Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145762.roa
File:                     AS145762.roa (raw, json)
Hash identifier:          aMEdf6XqchB5f1xOTIOa4G7pskEIi7VbB5CTYx931O0=
Subject key identifier:   91:74:08:46:64:38:33:0B:A9:05:3F:D7:C8:87:05:D2:22:57:A5:BC
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       3442B0B88477668E354711E66D7603D2E4AD69BE
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145762.roa
Signing time:             Wed 04 Mar 2026 06:30:03 +0000
ROA not before:           Wed 04 Mar 2026 06:25:03 +0000
ROA not after:            Wed 03 Mar 2027 06:30:03 +0000
asID:                     145762
IP address blocks:        240a:ac28::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:42:b0:b8:84:77:66:8e:35:47:11:e6:6d:76:03:d2:e4:ad:69:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:25:03 2026 GMT
            Not After : Mar  3 06:30:03 2027 GMT
        Subject: CN=917408466438330BA9053FD7C88705D22257A5BC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:cb:a7:b7:fe:ee:33:62:d0:28:0e:8e:33:fa:
                    fd:60:68:5c:0e:d4:fa:e8:9a:3f:8b:1f:61:b8:dd:
                    99:5d:e9:d6:cc:ec:e1:80:2e:f6:c6:db:35:e5:fa:
                    52:24:5d:a8:70:c2:38:aa:1c:16:d8:f2:f7:1b:8d:
                    a8:72:fa:e1:f4:26:64:70:28:26:b6:6f:dc:f8:67:
                    64:5e:6b:87:bb:84:17:b8:68:f0:0c:28:36:8c:fa:
                    20:f4:3a:18:d6:3c:8b:62:20:81:81:6e:0e:2d:fc:
                    3d:fb:17:fc:a8:fa:72:74:c9:e2:64:90:7a:38:db:
                    76:89:8d:85:75:78:74:4a:11:e3:93:73:67:d1:a0:
                    da:9d:c6:81:fd:e5:9e:be:8c:96:26:01:d0:05:03:
                    2f:ab:89:b9:8c:20:49:ac:14:45:c8:f9:cb:17:18:
                    e6:a5:e0:cb:ad:09:23:1a:c1:94:1e:fe:5a:16:07:
                    90:0f:9e:c8:4f:89:dc:3c:d8:69:27:3c:48:e6:00:
                    d4:10:ca:16:0c:44:b2:b4:cb:1e:d8:64:8a:a7:e7:
                    77:01:b1:4f:76:88:a8:a7:2e:8e:ee:57:be:3d:8d:
                    42:4c:25:8d:d8:d1:77:c4:d8:01:11:69:3d:b1:35:
                    3a:2f:27:4c:33:75:f8:3f:9b:2b:4e:a1:3f:f2:a0:
                    59:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:74:08:46:64:38:33:0B:A9:05:3F:D7:C8:87:05:D2:22:57:A5:BC
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145762.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:ac28::/32

    Signature Algorithm: sha256WithRSAEncryption
         aa:81:15:df:b1:1b:ab:73:03:c5:cf:ae:93:8f:8c:9d:9a:3d:
         2e:4a:05:5b:40:2a:c3:17:75:67:0a:c6:d1:62:cb:b7:0b:47:
         7b:ca:af:fa:5c:00:84:df:72:26:1f:92:8b:8b:61:51:fc:75:
         d7:dd:23:1a:ec:5e:68:1e:60:d9:3b:a4:ed:e0:ff:6d:e8:b8:
         3d:72:ae:8c:32:e9:5c:0b:2e:91:a5:bf:bb:60:d6:bf:33:96:
         ff:ef:45:27:57:38:d7:25:51:50:23:9d:5e:c3:94:57:bb:f8:
         53:41:25:ef:81:ec:3e:cd:62:9f:a8:fd:b7:e2:51:35:0f:ce:
         24:06:b2:71:4c:26:30:00:21:48:a4:7c:27:8a:01:7e:e2:04:
         35:4b:38:4d:95:27:a6:ff:bd:4f:63:a8:3a:7a:5c:3f:d4:29:
         6b:dd:14:43:38:dd:61:0b:d7:3a:19:53:3c:aa:73:3e:e9:c8:
         41:46:ce:34:4c:fb:09:ba:49:3e:43:22:ba:5e:18:6f:31:38:
         08:c5:bf:87:22:ce:84:aa:d2:94:a1:c3:a0:73:98:41:b5:0a:
         25:e7:b4:fe:9f:ea:e3:c5:75:97:5e:be:10:98:c8:34:3b:f6:
         7d:f9:a0:0e:c8:b3:90:ff:61:af:5a:3c:31:25:53:7b:61:f6:
         af:6e:05:03
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUNEKwuIR3Zo41RxHmbXYD0uStab4wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MjUwM1oX
DTI3MDMwMzA2MzAwM1owMzExMC8GA1UEAxMoOTE3NDA4NDY2NDM4MzMwQkE5MDUz
RkQ3Qzg4NzA1RDIyMjU3QTVCQzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAIrLp7f+7jNi0CgOjjP6/WBoXA7U+uiaP4sfYbjdmV3p1szs4YAu9sbbNeX6
UiRdqHDCOKocFtjy9xuNqHL64fQmZHAoJrZv3PhnZF5rh7uEF7ho8AwoNoz6IPQ6
GNY8i2IggYFuDi38PfsX/Kj6cnTJ4mSQejjbdomNhXV4dEoR45NzZ9Gg2p3Ggf3l
nr6MliYB0AUDL6uJuYwgSawURcj5yxcY5qXgy60JIxrBlB7+WhYHkA+eyE+J3DzY
aSc8SOYA1BDKFgxEsrTLHthkiqfndwGxT3aIqKcuju5Xvj2NQkwljdjRd8TYARFp
PbE1Oi8nTDN1+D+bK06hP/KgWdECAwEAAaOCAcUwggHBMB0GA1UdDgQWBBSRdAhG
ZDgzC6kFP9fIhwXSIlelvDAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTc2Mi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
rCgwDQYJKoZIhvcNAQELBQADggEBAKqBFd+xG6tzA8XPrpOPjJ2aPS5KBVtAKsMX
dWcKxtFiy7cLR3vKr/pcAITfciYfkouLYVH8ddfdIxrsXmgeYNk7pO3g/23ouD1y
rowy6VwLLpGlv7tg1r8zlv/vRSdXONclUVAjnV7DlFe7+FNBJe+B7D7NYp+o/bfi
UTUPziQGsnFMJjAAIUikfCeKAX7iBDVLOE2VJ6b/vU9jqDp6XD/UKWvdFEM43WEL
1zoZUzyqcz7pyEFGzjRM+wm6ST5DIrpeGG8xOAjFv4cizoSq0pShw6BzmEG1CiXn
tP6f6uPFdZdevhCYyDQ79n35oA7Is5D/Ya9aPDElU3th9q9uBQM=
-----END CERTIFICATE-----