Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145602.roa
File:                     AS145602.roa (raw, json)
Hash identifier:          8GVNPczSwg4nSKN+JC9eYPlkSoDV+7xal9ab258EOlM=
Subject key identifier:   ED:5C:8B:23:1D:5D:92:65:81:B2:35:C8:D8:65:2E:66:81:EA:EC:BB
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       04EBD12B60A0FFDFF7419F5083085518E32B932C
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145602.roa
Signing time:             Wed 04 Mar 2026 06:30:05 +0000
ROA not before:           Wed 04 Mar 2026 06:25:05 +0000
ROA not after:            Wed 03 Mar 2027 06:30:05 +0000
asID:                     145602
IP address blocks:        240a:ab88::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:eb:d1:2b:60:a0:ff:df:f7:41:9f:50:83:08:55:18:e3:2b:93:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:25:05 2026 GMT
            Not After : Mar  3 06:30:05 2027 GMT
        Subject: CN=ED5C8B231D5D926581B235C8D8652E6681EAECBB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:c7:57:9f:c5:9a:eb:c3:3a:69:a3:3e:50:73:
                    da:f2:bc:ba:f9:00:c7:da:0a:21:95:e5:82:4b:dc:
                    77:d5:fa:4f:f1:c6:47:af:d2:83:70:74:27:bc:62:
                    b0:6e:67:bb:25:39:62:01:57:79:bc:7b:20:fd:41:
                    ee:c5:58:8f:13:e6:d2:90:82:f9:1d:fe:55:14:66:
                    0c:66:8b:78:23:3d:f3:ad:a2:12:db:07:4e:91:19:
                    97:d9:33:4c:b9:04:5f:0e:e2:7a:8f:aa:a6:53:a1:
                    50:20:e1:72:52:32:60:9b:62:36:cf:80:f7:77:f6:
                    cb:ed:76:8c:2e:4f:7d:6d:a0:ec:bd:63:ac:9d:6b:
                    60:46:80:7c:36:52:e2:53:22:21:90:14:a9:82:ca:
                    ec:6f:1d:f0:97:38:32:ad:57:62:ee:4e:e8:7f:41:
                    4b:8b:3f:5c:9a:9c:c9:96:b9:60:58:14:8e:b9:51:
                    45:99:22:75:45:3a:3a:86:81:50:8a:82:a6:6f:d9:
                    78:2e:d0:68:9f:23:8a:da:37:db:0a:31:57:2c:b0:
                    c6:20:3e:f9:f2:d4:b8:8e:99:b2:75:b1:af:46:3c:
                    f3:0f:91:82:d7:02:b8:a5:d5:0d:05:f0:01:dd:a3:
                    c0:5a:e8:a0:34:e3:1d:a4:14:dd:90:65:00:7f:4d:
                    9b:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:5C:8B:23:1D:5D:92:65:81:B2:35:C8:D8:65:2E:66:81:EA:EC:BB
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145602.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:ab88::/32

    Signature Algorithm: sha256WithRSAEncryption
         3d:a0:77:40:f4:96:44:63:e5:8b:c6:53:cc:b0:5d:71:9c:6a:
         90:98:28:87:6f:54:9e:08:21:6a:1b:56:cf:5c:29:21:7d:f0:
         a8:cf:f0:4e:6b:61:52:ac:86:4d:8e:37:2b:c3:c7:b0:8f:0f:
         15:d4:47:1d:6b:11:c4:bb:46:cd:2d:ff:f2:53:73:8a:b6:6c:
         08:7a:42:fe:e3:81:06:38:dd:17:3c:7b:4c:49:76:7f:b3:8e:
         66:11:9d:13:f5:1e:c5:c8:20:85:79:42:95:97:b8:67:1e:f7:
         f4:3e:a9:27:4f:75:b6:fc:4c:72:58:a1:00:58:bc:69:f8:a9:
         37:ce:af:3f:48:69:1c:b8:72:3b:0d:ce:f1:51:4d:05:00:26:
         cf:a6:9e:1a:83:6e:0d:0c:f9:17:aa:0b:3d:ae:4d:8c:a9:86:
         41:c7:44:0f:df:c0:90:75:f6:89:df:05:54:30:11:3b:4e:1b:
         91:12:17:01:48:81:5f:74:6d:1b:d4:17:61:55:e3:d8:fe:2d:
         48:72:69:33:1c:d4:22:1a:f1:3b:b9:c3:f9:0d:b2:c5:2e:49:
         e5:5f:f2:90:2d:d7:a5:2f:d1:12:1b:c0:95:1e:6c:94:ba:23:
         f5:5a:67:b5:11:3a:e2:6d:6e:b0:52:af:88:ab:e1:00:cf:96:
         a2:7b:bb:a4
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUBOvRK2Cg/9/3QZ9QgwhVGOMrkywwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MjUwNVoX
DTI3MDMwMzA2MzAwNVowMzExMC8GA1UEAxMoRUQ1QzhCMjMxRDVEOTI2NTgxQjIz
NUM4RDg2NTJFNjY4MUVBRUNCQjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKrHV5/FmuvDOmmjPlBz2vK8uvkAx9oKIZXlgkvcd9X6T/HGR6/Sg3B0J7xi
sG5nuyU5YgFXebx7IP1B7sVYjxPm0pCC+R3+VRRmDGaLeCM9862iEtsHTpEZl9kz
TLkEXw7ieo+qplOhUCDhclIyYJtiNs+A93f2y+12jC5PfW2g7L1jrJ1rYEaAfDZS
4lMiIZAUqYLK7G8d8Jc4Mq1XYu5O6H9BS4s/XJqcyZa5YFgUjrlRRZkidUU6OoaB
UIqCpm/ZeC7QaJ8jito32woxVyywxiA++fLUuI6ZsnWxr0Y88w+RgtcCuKXVDQXw
Ad2jwFrooDTjHaQU3ZBlAH9Nm5UCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBTtXIsj
HV2SZYGyNcjYZS5mgersuzAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTYwMi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
q4gwDQYJKoZIhvcNAQELBQADggEBAD2gd0D0lkRj5YvGU8ywXXGcapCYKIdvVJ4I
IWobVs9cKSF98KjP8E5rYVKshk2ONyvDx7CPDxXURx1rEcS7Rs0t//JTc4q2bAh6
Qv7jgQY43Rc8e0xJdn+zjmYRnRP1HsXIIIV5QpWXuGce9/Q+qSdPdbb8THJYoQBY
vGn4qTfOrz9IaRy4cjsNzvFRTQUAJs+mnhqDbg0M+ReqCz2uTYyphkHHRA/fwJB1
9onfBVQwETtOG5ESFwFIgV90bRvUF2FV49j+LUhyaTMc1CIa8Tu5w/kNssUuSeVf
8pAt16Uv0RIbwJUebJS6I/VaZ7UROuJtbrBSr4ir4QDPlqJ7u6Q=
-----END CERTIFICATE-----