Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145610.roa
File:                     AS145610.roa (raw, json)
Hash identifier:          +qFyPhKGjsyzvx+swcad+pktt61I20yzhCdP+5lvnSI=
Subject key identifier:   73:9C:B1:28:1F:04:DE:BC:23:4C:8F:52:D2:DD:BF:FC:33:38:A2:82
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       70BD81C53A7441FEA1A9FF5540A5F930E64F5063
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145610.roa
Signing time:             Wed 04 Mar 2026 06:29:37 +0000
ROA not before:           Wed 04 Mar 2026 06:24:37 +0000
ROA not after:            Wed 03 Mar 2027 06:29:37 +0000
asID:                     145610
IP address blocks:        240a:ab90::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            70:bd:81:c5:3a:74:41:fe:a1:a9:ff:55:40:a5:f9:30:e6:4f:50:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:24:37 2026 GMT
            Not After : Mar  3 06:29:37 2027 GMT
        Subject: CN=739CB1281F04DEBC234C8F52D2DDBFFC3338A282
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:fb:f5:bd:db:fa:40:4f:5b:2d:d8:b2:a0:c1:
                    1c:8b:65:fe:e5:e7:36:7b:f3:9d:1e:1b:3b:bf:7c:
                    d7:d5:bf:08:40:fe:1d:08:ec:24:14:28:17:f0:11:
                    fd:d7:33:25:4e:51:dc:30:b8:35:75:91:c4:fe:1d:
                    19:52:4d:51:c5:d1:3c:b9:7b:03:3a:b2:c4:97:a6:
                    9a:1d:c2:8d:7f:48:0d:78:8e:70:d7:b4:a9:41:04:
                    ba:44:5b:df:c1:23:0e:27:ab:22:ad:6d:4a:7f:c6:
                    25:19:00:9a:99:e7:8c:39:ef:7b:c7:e8:ca:17:ca:
                    6d:f5:82:bd:72:a2:b8:af:01:fb:a9:14:d4:8b:5f:
                    34:53:d9:fe:c0:50:4d:46:39:c9:5f:e1:dd:89:9a:
                    c7:92:af:37:1e:e6:4b:2e:0c:69:d4:75:2b:d9:8d:
                    1c:26:b5:57:5b:53:7b:a3:05:53:cd:de:a4:a6:ad:
                    fb:d0:c9:41:74:de:7d:c8:17:6d:4e:9a:9c:ee:69:
                    55:32:a5:f1:12:b4:0d:7e:71:73:ea:8d:96:4e:1c:
                    db:dc:53:89:78:0b:d6:f5:f5:53:d7:6c:7d:b6:ff:
                    06:93:ac:ff:61:1e:89:34:f6:2b:31:1c:c4:0b:20:
                    94:21:5f:78:4e:26:5d:b8:df:72:e8:60:bb:17:da:
                    ef:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:9C:B1:28:1F:04:DE:BC:23:4C:8F:52:D2:DD:BF:FC:33:38:A2:82
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145610.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:ab90::/32

    Signature Algorithm: sha256WithRSAEncryption
         7c:1d:b2:40:e8:9b:f5:8e:76:0f:a2:1e:03:8f:1b:57:4b:f6:
         83:ac:7c:29:ed:9f:d7:f8:a2:6d:19:56:9e:71:af:6c:61:82:
         fe:30:d6:fb:37:d4:38:5a:cd:29:ab:9f:8d:35:d7:3c:d7:9f:
         b2:18:e2:93:17:f7:dd:09:7d:eb:84:4a:ca:fd:fc:75:6b:5a:
         9c:16:3c:e4:cb:f5:c2:49:65:1d:68:18:b5:3c:d3:7b:0f:81:
         0a:eb:96:ce:2d:55:89:c6:a6:d0:8e:51:68:05:92:90:c5:a3:
         e6:7d:20:3b:ed:6f:0e:4c:b1:70:82:ae:65:43:9e:54:8b:2d:
         07:7c:f7:15:13:01:ba:16:da:a2:9a:60:d7:10:1e:00:21:19:
         5a:21:98:52:2f:9f:7b:78:21:7c:f4:e1:75:9c:95:f7:04:be:
         cc:a5:c5:5c:27:35:51:f6:17:3f:22:e2:f2:f6:0a:48:4e:69:
         9e:10:90:02:ff:ed:ae:96:bb:5a:55:7b:5d:3d:e5:64:ed:2d:
         f7:87:82:67:cb:f8:b9:ad:21:ab:02:6f:3a:80:6f:85:46:c4:
         ca:ae:d8:2a:2a:f6:41:17:ed:f6:9e:e2:8b:cb:de:fd:d3:e6:
         a2:22:f0:7c:d1:d5:f6:b6:94:67:88:9f:e7:7b:c0:05:a7:de:
         3d:7e:21:c5
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUcL2BxTp0Qf6hqf9VQKX5MOZPUGMwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MjQzN1oX
DTI3MDMwMzA2MjkzN1owMzExMC8GA1UEAxMoNzM5Q0IxMjgxRjA0REVCQzIzNEM4
RjUyRDJEREJGRkMzMzM4QTI4MjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAM379b3b+kBPWy3YsqDBHItl/uXnNnvznR4bO79819W/CED+HQjsJBQoF/AR
/dczJU5R3DC4NXWRxP4dGVJNUcXRPLl7AzqyxJemmh3CjX9IDXiOcNe0qUEEukRb
38EjDierIq1tSn/GJRkAmpnnjDnve8foyhfKbfWCvXKiuK8B+6kU1ItfNFPZ/sBQ
TUY5yV/h3Ymax5KvNx7mSy4MadR1K9mNHCa1V1tTe6MFU83epKat+9DJQXTefcgX
bU6anO5pVTKl8RK0DX5xc+qNlk4c29xTiXgL1vX1U9dsfbb/BpOs/2EeiTT2KzEc
xAsglCFfeE4mXbjfcuhguxfa738CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBRznLEo
HwTevCNMj1LS3b/8MziigjAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTYxMC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
q5AwDQYJKoZIhvcNAQELBQADggEBAHwdskDom/WOdg+iHgOPG1dL9oOsfCntn9f4
om0ZVp5xr2xhgv4w1vs31DhazSmrn4011zzXn7IY4pMX990JfeuESsr9/HVrWpwW
POTL9cJJZR1oGLU803sPgQrrls4tVYnGptCOUWgFkpDFo+Z9IDvtbw5MsXCCrmVD
nlSLLQd89xUTAboW2qKaYNcQHgAhGVohmFIvn3t4IXz04XWclfcEvsylxVwnNVH2
Fz8i4vL2CkhOaZ4QkAL/7a6Wu1pVe1095WTtLfeHgmfL+LmtIasCbzqAb4VGxMqu
2Coq9kEX7fae4ovL3v3T5qIi8HzR1fa2lGeIn+d7wAWn3j1+IcU=
-----END CERTIFICATE-----