Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145837.roa
File:                     AS145837.roa (raw, json)
Hash identifier:          i8YiIkrxyekqJ7D6vX4TKs3mhr3hFbfg9jeUVW2sTJ4=
Subject key identifier:   09:D0:05:F8:45:3C:87:71:EC:CB:93:40:C3:2C:B6:D7:96:86:51:36
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       4DF46F8057B06C9209EB63CB8356F52830ABD9EF
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145837.roa
Signing time:             Wed 04 Mar 2026 06:29:53 +0000
ROA not before:           Wed 04 Mar 2026 06:24:53 +0000
ROA not after:            Wed 03 Mar 2027 06:29:53 +0000
asID:                     145837
IP address blocks:        240a:ac73::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:f4:6f:80:57:b0:6c:92:09:eb:63:cb:83:56:f5:28:30:ab:d9:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:24:53 2026 GMT
            Not After : Mar  3 06:29:53 2027 GMT
        Subject: CN=09D005F8453C8771ECCB9340C32CB6D796865136
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:25:02:b7:6b:84:e2:a9:73:1e:4d:40:28:ad:
                    ca:70:f5:b1:bd:e0:56:69:de:d2:d6:39:c2:c9:51:
                    ba:6b:c2:59:7f:53:1f:2a:21:54:d3:80:a0:d6:91:
                    2f:23:ee:0b:ba:5b:3a:4e:bc:16:22:01:28:39:85:
                    59:11:2b:49:a1:e3:72:d9:3c:75:85:46:92:ca:2b:
                    5e:24:3c:97:73:2a:43:48:c8:7d:37:6f:78:7b:ed:
                    cd:2f:e0:b2:26:64:08:b3:cb:c9:6f:cb:4e:8a:85:
                    48:c6:8a:2c:62:1f:94:70:83:85:c2:54:3d:b9:50:
                    5c:05:c8:4a:2c:36:a8:a5:46:fa:28:d7:48:ce:ce:
                    4f:9c:5d:96:a6:71:af:8c:0d:72:80:6f:a3:10:48:
                    04:f6:cd:77:e5:d6:e2:c2:4e:e7:af:f9:1d:9f:06:
                    e6:51:60:4e:85:3e:56:b3:81:80:2b:43:88:ee:38:
                    56:6d:2d:1a:59:9c:dc:03:7e:be:ce:e3:12:ab:36:
                    ef:59:47:b0:79:29:08:9c:06:d6:0f:34:75:bd:2d:
                    0a:da:8d:38:f3:ee:51:8c:6e:65:84:09:6f:e6:2b:
                    de:68:77:52:7d:19:2a:30:ed:6b:69:f5:35:70:dd:
                    bd:45:97:7d:27:cb:aa:5b:52:e1:77:49:bb:d8:ef:
                    25:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:D0:05:F8:45:3C:87:71:EC:CB:93:40:C3:2C:B6:D7:96:86:51:36
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:ac73::/32

    Signature Algorithm: sha256WithRSAEncryption
         ab:d3:6b:2e:d9:2b:82:ae:f4:58:8d:21:c3:42:a3:d7:fe:c1:
         88:e3:d5:d6:bc:57:cc:f8:c9:9b:30:86:44:58:ae:c6:75:ff:
         9e:40:ce:47:45:ed:71:73:98:9d:3b:05:1b:e7:54:a8:0e:72:
         0f:56:ec:ea:30:a7:3f:2b:e1:39:24:b0:d6:09:c5:39:61:9d:
         95:61:22:eb:2c:1e:c0:eb:42:31:49:dc:1f:ff:bd:03:df:17:
         7f:9c:9d:fb:50:ef:7f:ef:53:7c:fb:4e:9c:13:69:36:ab:af:
         7d:fb:1e:f2:ae:31:30:31:db:a6:3e:bf:5a:f8:46:6f:f2:c4:
         88:25:5b:b5:78:d9:53:45:58:99:98:fe:1b:bb:11:d0:35:2d:
         91:0f:1e:29:51:d2:4a:93:4d:63:c2:d8:11:9c:ca:22:91:e8:
         5a:2b:2b:71:8f:ce:1a:08:99:0a:c4:f1:d7:dd:5a:9c:0b:c7:
         d6:5f:28:30:08:f9:5e:5f:7a:9d:7c:2d:39:fd:2a:69:b7:46:
         a4:63:b1:32:ba:f4:66:cc:33:c2:14:77:ab:57:68:a3:dc:6e:
         b9:65:13:43:54:5a:ca:43:c3:0d:2e:c4:57:8f:af:39:fe:b3:
         01:15:9b:df:54:2f:ac:59:c7:37:68:24:9f:87:5a:18:90:0e:
         29:ff:75:69
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUTfRvgFewbJIJ62PLg1b1KDCr2e8wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MjQ1M1oX
DTI3MDMwMzA2Mjk1M1owMzExMC8GA1UEAxMoMDlEMDA1Rjg0NTNDODc3MUVDQ0I5
MzQwQzMyQ0I2RDc5Njg2NTEzNjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANMlArdrhOKpcx5NQCitynD1sb3gVmne0tY5wslRumvCWX9THyohVNOAoNaR
LyPuC7pbOk68FiIBKDmFWRErSaHjctk8dYVGksorXiQ8l3MqQ0jIfTdveHvtzS/g
siZkCLPLyW/LToqFSMaKLGIflHCDhcJUPblQXAXISiw2qKVG+ijXSM7OT5xdlqZx
r4wNcoBvoxBIBPbNd+XW4sJO56/5HZ8G5lFgToU+VrOBgCtDiO44Vm0tGlmc3AN+
vs7jEqs271lHsHkpCJwG1g80db0tCtqNOPPuUYxuZYQJb+Yr3mh3Un0ZKjDta2n1
NXDdvUWXfSfLqltS4XdJu9jvJWECAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQJ0AX4
RTyHcezLk0DDLLbXloZRNjAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTgzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
rHMwDQYJKoZIhvcNAQELBQADggEBAKvTay7ZK4Ku9FiNIcNCo9f+wYjj1da8V8z4
yZswhkRYrsZ1/55AzkdF7XFzmJ07BRvnVKgOcg9W7Oowpz8r4TkksNYJxTlhnZVh
IussHsDrQjFJ3B//vQPfF3+cnftQ73/vU3z7TpwTaTarr337HvKuMTAx26Y+v1r4
Rm/yxIglW7V42VNFWJmY/hu7EdA1LZEPHilR0kqTTWPC2BGcyiKR6ForK3GPzhoI
mQrE8dfdWpwLx9ZfKDAI+V5fep18LTn9Kmm3RqRjsTK69GbMM8IUd6tXaKPcbrll
E0NUWspDww0uxFePrzn+swEVm99UL6xZxzdoJJ+HWhiQDin/dWk=
-----END CERTIFICATE-----