Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145593.roa
File:                     AS145593.roa (raw, json)
Hash identifier:          JbIS9WHFn/++Sia8GpMNpuP+ywWDa0JaFzYYHqPOFGk=
Subject key identifier:   F7:E2:47:8E:0D:6E:7A:1A:A2:0B:C5:39:CF:BC:32:55:D2:60:48:54
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       52F38EEBF9A1E63F586E395D50A4DB9EB9E8404E
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145593.roa
Signing time:             Wed 04 Mar 2026 06:30:27 +0000
ROA not before:           Wed 04 Mar 2026 06:25:27 +0000
ROA not after:            Wed 03 Mar 2027 06:30:27 +0000
asID:                     145593
IP address blocks:        240a:ab7f::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            52:f3:8e:eb:f9:a1:e6:3f:58:6e:39:5d:50:a4:db:9e:b9:e8:40:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:25:27 2026 GMT
            Not After : Mar  3 06:30:27 2027 GMT
        Subject: CN=F7E2478E0D6E7A1AA20BC539CFBC3255D2604854
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:ab:64:22:82:41:c4:63:32:31:76:23:56:16:
                    75:b0:1e:e6:c7:f6:b7:c1:73:95:d8:48:eb:9d:0f:
                    36:ee:5a:67:21:ae:18:20:e2:90:e4:d0:23:81:2f:
                    14:78:69:53:d0:12:a8:dd:1b:93:30:16:e0:9f:e6:
                    36:e1:15:c7:3e:3c:a7:44:26:f5:e9:c2:70:a4:50:
                    48:46:e5:ef:70:99:c9:c2:1f:cb:4b:4f:24:db:90:
                    fd:cb:3a:67:43:e1:92:24:6c:99:96:90:23:5d:b3:
                    32:4c:d3:3e:70:f0:74:95:3a:11:e5:5c:01:cb:23:
                    c2:c8:21:74:98:eb:dc:0d:ab:72:62:97:31:2a:7c:
                    a0:06:9d:11:2b:34:b4:81:a8:98:c5:1f:33:b7:6b:
                    9d:7e:90:8e:66:17:18:97:82:68:00:00:b2:6c:db:
                    33:fa:72:25:d1:e2:a3:e7:ba:08:4d:ad:c2:80:43:
                    ae:2d:e3:97:ad:4e:ea:0d:78:ab:0e:f4:b5:31:35:
                    05:9f:6f:1f:a8:62:cf:d6:2d:d9:48:13:11:bd:5c:
                    dd:3f:f6:b6:c6:2c:ae:73:26:63:69:90:ca:b9:d8:
                    7e:6d:5a:c4:ca:82:df:05:10:d2:63:63:88:58:4f:
                    b1:b6:7d:21:13:5d:1e:4b:a4:0d:50:bc:16:59:33:
                    73:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:E2:47:8E:0D:6E:7A:1A:A2:0B:C5:39:CF:BC:32:55:D2:60:48:54
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145593.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:ab7f::/32

    Signature Algorithm: sha256WithRSAEncryption
         48:bc:3b:78:ff:d0:8f:b5:96:3f:3f:61:3a:c4:c7:f9:1b:4a:
         70:5f:19:b6:46:d3:20:c2:2b:98:f6:27:35:d4:23:e6:ba:ec:
         f3:db:fb:b7:1a:a1:35:bc:65:4d:dc:35:0f:f0:a0:95:a5:1d:
         c2:e4:bd:ec:9e:39:ca:28:ab:9a:d0:f0:92:73:e4:14:74:27:
         76:f2:27:9b:21:88:f3:1a:a9:c3:6a:2d:d2:09:1c:28:1f:21:
         90:57:a7:09:64:33:30:eb:51:ff:43:10:72:d9:f8:11:de:e8:
         ad:ac:90:25:57:80:19:7e:4c:5b:ed:1c:fe:05:e7:45:59:50:
         bd:b1:62:b4:8d:c4:2c:01:1a:a0:d9:05:d4:f1:7f:a1:60:2f:
         af:e7:9e:74:e1:f0:78:a6:c0:d1:16:12:3b:10:c0:6b:5f:39:
         a5:2e:00:a9:fc:5c:89:eb:6a:9b:6b:78:4a:6c:09:79:3e:e9:
         a4:4d:4d:21:3f:45:29:0a:b7:64:76:41:32:be:b0:8e:ac:5a:
         7b:da:2e:9f:d4:ee:7e:f1:ad:1f:26:a0:a1:3f:0b:77:d8:e8:
         3a:f4:2d:5c:c8:64:9b:f9:7e:77:d9:93:c3:d6:f9:85:b7:2c:
         ea:01:05:2d:67:5e:62:62:50:5e:ad:54:01:86:8a:e9:83:35:
         af:cf:52:6d
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUUvOO6/mh5j9YbjldUKTbnrnoQE4wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MjUyN1oX
DTI3MDMwMzA2MzAyN1owMzExMC8GA1UEAxMoRjdFMjQ3OEUwRDZFN0ExQUEyMEJD
NTM5Q0ZCQzMyNTVEMjYwNDg1NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAI6rZCKCQcRjMjF2I1YWdbAe5sf2t8FzldhI650PNu5aZyGuGCDikOTQI4Ev
FHhpU9ASqN0bkzAW4J/mNuEVxz48p0Qm9enCcKRQSEbl73CZycIfy0tPJNuQ/cs6
Z0PhkiRsmZaQI12zMkzTPnDwdJU6EeVcAcsjwsghdJjr3A2rcmKXMSp8oAadESs0
tIGomMUfM7drnX6QjmYXGJeCaAAAsmzbM/pyJdHio+e6CE2twoBDri3jl61O6g14
qw70tTE1BZ9vH6hiz9Yt2UgTEb1c3T/2tsYsrnMmY2mQyrnYfm1axMqC3wUQ0mNj
iFhPsbZ9IRNdHkukDVC8Flkzcx0CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBT34keO
DW56GqILxTnPvDJV0mBIVDAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTU5My5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
q38wDQYJKoZIhvcNAQELBQADggEBAEi8O3j/0I+1lj8/YTrEx/kbSnBfGbZG0yDC
K5j2JzXUI+a67PPb+7caoTW8ZU3cNQ/woJWlHcLkveyeOcooq5rQ8JJz5BR0J3by
J5shiPMaqcNqLdIJHCgfIZBXpwlkMzDrUf9DEHLZ+BHe6K2skCVXgBl+TFvtHP4F
50VZUL2xYrSNxCwBGqDZBdTxf6FgL6/nnnTh8HimwNEWEjsQwGtfOaUuAKn8XInr
aptreEpsCXk+6aRNTSE/RSkKt2R2QTK+sI6sWnvaLp/U7n7xrR8moKE/C3fY6Dr0
LVzIZJv5fnfZk8PW+YW3LOoBBS1nXmJiUF6tVAGGiumDNa/PUm0=
-----END CERTIFICATE-----