13:89:cd:
         9e:21:42:07:ab:e4:64:1a:e9:83:1c:80:3a:41:e4:32:49:23:
         dc:b3:b6:ce:09:89:59:7c:94:89:41:11:fb:ee:2d:42:58:1a:
         87:0d:02:60:b9:64:65:4e:2f:5f:85:0e:dc:55:c6:1b:e9:3d:
         80:bb:af:74:ca:b8:75:0e:df:9c:e9:eb:aa:cb:1c:af:77:30:
         e8:98:2e:61:45:cd:83:10:40:2c:27:64:02:8e:7c:ec:c4:62:
         8f:fc:26:da:5d:49:72:5c:a1:6a:c4:47:87:05:8b:76:fb:91:
         91:69:f5:0e:d4:a8:12:88:0e:07:31:1f:08:04:0b:85:6b:cd:
         b1:0d:78:d0:c8:27:b9:4b:20:41:8c:98:c0:b7:c6:92:f2:8d:
         06:05:a4:67:ca:20:f5:f5:6c:11:40:a7:f9:c4:92:1c:ac:86:
         f6:c1:9d:5f
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUP4zEIYxv3YuoVR82WnvEabeE/4QwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MjQ1NVoX
DTI3MDMwMzA2Mjk1NVowMzExMC8GA1UEAxMoMDE4NEYxN0MyMTA4NTcwQ0Y3RjVE
OUMxRTdFNEMyNTRBODdCNkE0RDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANs/a860aOcsBdn67C9O0pUjKDX+ZsEPaTCZnhfTM9uyOeUR8L6qVEJFklwg
J18yfVOBYgi0tzA/tazch2YDpCJRGPpq4EDliyxiJLeEpjYqP0Odf0OXq4AYeAL4
A1HJ5B+BoW7OLCCyWTKS7E6AQXSC9PQcREyHbF4F+ZFBubSKx8COvFcECxH5f5wn
H43lsdYWdAnk9RE7Z97c/EPQoasGnV2/mDhkSTV2lrk5XO8kFQuXkx4aVOTNjPH5
rNeVm/pjRR0FTydTCD9QX1h7x/9xcgEKuFuH3BTJz31hzypamCWYGltUM8XARgx/
XUTJsW7qGbjXVJZtKpHGFqS/4K0CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQBhPF8
IQhXDPf12cHn5MJUqHtqTTAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTU4Ni5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
q3gwDQYJKoZIhvcNAQELBQADggEBAB02hYsS7qtE6/54SNBm5eAl9FLB44141lY+
foYAg7hHumTcot1+wrGjhzvXPHnMZvSTSlOg9GUcE7X5G9c3bBajsq6ZIDbL1VU0
OV+A1gFpFUAtbC2p0BOJzZ4hQger5GQa6YMcgDpB5DJJI9yzts4JiVl8lIlBEfvu
LUJYGocNAmC5ZGVOL1+FDtxVxhvpPYC7r3TKuHUO35zp66rLHK93MOiYLmFFzYMQ
QCwnZAKOfOzEYo/8JtpdSXJcoWrER4cFi3b7kZFp9Q7UqBKIDgcxHwgEC4VrzbEN
eNDIJ7lLIEGMmMC3xpLyjQYFpGfKIPX1bBFAp/nEkhyshvbBnV8=
-----END CERTIFICATE-----