Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145686.roa
File:                     AS145686.roa (raw, json)
Hash identifier:          jQ7FvS/nALiDYAmLh5RH7c/oISb3YNd9wzaSLmTSOm4=
Subject key identifier:   1D:73:62:DD:5F:C8:28:F9:66:CC:67:56:57:BF:86:0A:03:44:5A:5B
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       0FD33EC6A4C5BEB6D840E7CCFA6F261FFC702658
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145686.roa
Signing time:             Wed 04 Mar 2026 06:31:01 +0000
ROA not before:           Wed 04 Mar 2026 06:26:01 +0000
ROA not after:            Wed 03 Mar 2027 06:31:01 +0000
asID:                     145686
IP address blocks:        240a:abdc::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:d3:3e:c6:a4:c5:be:b6:d8:40:e7:cc:fa:6f:26:1f:fc:70:26:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:26:01 2026 GMT
            Not After : Mar  3 06:31:01 2027 GMT
        Subject: CN=1D7362DD5FC828F966CC675657BF860A03445A5B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:c2:04:35:93:c9:8d:5b:89:70:5f:16:1e:45:
                    91:49:de:a4:56:fa:52:42:e4:fe:96:78:dd:a5:2d:
                    01:89:01:a6:53:bb:4c:95:c9:fd:d4:89:f6:72:c2:
                    e1:0e:2f:97:8a:46:ab:87:08:85:56:57:58:78:df:
                    9b:ba:05:d6:dd:ae:8e:fe:39:68:7f:db:12:90:01:
                    5b:af:23:1e:de:58:7e:a6:f0:b7:2d:21:86:49:0c:
                    b9:7f:de:0d:d3:2e:96:36:3b:c6:a4:71:71:23:b4:
                    38:b5:35:7c:b2:61:7f:18:68:ed:fc:6a:9b:3b:34:
                    e8:93:b3:11:b0:70:57:cc:c5:a9:e5:87:8c:52:9b:
                    da:66:fe:c9:55:82:cd:2c:97:87:72:d4:ca:0c:19:
                    af:9c:3f:a0:c1:ed:2f:82:e0:4f:f4:8c:78:c9:19:
                    39:e0:36:44:80:1d:b6:15:3d:f7:09:a1:ff:0f:9f:
                    ea:24:61:e9:0d:49:36:b8:2a:76:f3:c7:7c:59:a8:
                    0b:30:90:b5:66:ee:b4:b6:9b:85:9c:60:7e:62:a8:
                    0a:85:f9:65:aa:06:8a:49:f2:f8:aa:fa:77:56:65:
                    fa:b6:0a:85:7c:25:1a:21:9b:87:97:90:3f:fc:1b:
                    8f:f2:97:7e:e3:14:69:67:17:ac:2a:eb:19:5a:3e:
                    85:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:73:62:DD:5F:C8:28:F9:66:CC:67:56:57:BF:86:0A:03:44:5A:5B
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145686.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:abdc::/32

    Signature Algorithm: sha256WithRSAEncryption
         0b:e6:eb:cd:37:94:32:9a:6f:fa:2d:b6:cb:26:91:e5:a0:63:
         56:84:dc:dd:96:5f:34:45:8c:a6:e0:b0:0a:bd:60:b0:93:5f:
         80:23:22:24:99:50:4c:ab:40:91:34:a6:11:d9:c3:f2:88:12:
         b1:80:67:d5:ac:21:da:92:6b:fd:e1:76:90:7b:e0:cd:27:57:
         61:b8:8c:f8:44:68:eb:7c:07:1a:eb:0f:c6:00:11:19:a9:54:
         c4:c7:22:65:6e:38:cd:ad:a9:70:20:91:e1:94:47:e3:f4:84:
         87:57:9c:4d:33:51:4b:db:0c:5f:5c:4e:32:97:67:b8:c9:a1:
         ab:af:f1:6b:63:fe:5e:53:f2:e0:63:c9:2a:a4:23:74:d1:73:
         50:94:d7:50:9d:97:15:0a:3b:ed:82:e2:73:94:e5:33:d2:68:
         e7:ef:c0:ee:1c:a6:10:ef:67:14:10:e4:27:85:6a:18:4f:9a:
         0f:7f:5f:ec:30:1b:d6:b3:e9:5c:cc:4f:b6:3b:f4:95:26:4f:
         01:8f:f1:47:18:6c:92:99:22:18:7d:78:3d:9b:4c:8e:02:e1:
         98:7d:a1:61:cd:b4:98:46:fb:ed:25:87:3b:14:81:a8:26:b0:
         f8:c2:6f:c6:4a:33:73:d2:db:5f:3d:6c:33:d2:a7:b1:20:49:
         a6:b8:27:71
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUD9M+xqTFvrbYQOfM+m8mH/xwJlgwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MjYwMVoX
DTI3MDMwMzA2MzEwMVowMzExMC8GA1UEAxMoMUQ3MzYyREQ1RkM4MjhGOTY2Q0M2
NzU2NTdCRjg2MEEwMzQ0NUE1QjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKTCBDWTyY1biXBfFh5FkUnepFb6UkLk/pZ43aUtAYkBplO7TJXJ/dSJ9nLC
4Q4vl4pGq4cIhVZXWHjfm7oF1t2ujv45aH/bEpABW68jHt5Yfqbwty0hhkkMuX/e
DdMuljY7xqRxcSO0OLU1fLJhfxho7fxqmzs06JOzEbBwV8zFqeWHjFKb2mb+yVWC
zSyXh3LUygwZr5w/oMHtL4LgT/SMeMkZOeA2RIAdthU99wmh/w+f6iRh6Q1JNrgq
dvPHfFmoCzCQtWbutLabhZxgfmKoCoX5ZaoGikny+Kr6d1Zl+rYKhXwlGiGbh5eQ
P/wbj/KXfuMUaWcXrCrrGVo+hdkCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQdc2Ld
X8go+WbMZ1ZXv4YKA0RaWzAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTY4Ni5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
q9wwDQYJKoZIhvcNAQELBQADggEBAAvm6803lDKab/ottssmkeWgY1aE3N2WXzRF
jKbgsAq9YLCTX4AjIiSZUEyrQJE0phHZw/KIErGAZ9WsIdqSa/3hdpB74M0nV2G4
jPhEaOt8BxrrD8YAERmpVMTHImVuOM2tqXAgkeGUR+P0hIdXnE0zUUvbDF9cTjKX
Z7jJoauv8Wtj/l5T8uBjySqkI3TRc1CU11CdlxUKO+2C4nOU5TPSaOfvwO4cphDv
ZxQQ5CeFahhPmg9/X+wwG9az6VzMT7Y79JUmTwGP8UcYbJKZIhh9eD2bTI4C4Zh9
oWHNtJhG++0lhzsUgagmsPjCb8ZKM3PS2189bDPSp7EgSaa4J3E=
-----END CERTIFICATE-----