Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145605.roa
File:                     AS145605.roa (raw, json)
Hash identifier:          VG6BKhIsBb1H8k/G1mlKK5jNotASYQN4wSndfUj6FHo=
Subject key identifier:   9D:C2:2A:A2:84:F0:A4:16:F9:B3:6E:C4:4B:61:7A:E8:A6:78:05:78
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       33E3517440538F04B1D91808F1A865A16686D331
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145605.roa
Signing time:             Wed 04 Mar 2026 06:30:16 +0000
ROA not before:           Wed 04 Mar 2026 06:25:16 +0000
ROA not after:            Wed 03 Mar 2027 06:30:16 +0000
asID:                     145605
IP address blocks:        240a:ab8b::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:e3:51:74:40:53:8f:04:b1:d9:18:08:f1:a8:65:a1:66:86:d3:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:25:16 2026 GMT
            Not After : Mar  3 06:30:16 2027 GMT
        Subject: CN=9DC22AA284F0A416F9B36EC44B617AE8A6780578
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:19:8a:5c:da:24:38:17:d6:63:9d:26:f5:8d:
                    2f:fd:ef:1c:62:a2:46:b6:cb:9a:f6:bc:bb:57:01:
                    04:1a:a3:14:3d:42:9d:8c:b9:76:02:8b:c5:fc:43:
                    41:30:15:c0:b6:42:f0:7e:6c:f8:2b:57:d0:46:52:
                    4e:62:2c:cf:19:7b:17:24:ec:fa:1b:49:0a:a8:74:
                    70:5d:36:b3:6e:ef:c6:e7:2d:53:46:f2:a1:40:ed:
                    d0:7a:e7:a0:41:5c:88:9f:5d:41:4b:93:48:d5:1e:
                    78:70:08:05:43:0d:32:4f:61:00:6d:87:f4:86:c1:
                    ab:a4:41:ce:c7:56:d6:bf:38:30:6e:8d:1d:ce:f8:
                    25:45:ff:e2:1a:6d:64:73:87:32:dd:6c:75:1f:50:
                    da:11:1d:bd:15:5d:37:e3:b1:59:c4:f1:2a:79:ff:
                    08:f4:d8:d2:d8:35:18:5d:3c:8c:9a:60:44:3e:2b:
                    f3:df:39:eb:7a:31:52:76:8a:02:11:07:df:7e:9b:
                    ac:8b:0c:c8:6d:d3:f7:2b:1b:1c:ea:52:07:1d:10:
                    51:3b:11:d9:39:41:42:df:06:a5:ea:64:50:10:0b:
                    c5:ee:5e:2a:17:13:c5:ea:fb:7b:bf:6e:29:04:38:
                    1c:98:5d:e8:36:e1:d6:8d:90:f4:d2:f7:df:d8:15:
                    9d:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:C2:2A:A2:84:F0:A4:16:F9:B3:6E:C4:4B:61:7A:E8:A6:78:05:78
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145605.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:ab8b::/32

    Signature Algorithm: sha256WithRSAEncryption
         b4:02:da:e2:1d:c7:93:b4:78:7d:52:29:68:12:94:e5:bb:f5:
         df:a7:4d:61:ee:4f:f3:b0:90:e1:00:cf:29:fb:24:11:bc:e4:
         c9:57:24:07:0a:3e:57:f9:19:a7:13:4e:c5:7c:70:42:13:2a:
         4d:0a:ca:0c:7f:d3:de:72:ff:ee:fc:f6:1c:91:04:de:28:fa:
         f1:22:b0:14:ff:ff:57:91:19:21:a6:b7:4d:cf:97:f2:56:32:
         b3:3e:75:98:66:8d:bb:9a:fb:40:37:56:b0:73:9f:cf:68:70:
         20:91:95:13:6c:46:04:53:c5:38:b2:6e:2a:6f:db:34:13:71:
         f5:0f:d5:ae:b1:06:ac:b7:db:c0:f6:4e:f7:e7:bb:8c:72:e1:
         67:36:3f:2a:5b:9d:51:db:6d:20:87:14:a4:89:ee:12:15:ac:
         eb:e2:ce:61:37:36:6f:10:06:09:26:2c:68:74:d5:ad:43:76:
         32:59:fd:b8:91:4b:b9:d4:52:27:ac:83:f5:5a:1f:51:19:66:
         c5:78:2e:dc:51:e3:2c:c5:47:1e:7e:ef:26:28:68:36:6d:c8:
         57:a8:9f:2a:d9:3b:2d:99:6d:81:e3:2a:8a:56:f0:db:69:e8:
         95:1a:23:5f:0d:be:14:f0:d0:57:48:a8:b4:fe:55:8e:0e:ff:
         7a:a0:df:31
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUM+NRdEBTjwSx2RgI8ahloWaG0zEwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MjUxNloX
DTI3MDMwMzA2MzAxNlowMzExMC8GA1UEAxMoOURDMjJBQTI4NEYwQTQxNkY5QjM2
RUM0NEI2MTdBRThBNjc4MDU3ODCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKwZilzaJDgX1mOdJvWNL/3vHGKiRrbLmva8u1cBBBqjFD1CnYy5dgKLxfxD
QTAVwLZC8H5s+CtX0EZSTmIszxl7FyTs+htJCqh0cF02s27vxuctU0byoUDt0Hrn
oEFciJ9dQUuTSNUeeHAIBUMNMk9hAG2H9IbBq6RBzsdW1r84MG6NHc74JUX/4hpt
ZHOHMt1sdR9Q2hEdvRVdN+OxWcTxKnn/CPTY0tg1GF08jJpgRD4r898563oxUnaK
AhEH336brIsMyG3T9ysbHOpSBx0QUTsR2TlBQt8GpepkUBALxe5eKhcTxer7e79u
KQQ4HJhd6Dbh1o2Q9NL339gVncMCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBSdwiqi
hPCkFvmzbsRLYXropngFeDAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTYwNS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
q4swDQYJKoZIhvcNAQELBQADggEBALQC2uIdx5O0eH1SKWgSlOW79d+nTWHuT/Ow
kOEAzyn7JBG85MlXJAcKPlf5GacTTsV8cEITKk0Kygx/095y/+789hyRBN4o+vEi
sBT//1eRGSGmt03Pl/JWMrM+dZhmjbua+0A3VrBzn89ocCCRlRNsRgRTxTiybipv
2zQTcfUP1a6xBqy328D2Tvfnu4xy4Wc2PypbnVHbbSCHFKSJ7hIVrOvizmE3Nm8Q
BgkmLGh01a1DdjJZ/biRS7nUUiesg/VaH1EZZsV4LtxR4yzFRx5+7yYoaDZtyFeo
nyrZOy2ZbYHjKopW8Ntp6JUaI18NvhTw0FdIqLT+VY4O/3qg3zE=
-----END CERTIFICATE-----