Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145621.roa
File:                     AS145621.roa (raw, json)
Hash identifier:          KUFF7yVG9FxksamYRvNUVJ7fkx/NF1qRlo8leDuu+sI=
Subject key identifier:   E9:6B:8C:34:F6:21:60:DC:48:3F:CE:A6:34:44:95:2F:04:F8:1F:46
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       162784604634CAF6FC5BF30C8CE211B49EF0951B
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145621.roa
Signing time:             Wed 04 Mar 2026 06:30:56 +0000
ROA not before:           Wed 04 Mar 2026 06:25:56 +0000
ROA not after:            Wed 03 Mar 2027 06:30:56 +0000
asID:                     145621
IP address blocks:        240a:ab9b::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            16:27:84:60:46:34:ca:f6:fc:5b:f3:0c:8c:e2:11:b4:9e:f0:95:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:25:56 2026 GMT
            Not After : Mar  3 06:30:56 2027 GMT
        Subject: CN=E96B8C34F62160DC483FCEA63444952F04F81F46
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:dd:6f:87:52:69:ef:91:fd:90:c7:6c:33:a6:
                    71:12:a2:fd:70:a4:8c:6e:c1:85:05:05:65:ff:99:
                    bd:c3:09:3f:54:e4:ae:e1:df:f1:e5:e0:a5:6a:4c:
                    77:e2:5f:eb:ac:a5:32:1c:34:15:46:55:6c:75:b6:
                    64:59:35:1e:93:c9:06:62:22:51:8f:60:e5:f2:5e:
                    b0:88:1a:9b:00:ab:8b:d5:83:2f:65:23:a5:60:c3:
                    22:f1:7b:11:fa:f4:12:55:a1:57:25:2f:58:34:e7:
                    d3:ff:6f:d1:e1:ea:3b:a8:1e:d2:1a:cd:9e:0f:1f:
                    ae:09:c3:fb:a7:87:5d:02:c9:bf:24:20:8c:55:d2:
                    c2:57:d6:50:58:2d:8f:a7:06:0c:4a:5d:74:84:57:
                    64:06:93:c4:96:9d:2b:12:b3:50:84:cb:05:e4:ee:
                    89:e4:1e:03:0e:a6:97:7a:fc:b0:81:c9:8d:dd:4a:
                    e7:20:32:35:d6:81:9f:73:84:2c:ec:d2:41:f2:53:
                    1b:85:86:55:7d:f7:06:63:b4:18:de:55:8f:96:80:
                    cc:76:8e:60:bf:94:d5:e3:05:dc:f3:b9:f7:a0:f6:
                    4c:3b:07:8d:9e:3e:83:da:86:48:41:8c:7d:33:99:
                    53:98:03:f3:16:5b:8b:54:e6:5a:6a:12:93:bd:f7:
                    a0:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:6B:8C:34:F6:21:60:DC:48:3F:CE:A6:34:44:95:2F:04:F8:1F:46
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145621.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:ab9b::/32

    Signature Algorithm: sha256WithRSAEncryption
         a3:9b:99:3a:56:e1:72:f5:99:85:db:e2:f0:66:37:4c:24:0b:
         42:76:c6:21:68:98:84:3b:a1:3d:06:15:f6:6d:0d:b5:2d:b4:
         fb:bf:38:5f:94:a9:e1:34:2a:50:0a:67:48:c4:91:51:77:8f:
         39:f8:d0:78:f4:33:3f:e9:bd:8d:b5:04:b5:7d:fb:88:22:80:
         9e:d2:7b:0c:01:af:d6:7e:8b:91:a9:d5:e2:72:80:35:11:8c:
         d1:18:98:da:89:2c:43:18:c5:58:50:a6:00:de:6f:b9:87:b7:
         c0:d6:6f:f4:1c:b9:dc:24:e7:6b:79:65:da:df:54:42:42:2b:
         82:b7:6e:76:2a:ae:ea:e1:c9:5c:60:e0:50:4a:c4:72:f6:f2:
         28:bf:ba:11:f9:44:dc:ae:43:0a:22:e9:b6:e5:88:ca:23:a4:
         e3:8d:9e:51:f4:e4:7f:fa:74:c4:c6:d6:07:5b:09:04:26:20:
         02:b0:fe:c2:29:ba:d4:e9:e7:1a:fa:42:4d:b6:c1:26:c1:f2:
         40:69:9a:ac:7f:41:ad:ed:9d:71:40:6b:6a:d0:63:d5:a6:a9:
         47:2e:db:89:2d:a8:cc:3c:51:cf:cb:cd:87:4e:92:e8:af:68:
         b3:14:f9:9e:e6:6b:31:75:a7:1d:39:f6:b2:87:b2:51:54:37:
         23:d4:46:29
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUFieEYEY0yvb8W/MMjOIRtJ7wlRswDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MjU1NloX
DTI3MDMwMzA2MzA1NlowMzExMC8GA1UEAxMoRTk2QjhDMzRGNjIxNjBEQzQ4M0ZD
RUE2MzQ0NDk1MkYwNEY4MUY0NjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOTdb4dSae+R/ZDHbDOmcRKi/XCkjG7BhQUFZf+ZvcMJP1TkruHf8eXgpWpM
d+Jf66ylMhw0FUZVbHW2ZFk1HpPJBmIiUY9g5fJesIgamwCri9WDL2UjpWDDIvF7
Efr0ElWhVyUvWDTn0/9v0eHqO6ge0hrNng8frgnD+6eHXQLJvyQgjFXSwlfWUFgt
j6cGDEpddIRXZAaTxJadKxKzUITLBeTuieQeAw6ml3r8sIHJjd1K5yAyNdaBn3OE
LOzSQfJTG4WGVX33BmO0GN5Vj5aAzHaOYL+U1eMF3PO596D2TDsHjZ4+g9qGSEGM
fTOZU5gD8xZbi1TmWmoSk733oLsCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBTpa4w0
9iFg3Eg/zqY0RJUvBPgfRjAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTYyMS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
q5swDQYJKoZIhvcNAQELBQADggEBAKObmTpW4XL1mYXb4vBmN0wkC0J2xiFomIQ7
oT0GFfZtDbUttPu/OF+UqeE0KlAKZ0jEkVF3jzn40Hj0Mz/pvY21BLV9+4gigJ7S
ewwBr9Z+i5Gp1eJygDURjNEYmNqJLEMYxVhQpgDeb7mHt8DWb/Qcudwk52t5Zdrf
VEJCK4K3bnYqrurhyVxg4FBKxHL28ii/uhH5RNyuQwoi6bbliMojpOONnlH05H/6
dMTG1gdbCQQmIAKw/sIputTp5xr6Qk22wSbB8kBpmqx/Qa3tnXFAa2rQY9WmqUcu
24ktqMw8Uc/LzYdOkuivaLMU+Z7mazF1px059rKHslFUNyPURik=
-----END CERTIFICATE-----