Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145627.roa
File:                     AS145627.roa (raw, json)
Hash identifier:          iorRDZXmDObTMaJQeHnam+ofdBQiC3GINg8cNTTReWc=
Subject key identifier:   84:A1:B8:B8:5B:F4:2F:CD:CD:F7:65:84:E7:2A:6E:49:18:D4:F2:F5
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       4BD44B2CCF2B7851834DB19A737E2FD2A31F69C8
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145627.roa
Signing time:             Wed 04 Mar 2026 06:29:45 +0000
ROA not before:           Wed 04 Mar 2026 06:24:45 +0000
ROA not after:            Wed 03 Mar 2027 06:29:45 +0000
asID:                     145627
IP address blocks:        240a:aba1::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4b:d4:4b:2c:cf:2b:78:51:83:4d:b1:9a:73:7e:2f:d2:a3:1f:69:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:24:45 2026 GMT
            Not After : Mar  3 06:29:45 2027 GMT
        Subject: CN=84A1B8B85BF42FCDCDF76584E72A6E4918D4F2F5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:41:6e:b5:d9:d0:4b:9c:7b:4b:d8:76:ae:d4:
                    d7:22:a6:b6:5d:81:73:fc:be:2d:b2:ee:d8:b4:b5:
                    61:3d:f3:e6:10:ee:52:8b:88:50:52:7c:c3:1e:93:
                    70:70:dc:6e:f5:cb:55:a3:39:88:e7:67:37:b5:19:
                    bc:6d:66:dc:a5:79:86:63:df:e1:74:31:be:bb:7f:
                    79:fe:e6:f1:cd:90:8e:03:98:f8:64:0a:d6:ca:1c:
                    8d:c4:7b:70:4e:d9:39:c8:35:24:63:2a:83:c7:3b:
                    94:3b:a4:ad:e6:67:a2:f5:54:b3:0d:0a:3b:cb:ce:
                    fe:bf:aa:77:f8:b6:de:e6:f8:d0:f2:f6:01:92:58:
                    52:e7:1c:21:9e:64:7c:ad:f1:51:bc:53:3f:17:7d:
                    b8:fd:e7:4f:e7:78:b6:c7:4c:6a:e1:43:d6:3e:db:
                    1f:50:7e:27:0b:7f:68:49:0c:44:63:7f:52:62:53:
                    16:6d:32:3f:44:c4:83:07:3e:3a:7f:1d:bb:75:9b:
                    7f:c2:2d:c6:34:e1:40:cb:37:80:89:17:9a:f2:6a:
                    49:8b:fe:69:0e:12:20:02:b0:01:43:da:90:22:2a:
                    33:59:8b:30:db:25:18:c8:df:11:7b:4a:98:8d:da:
                    bd:d5:33:26:35:f7:1e:ef:98:14:f4:a2:a1:6b:18:
                    aa:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:A1:B8:B8:5B:F4:2F:CD:CD:F7:65:84:E7:2A:6E:49:18:D4:F2:F5
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145627.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:aba1::/32

    Signature Algorithm: sha256WithRSAEncryption
         4f:d4:e2:74:e6:8e:aa:45:2e:db:f2:c3:0f:e1:72:c2:98:f5:
         ad:ad:51:ee:6a:82:e5:04:96:e8:31:77:5a:61:db:37:d7:59:
         1a:20:ec:51:b0:f3:84:df:6f:94:a0:82:68:49:2a:92:7e:a2:
         2e:05:f5:e9:53:49:0b:83:af:90:c4:24:55:69:45:c2:10:56:
         17:a3:69:e6:d8:69:e8:f2:fd:b7:5b:4d:d8:9c:73:ad:8c:d6:
         39:e9:02:56:17:5d:8a:8b:7d:b7:d6:e8:2d:32:83:c7:7f:0c:
         03:9d:49:10:a0:32:e0:97:6c:61:67:70:ae:6f:5b:4e:8d:78:
         3c:dc:6d:8b:b6:41:e4:31:a0:61:61:e6:69:d7:fe:e4:a4:0c:
         72:d4:2f:c4:43:85:11:3b:6c:02:93:bc:f1:7d:bd:2a:10:5b:
         b0:3e:ad:50:f9:1f:9e:d8:66:d2:bc:47:48:0e:cc:17:be:59:
         74:3c:0b:33:20:75:8f:9b:28:58:86:51:c5:8f:cb:c8:dc:9b:
         1e:37:04:08:c5:20:a9:d5:f5:e5:55:0d:a9:e0:27:b2:20:64:
         e3:bf:2d:1b:fe:db:84:61:f5:71:32:72:07:f6:a2:e4:e7:79:
         12:10:a1:2e:3b:70:a8:89:06:0f:8b:c5:f7:d8:6a:2d:c4:7a:
         50:4c:76:82
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUS9RLLM8reFGDTbGac34v0qMfacgwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MjQ0NVoX
DTI3MDMwMzA2Mjk0NVowMzExMC8GA1UEAxMoODRBMUI4Qjg1QkY0MkZDRENERjc2
NTg0RTcyQTZFNDkxOEQ0RjJGNTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALVBbrXZ0Euce0vYdq7U1yKmtl2Bc/y+LbLu2LS1YT3z5hDuUouIUFJ8wx6T
cHDcbvXLVaM5iOdnN7UZvG1m3KV5hmPf4XQxvrt/ef7m8c2QjgOY+GQK1socjcR7
cE7ZOcg1JGMqg8c7lDukreZnovVUsw0KO8vO/r+qd/i23ub40PL2AZJYUuccIZ5k
fK3xUbxTPxd9uP3nT+d4tsdMauFD1j7bH1B+Jwt/aEkMRGN/UmJTFm0yP0TEgwc+
On8du3Wbf8ItxjThQMs3gIkXmvJqSYv+aQ4SIAKwAUPakCIqM1mLMNslGMjfEXtK
mI3avdUzJjX3Hu+YFPSioWsYqocCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBSEobi4
W/Qvzc33ZYTnKm5JGNTy9TAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTYyNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
q6EwDQYJKoZIhvcNAQELBQADggEBAE/U4nTmjqpFLtvyww/hcsKY9a2tUe5qguUE
lugxd1ph2zfXWRog7FGw84Tfb5SggmhJKpJ+oi4F9elTSQuDr5DEJFVpRcIQVhej
aebYaejy/bdbTdicc62M1jnpAlYXXYqLfbfW6C0yg8d/DAOdSRCgMuCXbGFncK5v
W06NeDzcbYu2QeQxoGFh5mnX/uSkDHLUL8RDhRE7bAKTvPF9vSoQW7A+rVD5H57Y
ZtK8R0gOzBe+WXQ8CzMgdY+bKFiGUcWPy8jcmx43BAjFIKnV9eVVDangJ7IgZOO/
LRv+24Rh9XEycgf2ouTneRIQoS47cKiJBg+LxffYai3EelBMdoI=
-----END CERTIFICATE-----