Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145799.roa
File:                     AS145799.roa (raw, json)
Hash identifier:          5Al8Zs4zI/jXrQi7yQEMAIzWdcmuFb3tAMqu1hKsfdo=
Subject key identifier:   8E:76:61:25:0F:9D:C4:EA:DA:1A:B1:40:81:5D:67:47:9D:AE:15:88
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       08975A44F3005DD83FC81A1A8E48B325FE460B76
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145799.roa
Signing time:             Wed 04 Mar 2026 06:30:52 +0000
ROA not before:           Wed 04 Mar 2026 06:25:52 +0000
ROA not after:            Wed 03 Mar 2027 06:30:52 +0000
asID:                     145799
IP address blocks:        240a:ac4d::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            08:97:5a:44:f3:00:5d:d8:3f:c8:1a:1a:8e:48:b3:25:fe:46:0b:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:25:52 2026 GMT
            Not After : Mar  3 06:30:52 2027 GMT
        Subject: CN=8E7661250F9DC4EADA1AB140815D67479DAE1588
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:23:87:3d:23:16:eb:2f:7d:1d:3f:22:97:f0:
                    4a:60:ed:3b:c2:90:ee:d7:ba:1b:e8:86:46:5d:1d:
                    d8:e3:e0:65:28:0f:ea:28:53:a8:39:91:0e:34:73:
                    2d:8e:60:e2:45:51:c7:f6:af:46:44:e6:e2:d6:34:
                    1e:6d:b1:10:eb:5f:fe:84:48:d8:f7:19:6e:d6:90:
                    ec:eb:4d:b5:22:73:68:59:10:1f:db:cf:f8:0f:02:
                    d9:c1:b1:8b:0b:09:7d:f1:86:97:80:9b:c9:5c:a3:
                    ce:7f:f0:10:05:b0:ab:00:54:1a:b2:52:fa:ae:19:
                    f8:cd:df:4a:e0:26:28:5b:65:db:25:90:a1:33:3b:
                    32:fa:9a:30:95:81:f5:cd:24:77:31:8a:36:65:30:
                    fa:44:1c:65:ba:2e:42:e2:dc:3a:55:ef:23:20:f3:
                    90:e0:4b:f0:6b:6e:93:28:ea:e3:1e:ab:41:fd:8e:
                    79:51:b7:36:e8:fe:99:f7:70:60:96:c4:bf:37:fd:
                    a2:02:71:00:57:93:66:7f:56:63:8e:27:39:cc:71:
                    5e:01:4f:96:1c:9f:f7:d9:2c:b4:ab:5d:86:82:22:
                    2f:7f:d9:05:cc:a2:09:25:b5:7e:41:26:10:02:85:
                    34:bf:d8:02:5c:66:94:b0:56:ec:ee:9e:14:5b:c1:
                    5a:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:76:61:25:0F:9D:C4:EA:DA:1A:B1:40:81:5D:67:47:9D:AE:15:88
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145799.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:ac4d::/32

    Signature Algorithm: sha256WithRSAEncryption
         a1:45:7d:25:8e:ef:a7:88:d0:91:27:6a:96:ee:56:5d:29:d7:
         1e:d5:77:20:cf:97:26:90:ac:ad:49:00:ba:9e:88:5c:77:3b:
         a9:d1:6d:0d:e2:1b:77:73:55:39:97:e2:fe:9f:50:c8:94:f3:
         07:a1:69:cf:ea:aa:55:65:bd:47:21:9e:4e:f1:8e:10:7b:7b:
         7f:58:4f:4c:c6:2a:df:b5:f4:71:f0:05:ae:62:e7:21:ba:4f:
         d2:4c:e9:b2:df:d2:45:98:03:d6:d4:9c:12:98:5a:fd:8f:5f:
         9a:bc:0a:6e:71:09:65:7b:92:1e:83:4e:3c:1a:1e:52:70:37:
         8e:84:55:48:a0:e6:47:78:00:60:0d:4a:44:27:38:32:ec:25:
         64:26:29:33:a3:28:98:f0:0d:00:0f:19:76:f7:66:25:ad:ad:
         15:f2:84:d9:97:48:ee:61:5b:9d:6a:b7:9a:16:30:85:60:27:
         5b:a8:50:86:47:f9:41:bb:a2:37:1c:25:92:7a:92:1e:36:cc:
         66:6d:2f:e1:be:06:63:d4:d9:fd:8e:4f:1e:2a:fc:f0:5c:c1:
         0a:e5:dc:b2:d8:87:8c:d9:b8:7c:ae:35:ae:34:41:75:38:cd:
         fe:e1:ed:e0:d0:71:07:ba:b0:fa:eb:27:8b:3a:bf:88:37:2b:
         4d:71:cf:46
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUCJdaRPMAXdg/yBoajkizJf5GC3YwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MjU1MloX
DTI3MDMwMzA2MzA1MlowMzExMC8GA1UEAxMoOEU3NjYxMjUwRjlEQzRFQURBMUFC
MTQwODE1RDY3NDc5REFFMTU4ODCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOwjhz0jFusvfR0/IpfwSmDtO8KQ7te6G+iGRl0d2OPgZSgP6ihTqDmRDjRz
LY5g4kVRx/avRkTm4tY0Hm2xEOtf/oRI2PcZbtaQ7OtNtSJzaFkQH9vP+A8C2cGx
iwsJffGGl4CbyVyjzn/wEAWwqwBUGrJS+q4Z+M3fSuAmKFtl2yWQoTM7MvqaMJWB
9c0kdzGKNmUw+kQcZbouQuLcOlXvIyDzkOBL8Gtukyjq4x6rQf2OeVG3Nuj+mfdw
YJbEvzf9ogJxAFeTZn9WY44nOcxxXgFPlhyf99kstKtdhoIiL3/ZBcyiCSW1fkEm
EAKFNL/YAlxmlLBW7O6eFFvBWrcCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBSOdmEl
D53E6toasUCBXWdHna4ViDAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTc5OS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
rE0wDQYJKoZIhvcNAQELBQADggEBAKFFfSWO76eI0JEnapbuVl0p1x7VdyDPlyaQ
rK1JALqeiFx3O6nRbQ3iG3dzVTmX4v6fUMiU8wehac/qqlVlvUchnk7xjhB7e39Y
T0zGKt+19HHwBa5i5yG6T9JM6bLf0kWYA9bUnBKYWv2PX5q8Cm5xCWV7kh6DTjwa
HlJwN46EVUig5kd4AGANSkQnODLsJWQmKTOjKJjwDQAPGXb3ZiWtrRXyhNmXSO5h
W51qt5oWMIVgJ1uoUIZH+UG7ojccJZJ6kh42zGZtL+G+BmPU2f2OTx4q/PBcwQrl
3LLYh4zZuHyuNa40QXU4zf7h7eDQcQe6sPrrJ4s6v4g3K01xz0Y=
-----END CERTIFICATE-----