Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145594.roa
File:                     AS145594.roa (raw, json)
Hash identifier:          TT8wTDDNhof8+wQv9dL0s9FjxygPgs/bvOeLniqfKuU=
Subject key identifier:   A7:52:DE:FC:4D:1D:9D:6F:2B:D3:72:D8:04:56:57:DF:3D:40:B7:06
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       3149360A999D5009FB13F4D8005D5CB5E6A65077
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145594.roa
Signing time:             Wed 04 Mar 2026 06:30:11 +0000
ROA not before:           Wed 04 Mar 2026 06:25:11 +0000
ROA not after:            Wed 03 Mar 2027 06:30:11 +0000
asID:                     145594
IP address blocks:        240a:ab80::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            31:49:36:0a:99:9d:50:09:fb:13:f4:d8:00:5d:5c:b5:e6:a6:50:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:25:11 2026 GMT
            Not After : Mar  3 06:30:11 2027 GMT
        Subject: CN=A752DEFC4D1D9D6F2BD372D8045657DF3D40B706
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:00:8f:83:80:10:ea:90:a6:72:ee:0e:9d:d3:
                    62:8f:54:f5:fb:22:27:86:1b:5f:8c:39:1e:94:8b:
                    da:e0:f7:94:16:20:9b:b4:cd:c8:fa:2a:97:c4:09:
                    fb:b7:d4:2a:f8:6c:57:3f:5c:15:d4:1e:c3:28:6e:
                    c3:41:de:bf:bd:4f:0c:f1:40:3d:2b:a3:6d:f6:31:
                    04:6f:9c:6a:14:b8:a2:ee:b9:98:6e:8f:b6:11:24:
                    31:ae:50:a1:88:b8:64:6a:af:a0:8e:ec:a2:cc:a7:
                    51:a0:f3:2b:31:68:ec:66:06:b7:48:d5:b5:2a:86:
                    09:b8:45:9b:3f:f7:59:1c:f3:bb:fc:04:ea:86:85:
                    9b:0e:d9:08:1c:bb:f7:8c:a3:e0:04:f9:62:e0:75:
                    a4:3d:c8:f9:b9:06:63:09:28:63:ed:58:77:8c:77:
                    c3:a9:fd:91:12:fb:da:06:89:ce:17:be:0f:ca:de:
                    fc:71:f4:01:d2:28:ab:f4:55:46:58:5c:3f:4d:6d:
                    b9:f2:dc:f8:5a:8d:18:10:2f:a0:d7:ba:bb:1b:26:
                    35:99:4e:f0:ee:53:11:4a:83:65:b2:4a:77:3a:60:
                    8e:c9:eb:91:1f:89:05:94:26:db:a4:3f:f0:26:bc:
                    09:23:8a:ec:8d:6b:99:dc:17:22:a3:65:95:9f:22:
                    8b:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:52:DE:FC:4D:1D:9D:6F:2B:D3:72:D8:04:56:57:DF:3D:40:B7:06
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145594.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:ab80::/32

    Signature Algorithm: sha256WithRSAEncryption
         19:52:23:82:65:c0:97:97:4e:e8:41:11:e4:6a:63:44:03:e3:
         9d:05:df:be:fa:a6:d2:36:d3:d4:c2:5a:24:3f:e8:d1:c2:63:
         d3:12:8f:5b:65:25:32:60:a5:a0:ac:35:68:29:9f:ff:bb:68:
         77:a0:49:f0:1d:ef:45:2c:d9:66:08:8a:f9:32:3a:a7:d0:a7:
         3e:fe:63:75:ed:85:2e:09:51:b3:89:65:ec:a9:22:d5:15:40:
         da:e6:d1:69:07:eb:0f:0c:cc:e8:21:0f:a5:96:eb:bb:f0:0a:
         ae:3a:d9:0b:89:80:91:ee:8e:6b:c0:0c:f6:e5:f5:06:92:87:
         1e:f5:d7:b4:1b:3d:50:cb:c5:34:33:32:c0:f5:ec:3d:fd:f0:
         ed:28:d2:b8:37:fb:6d:81:57:24:8b:8d:2d:05:eb:2d:27:9c:
         77:c1:a0:aa:68:f2:cf:4e:fa:01:1b:ce:9c:6a:fe:e8:3f:ab:
         f9:05:8c:18:d6:7a:02:cb:cf:f3:c0:07:7d:a5:f2:19:35:fe:
         6f:c7:34:d1:b0:68:74:23:f0:65:53:82:3e:85:b8:0f:04:e1:
         2c:71:76:7e:52:10:2d:51:aa:65:0a:5b:e1:4f:a9:24:37:48:
         50:52:15:d4:5b:a3:27:f5:0e:9a:fb:e3:7d:99:7b:4d:60:9e:
         0e:a3:b5:6c
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUMUk2CpmdUAn7E/TYAF1cteamUHcwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MjUxMVoX
DTI3MDMwMzA2MzAxMVowMzExMC8GA1UEAxMoQTc1MkRFRkM0RDFEOUQ2RjJCRDM3
MkQ4MDQ1NjU3REYzRDQwQjcwNjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALoAj4OAEOqQpnLuDp3TYo9U9fsiJ4YbX4w5HpSL2uD3lBYgm7TNyPoql8QJ
+7fUKvhsVz9cFdQewyhuw0Hev71PDPFAPSujbfYxBG+cahS4ou65mG6PthEkMa5Q
oYi4ZGqvoI7sosynUaDzKzFo7GYGt0jVtSqGCbhFmz/3WRzzu/wE6oaFmw7ZCBy7
94yj4AT5YuB1pD3I+bkGYwkoY+1Yd4x3w6n9kRL72gaJzhe+D8re/HH0AdIoq/RV
RlhcP01tufLc+FqNGBAvoNe6uxsmNZlO8O5TEUqDZbJKdzpgjsnrkR+JBZQm26Q/
8Ca8CSOK7I1rmdwXIqNllZ8ii30CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBSnUt78
TR2dbyvTctgEVlffPUC3BjAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTU5NC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
q4AwDQYJKoZIhvcNAQELBQADggEBABlSI4JlwJeXTuhBEeRqY0QD450F3776ptI2
09TCWiQ/6NHCY9MSj1tlJTJgpaCsNWgpn/+7aHegSfAd70Us2WYIivkyOqfQpz7+
Y3XthS4JUbOJZeypItUVQNrm0WkH6w8MzOghD6WW67vwCq462QuJgJHujmvADPbl
9QaShx7117QbPVDLxTQzMsD17D398O0o0rg3+22BVySLjS0F6y0nnHfBoKpo8s9O
+gEbzpxq/ug/q/kFjBjWegLLz/PAB32l8hk1/m/HNNGwaHQj8GVTgj6FuA8E4Sxx
dn5SEC1RqmUKW+FPqSQ3SFBSFdRboyf1Dpr7432Ze01gng6jtWw=
-----END CERTIFICATE-----