Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145638.roa
File:                     AS145638.roa (raw, json)
Hash identifier:          L2lLwJ80L3G0sZO9AbYNcSq25jIkoUhEtyx7XiWdk+0=
Subject key identifier:   A0:5A:DD:F9:B2:EC:86:32:6E:0A:5D:B5:DB:02:4D:7E:93:98:4B:FA
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       E4DBEDA1C0FD405D4BCDB7D4F85FFDD9853393
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145638.roa
Signing time:             Wed 04 Mar 2026 06:30:40 +0000
ROA not before:           Wed 04 Mar 2026 06:25:40 +0000
ROA not after:            Wed 03 Mar 2027 06:30:40 +0000
asID:                     145638
IP address blocks:        240a:abac::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            e4:db:ed:a1:c0:fd:40:5d:4b:cd:b7:d4:f8:5f:fd:d9:85:33:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:25:40 2026 GMT
            Not After : Mar  3 06:30:40 2027 GMT
        Subject: CN=A05ADDF9B2EC86326E0A5DB5DB024D7E93984BFA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:26:12:d7:d2:e9:58:bf:eb:f2:60:b7:6b:8a:
                    78:d3:ca:bc:a9:9b:e3:f8:c4:ba:f2:6c:a5:e8:6e:
                    fa:3b:ae:12:d1:68:3f:8f:9b:9d:18:0d:2f:f7:65:
                    b0:5c:8e:e3:b1:27:bb:a7:85:99:2f:9a:b6:fe:86:
                    5f:b5:ca:40:b1:b3:b2:ff:05:3f:bf:dd:37:ef:68:
                    09:dd:36:bd:4b:b1:af:2b:23:57:e6:48:af:87:1b:
                    42:53:a0:e1:9f:cc:f5:30:41:cc:2c:4a:cb:04:fa:
                    39:34:a8:46:f8:09:b7:29:92:64:a5:a3:46:09:a2:
                    87:0b:a9:f0:51:82:f2:2b:94:e9:c6:2e:2a:4f:08:
                    58:6c:bc:6b:15:e3:a9:6c:67:8a:1d:e3:3a:b7:4c:
                    6f:a3:4d:c0:af:47:f0:df:a9:1d:29:c7:89:40:d5:
                    2d:64:50:f2:55:d7:82:e7:60:93:b3:7b:20:d6:2d:
                    d5:d9:37:ff:84:fa:ea:5b:2d:d4:0c:47:28:d6:07:
                    9e:24:28:8e:c5:3d:d7:e8:d9:bc:59:b0:63:07:70:
                    f4:2b:72:52:b8:3e:81:63:5b:28:bb:27:87:a3:fa:
                    e3:31:1d:4e:8f:cc:0b:44:fa:13:5e:63:2b:56:68:
                    50:d0:b3:59:6b:2f:2b:01:33:16:d6:95:e7:a4:f6:
                    14:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:5A:DD:F9:B2:EC:86:32:6E:0A:5D:B5:DB:02:4D:7E:93:98:4B:FA
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145638.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:abac::/32

    Signature Algorithm: sha256WithRSAEncryption
         47:8d:30:3d:d0:fd:71:2b:95:5f:ed:79:5c:15:9a:5f:d4:45:
         78:6d:71:19:75:8c:19:21:87:fb:19:c0:db:f1:38:b9:5a:a4:
         41:b2:97:f3:a3:35:de:0a:53:4f:cc:b4:64:04:e7:8b:31:ea:
         8e:16:0f:37:40:e5:9e:b3:1a:a0:0b:61:89:7e:b5:cf:43:80:
         d8:eb:fb:f0:1f:f7:9c:99:bb:3c:e0:18:a0:13:31:a0:b4:61:
         f0:21:dc:d0:17:9a:3b:68:c4:e0:0a:8e:90:64:cb:09:8c:bb:
         48:8d:e1:94:cb:7f:e4:7c:5f:bb:9d:f4:17:38:b7:5f:42:63:
         72:bc:71:17:a3:f0:5c:7e:78:d8:a0:d6:ba:f9:1a:ca:8a:5d:
         86:62:82:86:67:f2:1a:bc:a7:d2:b3:f9:d2:45:9a:12:e9:bc:
         7c:95:fc:66:df:0f:9e:88:aa:ca:65:ab:ff:08:df:2e:ad:5f:
         94:ec:d1:fa:98:d6:7e:62:72:73:23:72:30:b9:5e:b0:cd:b9:
         b8:8c:77:9a:5e:44:7f:a1:92:69:a4:6c:fb:e9:89:f4:d7:cc:
         c1:c1:b8:20:ee:22:4a:4e:82:43:ff:6c:29:d1:05:cb:42:58:
         3a:9b:fc:5f:32:4a:bd:f0:88:a4:46:d3:3e:a9:23:a5:71:b7:
         54:43:ec:ba
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUAOTb7aHA/UBdS8231Phf/dmFM5MwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MjU0MFoX
DTI3MDMwMzA2MzA0MFowMzExMC8GA1UEAxMoQTA1QURERjlCMkVDODYzMjZFMEE1
REI1REIwMjREN0U5Mzk4NEJGQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANQmEtfS6Vi/6/Jgt2uKeNPKvKmb4/jEuvJspehu+juuEtFoP4+bnRgNL/dl
sFyO47Enu6eFmS+atv6GX7XKQLGzsv8FP7/dN+9oCd02vUuxrysjV+ZIr4cbQlOg
4Z/M9TBBzCxKywT6OTSoRvgJtymSZKWjRgmihwup8FGC8iuU6cYuKk8IWGy8axXj
qWxnih3jOrdMb6NNwK9H8N+pHSnHiUDVLWRQ8lXXgudgk7N7INYt1dk3/4T66lst
1AxHKNYHniQojsU91+jZvFmwYwdw9CtyUrg+gWNbKLsnh6P64zEdTo/MC0T6E15j
K1ZoUNCzWWsvKwEzFtaV56T2FA0CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBSgWt35
suyGMm4KXbXbAk1+k5hL+jAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTYzOC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
q6wwDQYJKoZIhvcNAQELBQADggEBAEeNMD3Q/XErlV/teVwVml/URXhtcRl1jBkh
h/sZwNvxOLlapEGyl/OjNd4KU0/MtGQE54sx6o4WDzdA5Z6zGqALYYl+tc9DgNjr
+/Af95yZuzzgGKATMaC0YfAh3NAXmjtoxOAKjpBkywmMu0iN4ZTLf+R8X7ud9Bc4
t19CY3K8cRej8Fx+eNig1rr5GsqKXYZigoZn8hq8p9Kz+dJFmhLpvHyV/GbfD56I
qsplq/8I3y6tX5Ts0fqY1n5icnMjcjC5XrDNubiMd5peRH+hkmmkbPvpifTXzMHB
uCDuIkpOgkP/bCnRBctCWDqb/F8ySr3wiKRG0z6pI6Vxt1RD7Lo=
-----END CERTIFICATE-----