Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145770.roa
File:                     AS145770.roa (raw, json)
Hash identifier:          RyG9XVm1Ou0rA98Exsm+SQMt15DLCpzTVi2pvGG4y58=
Subject key identifier:   FD:87:C3:92:A1:DE:A9:8E:DB:C4:25:40:3C:44:9B:7A:51:E2:27:A2
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       62CB79385F5F85582F967BDC38B476F66B034BE6
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145770.roa
Signing time:             Wed 04 Mar 2026 06:30:48 +0000
ROA not before:           Wed 04 Mar 2026 06:25:48 +0000
ROA not after:            Wed 03 Mar 2027 06:30:48 +0000
asID:                     145770
IP address blocks:        240a:ac30::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            62:cb:79:38:5f:5f:85:58:2f:96:7b:dc:38:b4:76:f6:6b:03:4b:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:25:48 2026 GMT
            Not After : Mar  3 06:30:48 2027 GMT
        Subject: CN=FD87C392A1DEA98EDBC425403C449B7A51E227A2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:68:40:e4:18:63:f6:ab:10:90:5b:04:a1:42:
                    8e:c9:c1:a2:87:e1:97:da:3c:22:d0:c7:a5:13:e5:
                    1a:c8:28:a4:0d:8b:8e:be:29:00:28:73:43:cb:bf:
                    c6:d6:e7:b0:b2:22:f9:45:68:a9:da:86:91:76:8a:
                    71:9f:70:f9:fc:94:d9:f8:74:66:b6:68:18:e5:70:
                    da:b8:a8:06:e2:76:fa:b3:50:40:f4:17:52:de:17:
                    cc:01:55:49:4e:02:37:8a:a0:8f:dc:08:21:33:58:
                    90:5f:c6:40:27:97:fe:41:20:12:8a:e7:c1:46:28:
                    e4:3c:b6:06:fb:07:25:74:f5:35:5a:77:77:23:fb:
                    4b:74:5c:e2:85:a6:90:d2:b8:d3:3c:3e:f9:f5:e3:
                    84:c3:87:54:fe:70:ba:aa:6b:50:29:e0:a0:d3:52:
                    b7:50:f5:e7:c6:f0:b3:76:d8:b4:43:6a:0e:0d:99:
                    1b:6e:99:c7:74:5d:b4:5d:85:97:e8:aa:13:b3:d5:
                    af:12:55:3a:79:31:1c:f3:dd:3a:fc:c1:7e:6d:03:
                    ad:48:1a:20:6a:5c:8b:d7:8a:a8:74:88:66:76:84:
                    0a:de:2b:52:86:49:54:80:59:94:31:80:44:1b:e1:
                    11:49:6d:0c:46:8c:bf:00:2e:99:34:7c:cc:c5:11:
                    ee:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:87:C3:92:A1:DE:A9:8E:DB:C4:25:40:3C:44:9B:7A:51:E2:27:A2
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145770.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:ac30::/32

    Signature Algorithm: sha256WithRSAEncryption
         2b:16:99:e1:76:50:3f:dc:ce:19:ea:44:8a:0a:89:64:42:14:
         7d:0f:f0:7d:a4:35:97:b1:8e:12:b2:72:6a:93:e6:dd:08:e4:
         ef:b0:7a:fa:2d:da:28:22:49:95:05:11:20:c8:66:fa:f7:ed:
         1d:fd:c7:78:dd:70:f9:19:34:f7:fc:f8:b1:5f:c3:b3:fa:5f:
         07:0e:66:d9:49:35:3f:6d:fd:43:fd:b2:61:5c:8c:63:bc:a6:
         aa:7f:39:85:40:4e:94:a3:5b:5e:9e:4e:79:fc:2c:a6:81:d8:
         79:37:12:62:88:9f:54:f4:6a:2f:e9:c5:52:85:78:1b:dd:20:
         05:db:6f:57:5f:66:9a:5c:98:27:c2:e3:c5:6f:91:3a:6b:50:
         08:f8:8a:fd:6a:ad:59:d5:da:3e:7e:f4:a1:4b:17:c3:77:7e:
         1d:bf:b9:86:52:27:b8:b4:ac:7b:64:69:d9:86:c7:7e:42:f8:
         63:c3:fa:fb:cf:8e:4d:fb:52:7d:d6:35:b7:02:ac:96:ed:ac:
         30:f3:cb:47:d6:62:4d:0f:a2:83:1b:20:f1:19:fe:a6:65:94:
         fe:41:2c:cb:f1:10:44:14:98:b7:88:12:3b:b7:47:d5:5f:0c:
         89:59:9c:f2:b7:63:92:75:eb:11:73:9a:b9:88:28:52:05:1a:
         15:21:bc:1a
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUYst5OF9fhVgvlnvcOLR29msDS+YwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MjU0OFoX
DTI3MDMwMzA2MzA0OFowMzExMC8GA1UEAxMoRkQ4N0MzOTJBMURFQTk4RURCQzQy
NTQwM0M0NDlCN0E1MUUyMjdBMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKpoQOQYY/arEJBbBKFCjsnBoofhl9o8ItDHpRPlGsgopA2Ljr4pAChzQ8u/
xtbnsLIi+UVoqdqGkXaKcZ9w+fyU2fh0ZrZoGOVw2rioBuJ2+rNQQPQXUt4XzAFV
SU4CN4qgj9wIITNYkF/GQCeX/kEgEornwUYo5Dy2BvsHJXT1NVp3dyP7S3Rc4oWm
kNK40zw++fXjhMOHVP5wuqprUCngoNNSt1D158bws3bYtENqDg2ZG26Zx3RdtF2F
l+iqE7PVrxJVOnkxHPPdOvzBfm0DrUgaIGpci9eKqHSIZnaECt4rUoZJVIBZlDGA
RBvhEUltDEaMvwAumTR8zMUR7ncCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBT9h8OS
od6pjtvEJUA8RJt6UeInojAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTc3MC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
rDAwDQYJKoZIhvcNAQELBQADggEBACsWmeF2UD/czhnqRIoKiWRCFH0P8H2kNZex
jhKycmqT5t0I5O+wevot2igiSZUFESDIZvr37R39x3jdcPkZNPf8+LFfw7P6XwcO
ZtlJNT9t/UP9smFcjGO8pqp/OYVATpSjW16eTnn8LKaB2Hk3EmKIn1T0ai/pxVKF
eBvdIAXbb1dfZppcmCfC48VvkTprUAj4iv1qrVnV2j5+9KFLF8N3fh2/uYZSJ7i0
rHtkadmGx35C+GPD+vvPjk37Un3WNbcCrJbtrDDzy0fWYk0PooMbIPEZ/qZllP5B
LMvxEEQUmLeIEju3R9VfDIlZnPK3Y5J16xFzmrmIKFIFGhUhvBo=
-----END CERTIFICATE-----