Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145657.roa
File:                     AS145657.roa (raw, json)
Hash identifier:          rcP6OV4IXPv25W0/NmQ+w8qXsRztEM4+IsFEafU7a3Y=
Subject key identifier:   E5:C8:37:FD:D7:AB:60:C3:7F:3A:CC:FF:4B:E5:A6:72:F4:43:FF:34
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       072734E24B08A1612876912E27E720D12F1BFA79
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145657.roa
Signing time:             Wed 04 Mar 2026 06:30:27 +0000
ROA not before:           Wed 04 Mar 2026 06:25:27 +0000
ROA not after:            Wed 03 Mar 2027 06:30:27 +0000
asID:                     145657
IP address blocks:        240a:abbf::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            07:27:34:e2:4b:08:a1:61:28:76:91:2e:27:e7:20:d1:2f:1b:fa:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:25:27 2026 GMT
            Not After : Mar  3 06:30:27 2027 GMT
        Subject: CN=E5C837FDD7AB60C37F3ACCFF4BE5A672F443FF34
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:1f:e8:93:ad:f8:30:f0:3f:b1:d1:5b:78:1d:
                    80:0a:9c:c7:0a:07:28:6b:21:a7:45:dd:7f:5a:92:
                    ee:b9:a3:c1:1d:d2:0d:60:82:fa:09:e9:85:30:85:
                    ee:3c:ec:98:2d:2c:3e:ff:51:d3:84:42:db:52:6f:
                    e3:77:64:7d:a8:82:f8:64:c4:f8:5d:56:a4:d2:e7:
                    d9:77:4c:4c:f4:2e:31:ce:b9:63:01:b1:9a:da:18:
                    6e:dc:7a:8e:a4:6c:dd:8a:66:da:b7:e6:3f:86:c4:
                    e7:e6:4f:71:96:53:7c:bf:36:f6:b4:26:36:59:c4:
                    9c:66:26:55:d4:a6:be:63:cb:4e:cd:0d:7f:fd:5f:
                    5f:7a:97:6b:94:2a:85:d3:2b:49:3b:fb:2d:4f:2e:
                    f8:df:b5:19:55:e0:d9:84:d9:c2:81:cb:6a:40:b2:
                    66:96:cc:c7:72:d4:3b:62:68:3d:c1:fc:da:32:04:
                    dc:a5:9b:b4:e9:f3:54:42:04:c0:12:ce:96:17:ad:
                    0b:99:49:9f:6b:f2:33:a5:ae:61:4c:bc:ec:fa:0c:
                    d5:0d:e3:4b:2f:f0:6e:4e:97:28:ba:e4:67:f1:25:
                    6d:21:bd:52:03:4a:5d:04:6e:8a:3b:3d:0f:8f:de:
                    01:b2:41:eb:2e:00:a4:01:cf:81:db:19:d3:e5:4f:
                    df:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:C8:37:FD:D7:AB:60:C3:7F:3A:CC:FF:4B:E5:A6:72:F4:43:FF:34
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145657.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:abbf::/32

    Signature Algorithm: sha256WithRSAEncryption
         69:5f:9a:72:a8:8e:47:25:39:d9:ad:49:c5:73:f5:5a:ec:32:
         d2:f3:1a:c2:37:f4:6c:78:4e:e9:0a:31:92:b3:67:08:a8:70:
         99:e9:9f:22:59:81:46:4e:54:e5:43:8c:44:29:13:49:53:10:
         f9:83:5c:a4:68:bd:05:92:18:b9:86:43:99:31:00:9b:b7:c3:
         f9:4f:3a:43:8e:60:24:23:95:98:27:a4:f6:e7:e8:77:0c:a6:
         78:51:c9:8c:57:15:d9:38:7f:bf:36:5e:c9:f4:2e:64:0c:0b:
         ed:51:43:94:9d:2b:db:48:5c:4a:63:2d:30:de:15:47:7f:8c:
         31:fb:ea:3b:02:6e:54:d0:a6:18:61:42:a9:2c:97:dd:e9:41:
         31:84:69:e7:f3:1f:91:69:87:b5:f9:05:60:4c:d1:f3:61:a8:
         42:60:59:d8:38:22:52:7c:65:a6:74:c4:71:bc:93:1b:9b:cc:
         da:f3:36:36:43:20:f3:3a:3e:38:9f:a0:ad:a5:c7:a3:c6:d7:
         35:76:4c:23:c6:7e:e2:37:e6:76:d7:c4:65:c9:39:38:32:c3:
         ae:98:24:23:12:36:3d:3c:38:a7:94:c5:78:8c:35:c8:01:8b:
         8e:d4:a6:e7:4d:6d:fe:77:22:c2:61:5d:69:dc:2c:b5:1d:4b:
         54:40:06:0f
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUByc04ksIoWEodpEuJ+cg0S8b+nkwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MjUyN1oX
DTI3MDMwMzA2MzAyN1owMzExMC8GA1UEAxMoRTVDODM3RkREN0FCNjBDMzdGM0FD
Q0ZGNEJFNUE2NzJGNDQzRkYzNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL0f6JOt+DDwP7HRW3gdgAqcxwoHKGshp0Xdf1qS7rmjwR3SDWCC+gnphTCF
7jzsmC0sPv9R04RC21Jv43dkfaiC+GTE+F1WpNLn2XdMTPQuMc65YwGxmtoYbtx6
jqRs3Ypm2rfmP4bE5+ZPcZZTfL829rQmNlnEnGYmVdSmvmPLTs0Nf/1fX3qXa5Qq
hdMrSTv7LU8u+N+1GVXg2YTZwoHLakCyZpbMx3LUO2JoPcH82jIE3KWbtOnzVEIE
wBLOlhetC5lJn2vyM6WuYUy87PoM1Q3jSy/wbk6XKLrkZ/ElbSG9UgNKXQRuijs9
D4/eAbJB6y4ApAHPgdsZ0+VP34cCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBTlyDf9
16tgw386zP9L5aZy9EP/NDAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTY1Ny5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
q78wDQYJKoZIhvcNAQELBQADggEBAGlfmnKojkclOdmtScVz9VrsMtLzGsI39Gx4
TukKMZKzZwiocJnpnyJZgUZOVOVDjEQpE0lTEPmDXKRovQWSGLmGQ5kxAJu3w/lP
OkOOYCQjlZgnpPbn6HcMpnhRyYxXFdk4f782Xsn0LmQMC+1RQ5SdK9tIXEpjLTDe
FUd/jDH76jsCblTQphhhQqksl93pQTGEaefzH5Fph7X5BWBM0fNhqEJgWdg4IlJ8
ZaZ0xHG8kxubzNrzNjZDIPM6PjifoK2lx6PG1zV2TCPGfuI35nbXxGXJOTgyw66Y
JCMSNj08OKeUxXiMNcgBi47UpudNbf53IsJhXWncLLUdS1RABg8=
-----END CERTIFICATE-----