Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145738.roa
File:                     AS145738.roa (raw, json)
Hash identifier:          aG4FZe40MCQXlTAHMRvG+QS9lyWoiN/pkDc8+a2+B70=
Subject key identifier:   49:21:DC:58:F1:92:9F:88:A5:9C:7D:94:BF:79:09:36:03:A7:3F:AC
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       203CBD3935215734C9B37550263098B278C07F11
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145738.roa
Signing time:             Wed 04 Mar 2026 06:30:51 +0000
ROA not before:           Wed 04 Mar 2026 06:25:51 +0000
ROA not after:            Wed 03 Mar 2027 06:30:51 +0000
asID:                     145738
IP address blocks:        240a:ac10::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:3c:bd:39:35:21:57:34:c9:b3:75:50:26:30:98:b2:78:c0:7f:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:25:51 2026 GMT
            Not After : Mar  3 06:30:51 2027 GMT
        Subject: CN=4921DC58F1929F88A59C7D94BF79093603A73FAC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:e2:42:07:20:62:62:6d:50:18:d7:98:b7:e2:
                    ad:e2:8b:63:fc:2e:8a:a0:0a:ba:0a:43:c9:7d:7c:
                    43:51:27:2f:b3:c4:0a:d3:4b:b7:b9:f5:6c:b6:a3:
                    1a:be:ec:73:dd:a4:b0:ac:32:89:36:8f:96:6c:ca:
                    81:15:de:09:ea:d5:6b:1a:fd:cd:d6:73:93:90:91:
                    ce:3d:06:17:a6:d3:3d:4d:cb:4c:ad:84:f6:e1:05:
                    85:0f:78:ec:8f:31:d8:21:e8:b6:c6:26:e5:80:a7:
                    71:4d:b3:6a:c1:c1:89:73:7c:ec:33:6b:e1:fe:fb:
                    83:e6:b1:c7:49:9f:b8:a7:47:13:6f:71:8a:30:57:
                    bd:82:24:3e:40:d5:0e:f9:3e:d9:b8:00:59:da:e4:
                    b7:97:f2:da:51:72:2e:16:4d:02:92:0f:56:c3:2c:
                    06:40:ce:46:f1:60:c4:2f:fe:5d:5c:03:66:68:3b:
                    57:b4:69:6d:d2:d6:22:10:cf:23:35:4e:f4:54:c4:
                    c2:56:47:17:7c:61:f7:7c:9a:df:d9:d1:23:89:e4:
                    7f:d2:fe:a1:5c:2c:21:21:34:13:ba:94:94:f5:99:
                    bc:8a:c3:08:0b:2f:19:6e:e9:f3:26:35:fb:8f:2f:
                    bd:4c:cb:58:cc:51:05:c3:a2:dd:dc:9c:9e:52:5c:
                    dc:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:21:DC:58:F1:92:9F:88:A5:9C:7D:94:BF:79:09:36:03:A7:3F:AC
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145738.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:ac10::/32

    Signature Algorithm: sha256WithRSAEncryption
         80:b8:a0:e2:0b:01:79:62:ba:56:d3:bd:a9:86:91:ff:29:36:
         78:bd:37:56:98:ca:f8:12:bb:f2:5b:26:71:f9:f6:c8:a1:0e:
         86:81:9d:a1:6d:2e:e0:0b:74:19:c0:e2:32:34:b6:86:f1:63:
         7f:45:5e:f1:01:69:3d:97:d1:76:02:06:7e:aa:43:d7:56:e3:
         e9:ab:82:1c:55:81:d4:7d:91:57:6f:45:ed:5a:64:d2:77:48:
         92:e1:bc:93:f4:f6:44:87:c8:2c:fc:29:09:0b:d6:f8:79:1f:
         d4:b0:1b:fd:68:a8:17:df:37:ac:0e:c6:e3:55:7e:2a:f6:17:
         0c:c2:22:48:3b:ac:32:4c:32:d7:79:44:54:e0:da:e9:81:66:
         02:96:e1:cd:e1:c3:dc:ff:ff:70:52:9e:db:3d:ea:a0:62:01:
         a9:65:d0:95:d1:aa:44:f6:8b:b4:9c:30:95:a9:5b:88:f4:83:
         9b:7d:c2:96:83:15:ef:2d:89:9c:08:00:21:03:d6:c8:f6:c7:
         cd:32:a8:e9:27:1f:09:38:43:b3:1c:2f:38:e4:8a:d6:56:93:
         b0:c8:91:48:e9:b0:f2:dd:0d:57:51:f2:69:72:b9:00:7f:53:
         56:57:c6:e4:af:4a:02:48:a8:b2:84:02:08:ff:b1:93:68:ff:
         0d:70:11:ab
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUIDy9OTUhVzTJs3VQJjCYsnjAfxEwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MjU1MVoX
DTI3MDMwMzA2MzA1MVowMzExMC8GA1UEAxMoNDkyMURDNThGMTkyOUY4OEE1OUM3
RDk0QkY3OTA5MzYwM0E3M0ZBQzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKbiQgcgYmJtUBjXmLfireKLY/wuiqAKugpDyX18Q1EnL7PECtNLt7n1bLaj
Gr7sc92ksKwyiTaPlmzKgRXeCerVaxr9zdZzk5CRzj0GF6bTPU3LTK2E9uEFhQ94
7I8x2CHotsYm5YCncU2zasHBiXN87DNr4f77g+axx0mfuKdHE29xijBXvYIkPkDV
Dvk+2bgAWdrkt5fy2lFyLhZNApIPVsMsBkDORvFgxC/+XVwDZmg7V7RpbdLWIhDP
IzVO9FTEwlZHF3xh93ya39nRI4nkf9L+oVwsISE0E7qUlPWZvIrDCAsvGW7p8yY1
+48vvUzLWMxRBcOi3dycnlJc3KECAwEAAaOCAcUwggHBMB0GA1UdDgQWBBRJIdxY
8ZKfiKWcfZS/eQk2A6c/rDAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTczOC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
rBAwDQYJKoZIhvcNAQELBQADggEBAIC4oOILAXliulbTvamGkf8pNni9N1aYyvgS
u/JbJnH59sihDoaBnaFtLuALdBnA4jI0tobxY39FXvEBaT2X0XYCBn6qQ9dW4+mr
ghxVgdR9kVdvRe1aZNJ3SJLhvJP09kSHyCz8KQkL1vh5H9SwG/1oqBffN6wOxuNV
fir2FwzCIkg7rDJMMtd5RFTg2umBZgKW4c3hw9z//3BSnts96qBiAall0JXRqkT2
i7ScMJWpW4j0g5t9wpaDFe8tiZwIACED1sj2x80yqOknHwk4Q7McLzjkitZWk7DI
kUjpsPLdDVdR8mlyuQB/U1ZXxuSvSgJIqLKEAgj/sZNo/w1wEas=
-----END CERTIFICATE-----