Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145683.roa
File:                     AS145683.roa (raw, json)
Hash identifier:          hh6kgRXejTKBQZ5sgWsqEecpA3LYGWwhgGlQSSaBkvg=
Subject key identifier:   89:82:3F:EB:8A:6B:5A:56:40:9C:F3:3B:AE:28:3E:3A:6C:58:D9:A9
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       32E506F6E88342B6D0B569D424DFA60CBD34D3E6
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145683.roa
Signing time:             Wed 04 Mar 2026 06:30:08 +0000
ROA not before:           Wed 04 Mar 2026 06:25:08 +0000
ROA not after:            Wed 03 Mar 2027 06:30:08 +0000
asID:                     145683
IP address blocks:        240a:abd9::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:e5:06:f6:e8:83:42:b6:d0:b5:69:d4:24:df:a6:0c:bd:34:d3:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:25:08 2026 GMT
            Not After : Mar  3 06:30:08 2027 GMT
        Subject: CN=89823FEB8A6B5A56409CF33BAE283E3A6C58D9A9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:e4:15:66:96:03:85:a0:ea:22:17:a9:ab:29:
                    42:1b:29:03:eb:5a:4d:1b:02:99:78:18:be:62:0c:
                    b2:e3:0d:1e:b3:e4:45:17:9e:15:81:c2:e6:55:60:
                    59:76:f3:3b:75:a4:bc:8a:e3:8b:e5:79:b5:4f:f3:
                    70:81:8a:42:f5:57:a1:95:4f:b0:57:a4:3d:39:0c:
                    84:8f:34:a0:2c:6e:ab:97:0f:14:24:38:ab:e5:23:
                    1d:e5:ea:1b:19:86:59:9c:80:80:26:19:28:7a:d3:
                    87:0a:17:b9:f4:4d:f7:88:57:6f:64:2a:5e:a5:99:
                    5e:d8:87:be:ff:27:d9:76:de:a3:73:ef:41:cd:6f:
                    eb:19:98:48:7d:72:33:ad:ce:8d:b1:c6:57:0d:56:
                    ff:d5:30:91:08:28:ad:5f:bc:33:8f:95:37:96:c2:
                    53:f5:75:ec:af:0a:f1:91:20:5f:e5:2f:15:ce:ea:
                    cf:11:e2:ae:96:79:fd:23:5f:1a:5d:7b:3d:20:76:
                    6b:9c:e5:4b:84:04:93:9c:dc:4b:1c:8d:73:80:d9:
                    ff:d6:5d:5a:a3:70:6c:59:eb:13:19:73:8f:a2:3f:
                    53:99:7e:35:1c:0a:cd:d1:ca:34:58:cb:be:44:b1:
                    35:e5:40:d7:50:13:10:89:f4:5a:e9:4e:fe:c7:83:
                    e4:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:82:3F:EB:8A:6B:5A:56:40:9C:F3:3B:AE:28:3E:3A:6C:58:D9:A9
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145683.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:abd9::/32

    Signature Algorithm: sha256WithRSAEncryption
         b5:3a:cc:f3:4f:77:01:a0:68:d3:1f:6e:45:de:9f:39:8b:ea:
         2a:eb:2c:40:d3:f8:dc:32:91:f2:04:44:59:0d:96:0d:57:08:
         c0:eb:24:98:c6:6a:76:bf:ec:b1:16:ae:14:89:7f:5d:54:fd:
         63:d9:3e:11:28:93:da:04:3b:1d:81:80:6d:57:b9:e0:f4:17:
         f8:9c:30:6e:a6:03:cc:98:83:5e:4f:64:6c:cd:8c:7d:f3:85:
         7a:3c:25:33:34:b9:ed:08:d6:62:fe:39:e4:fe:8e:70:c8:28:
         c1:b7:35:a9:dd:19:16:43:9d:46:bd:cc:b3:56:4d:4c:2d:09:
         2e:5b:ca:17:64:ad:5e:75:2d:c4:67:14:f5:37:4c:c9:fd:51:
         b7:38:52:b6:0e:6b:be:4d:85:16:12:e9:72:10:00:08:3b:c9:
         a0:68:b6:dc:ed:39:ea:89:c8:49:f3:78:86:37:81:55:cc:42:
         f3:a5:06:10:31:c9:b2:b2:68:6d:d7:c7:31:79:15:c0:18:5b:
         18:6d:d0:7f:aa:24:d4:24:57:01:28:b6:7f:12:2a:4b:ee:08:
         b1:65:23:05:6f:0a:74:c6:f1:96:ac:23:48:0d:dc:0e:4b:b6:
         cb:fb:02:c7:68:ef:a5:a9:30:92:39:73:54:ea:9a:62:da:06:
         9c:f0:95:be
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUMuUG9uiDQrbQtWnUJN+mDL000+YwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MjUwOFoX
DTI3MDMwMzA2MzAwOFowMzExMC8GA1UEAxMoODk4MjNGRUI4QTZCNUE1NjQwOUNG
MzNCQUUyODNFM0E2QzU4RDlBOTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANXkFWaWA4Wg6iIXqaspQhspA+taTRsCmXgYvmIMsuMNHrPkRReeFYHC5lVg
WXbzO3WkvIrji+V5tU/zcIGKQvVXoZVPsFekPTkMhI80oCxuq5cPFCQ4q+UjHeXq
GxmGWZyAgCYZKHrThwoXufRN94hXb2QqXqWZXtiHvv8n2Xbeo3PvQc1v6xmYSH1y
M63OjbHGVw1W/9UwkQgorV+8M4+VN5bCU/V17K8K8ZEgX+UvFc7qzxHirpZ5/SNf
Gl17PSB2a5zlS4QEk5zcSxyNc4DZ/9ZdWqNwbFnrExlzj6I/U5l+NRwKzdHKNFjL
vkSxNeVA11ATEIn0WulO/seD5CECAwEAAaOCAcUwggHBMB0GA1UdDgQWBBSJgj/r
imtaVkCc8zuuKD46bFjZqTAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTY4My5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
q9kwDQYJKoZIhvcNAQELBQADggEBALU6zPNPdwGgaNMfbkXenzmL6irrLEDT+Nwy
kfIERFkNlg1XCMDrJJjGana/7LEWrhSJf11U/WPZPhEok9oEOx2BgG1XueD0F/ic
MG6mA8yYg15PZGzNjH3zhXo8JTM0ue0I1mL+OeT+jnDIKMG3NandGRZDnUa9zLNW
TUwtCS5byhdkrV51LcRnFPU3TMn9Ubc4UrYOa75NhRYS6XIQAAg7yaBottztOeqJ
yEnzeIY3gVXMQvOlBhAxybKyaG3XxzF5FcAYWxht0H+qJNQkVwEotn8SKkvuCLFl
IwVvCnTG8ZasI0gN3A5Ltsv7Asdo76WpMJI5c1TqmmLaBpzwlb4=
-----END CERTIFICATE-----