Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145628.roa
File:                     AS145628.roa (raw, json)
Hash identifier:          Aap9SdW0bVdz9PEhEuuM3Yxu/S1CN5xCKIQroZnOr/U=
Subject key identifier:   56:4B:2C:49:6A:A5:6E:CE:E9:08:6B:47:C9:2F:63:C9:3E:40:50:82
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       6D2DE37438C20D47243C584B310A82ACF4237BDD
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145628.roa
Signing time:             Wed 04 Mar 2026 06:29:51 +0000
ROA not before:           Wed 04 Mar 2026 06:24:51 +0000
ROA not after:            Wed 03 Mar 2027 06:29:51 +0000
asID:                     145628
IP address blocks:        240a:aba2::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6d:2d:e3:74:38:c2:0d:47:24:3c:58:4b:31:0a:82:ac:f4:23:7b:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:24:51 2026 GMT
            Not After : Mar  3 06:29:51 2027 GMT
        Subject: CN=564B2C496AA56ECEE9086B47C92F63C93E405082
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:de:a6:29:b0:e9:06:13:06:46:fb:65:27:aa:
                    79:11:1d:b1:9d:90:86:e6:bd:10:4e:01:33:b7:29:
                    c9:5e:c1:59:8b:b5:6f:bd:93:20:59:25:13:30:26:
                    79:d2:1a:c9:3b:5c:77:6f:dd:be:98:22:aa:f1:50:
                    31:e7:ef:72:86:20:0f:97:9f:9b:f9:ca:5d:e4:e3:
                    84:47:a0:bf:d4:f0:9f:de:a9:5e:70:bd:e7:1b:d9:
                    ee:3c:26:b2:1c:d5:40:67:6a:41:77:f2:23:ec:80:
                    c8:bf:49:9f:9f:f4:73:37:f6:f7:00:8e:6e:1f:1b:
                    97:6c:02:02:8c:93:38:48:ca:b3:95:b9:45:22:9a:
                    7e:7c:52:2c:5b:e5:af:b3:77:7f:32:75:f8:c6:ae:
                    71:b1:f3:a4:3b:80:1e:43:6c:9e:5f:b7:d9:45:3b:
                    a1:b4:b4:c6:d9:95:68:9e:11:39:b3:2d:01:79:fa:
                    e8:24:f7:b9:62:4f:90:26:a9:ba:30:79:12:a9:18:
                    87:ab:75:6d:23:fc:e0:71:89:29:d3:f7:0d:92:87:
                    a0:4b:0e:2b:0b:de:d7:d9:c5:49:de:6b:14:99:c7:
                    b9:94:c2:97:86:cd:9b:99:67:82:a1:72:09:50:54:
                    a0:51:f1:4b:2f:29:2c:69:a6:bc:0b:5e:a5:bd:aa:
                    08:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:4B:2C:49:6A:A5:6E:CE:E9:08:6B:47:C9:2F:63:C9:3E:40:50:82
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145628.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:aba2::/32

    Signature Algorithm: sha256WithRSAEncryption
         6f:90:3d:18:ac:86:a0:5e:19:aa:8a:6c:58:bf:f6:b8:64:f4:
         d2:ce:c7:49:a1:cc:95:a9:7c:a4:46:6d:bc:cc:ca:65:87:9d:
         91:ab:62:a3:9a:55:1a:59:75:10:10:c5:91:d6:9d:da:e4:a9:
         8c:3e:8c:13:56:85:fa:be:2f:05:e4:34:cd:a5:c3:f0:ab:9b:
         de:70:81:2b:bf:24:44:61:32:36:fc:32:f8:78:2e:37:e9:79:
         20:75:47:ac:0b:6f:f4:c2:00:0a:c0:ce:2a:b2:41:c5:12:e4:
         cd:db:81:15:43:65:2a:52:2a:7e:7c:13:4d:4d:78:18:86:f1:
         75:dd:6d:31:58:1b:72:4f:9f:52:57:40:9a:c7:78:e2:75:d5:
         ad:e0:ff:bd:d0:18:d9:b3:e4:94:7e:3a:20:e2:c4:8a:67:6e:
         e7:3d:a2:d3:df:fc:d5:05:b2:9b:f6:ff:1c:32:b6:9d:d4:68:
         93:41:dc:5b:63:c8:8d:b5:9f:bd:47:25:42:20:a3:67:83:32:
         47:92:98:cc:18:15:41:94:7c:0f:4e:41:b0:df:3f:c6:bd:9f:
         ab:b3:fc:21:10:11:6b:e7:3a:f6:ab:b4:49:30:9d:ba:4f:05:
         71:77:ca:72:58:49:a2:e0:54:9a:6c:05:dd:f6:92:5c:6e:e1:
         5b:c3:7d:ba
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUbS3jdDjCDUckPFhLMQqCrPQje90wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MjQ1MVoX
DTI3MDMwMzA2Mjk1MVowMzExMC8GA1UEAxMoNTY0QjJDNDk2QUE1NkVDRUU5MDg2
QjQ3QzkyRjYzQzkzRTQwNTA4MjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJjepimw6QYTBkb7ZSeqeREdsZ2Qhua9EE4BM7cpyV7BWYu1b72TIFklEzAm
edIayTtcd2/dvpgiqvFQMefvcoYgD5efm/nKXeTjhEegv9Twn96pXnC95xvZ7jwm
shzVQGdqQXfyI+yAyL9Jn5/0czf29wCObh8bl2wCAoyTOEjKs5W5RSKafnxSLFvl
r7N3fzJ1+MaucbHzpDuAHkNsnl+32UU7obS0xtmVaJ4RObMtAXn66CT3uWJPkCap
ujB5EqkYh6t1bSP84HGJKdP3DZKHoEsOKwve19nFSd5rFJnHuZTCl4bNm5lngqFy
CVBUoFHxSy8pLGmmvAtepb2qCNsCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBRWSyxJ
aqVuzukIa0fJL2PJPkBQgjAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTYyOC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
q6IwDQYJKoZIhvcNAQELBQADggEBAG+QPRishqBeGaqKbFi/9rhk9NLOx0mhzJWp
fKRGbbzMymWHnZGrYqOaVRpZdRAQxZHWndrkqYw+jBNWhfq+LwXkNM2lw/Crm95w
gSu/JERhMjb8Mvh4LjfpeSB1R6wLb/TCAArAziqyQcUS5M3bgRVDZSpSKn58E01N
eBiG8XXdbTFYG3JPn1JXQJrHeOJ11a3g/73QGNmz5JR+OiDixIpnbuc9otPf/NUF
spv2/xwytp3UaJNB3FtjyI21n71HJUIgo2eDMkeSmMwYFUGUfA9OQbDfP8a9n6uz
/CEQEWvnOvartEkwnbpPBXF3ynJYSaLgVJpsBd32klxu4VvDfbo=
-----END CERTIFICATE-----