Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145845.roa
File:                     AS145845.roa (raw, json)
Hash identifier:          zEzHozoM1/rUfrgFHQZOu51bpmO7/0N6NOhPgEWK7co=
Subject key identifier:   8F:9F:EC:6B:D7:AB:B6:79:71:1A:50:0F:57:B8:E1:E6:72:85:0F:BB
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       6BCD9AE9406EDAF811B77D8E3AF16CDD2FDF6A7F
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145845.roa
Signing time:             Wed 04 Mar 2026 06:29:34 +0000
ROA not before:           Wed 04 Mar 2026 06:24:34 +0000
ROA not after:            Wed 03 Mar 2027 06:29:34 +0000
asID:                     145845
IP address blocks:        240a:ac7b::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6b:cd:9a:e9:40:6e:da:f8:11:b7:7d:8e:3a:f1:6c:dd:2f:df:6a:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:24:34 2026 GMT
            Not After : Mar  3 06:29:34 2027 GMT
        Subject: CN=8F9FEC6BD7ABB679711A500F57B8E1E672850FBB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:81:eb:05:24:67:80:5d:90:5b:0d:95:d4:0d:
                    0f:6e:73:20:ff:7e:8b:9e:a3:f1:59:c0:f9:e0:b1:
                    86:59:bc:17:06:20:7a:d6:32:a4:f9:b6:92:8e:4c:
                    90:2d:6e:a8:60:76:98:eb:88:4d:a8:0a:d5:c3:f0:
                    8e:25:07:8f:fd:ba:98:91:dc:3d:d6:aa:b6:d0:2c:
                    55:bd:b5:22:40:21:64:1b:30:56:31:3b:a6:b0:29:
                    3d:2c:e0:24:6e:82:66:83:ea:c0:9d:66:72:58:c5:
                    58:94:e1:e1:40:a1:91:1d:14:87:84:d5:00:11:46:
                    56:d3:8c:30:e6:48:a9:c6:60:83:98:f0:a4:fc:e2:
                    8d:46:70:16:7d:16:06:4d:91:78:4c:4d:41:0f:3f:
                    5b:ab:08:6c:34:d6:92:fe:64:af:f9:33:bf:14:4e:
                    07:76:f2:54:89:91:b2:15:ed:0b:e7:e6:16:43:7d:
                    73:af:9f:66:88:15:cd:a5:42:da:c6:4a:77:ed:d1:
                    29:54:26:98:d8:98:82:23:88:ce:15:06:62:5f:3f:
                    31:84:9e:7c:6e:9d:cf:3e:42:28:4c:3a:37:44:ea:
                    55:33:82:79:47:34:c2:6b:fb:cc:e8:65:83:ac:3c:
                    f7:51:59:76:87:2e:f6:75:5f:a5:91:a9:8e:76:d7:
                    a3:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:9F:EC:6B:D7:AB:B6:79:71:1A:50:0F:57:B8:E1:E6:72:85:0F:BB
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145845.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:ac7b::/32

    Signature Algorithm: sha256WithRSAEncryption
         61:a7:1d:49:8f:d9:fe:39:d9:63:fe:82:15:37:1d:f0:84:04:
         f3:21:42:d0:7f:08:1f:36:8f:af:69:e6:2a:01:29:85:8e:05:
         c7:a3:00:97:74:2c:46:51:6d:53:a2:a9:2b:40:2b:04:da:23:
         dd:6f:d5:84:b3:c7:1e:00:b2:aa:e2:7f:ac:44:77:69:69:51:
         9f:82:eb:b5:fb:86:64:19:31:fe:1e:6b:04:ea:c3:c8:e0:63:
         5f:43:e4:9c:c5:a5:16:6c:73:6c:84:87:2d:2f:86:1b:6a:71:
         8a:33:a1:44:ce:4d:37:ca:4d:2d:ef:70:42:c6:79:78:db:c0:
         cb:05:ad:3a:10:d9:e2:26:02:c8:8b:16:fa:19:be:17:7a:3f:
         49:00:9a:39:a6:df:95:5d:3a:f2:44:1c:07:95:cc:08:b0:9c:
         8e:90:91:ca:ce:dc:3d:3a:ef:86:e3:4b:6d:ee:92:c5:be:3f:
         17:47:9e:87:26:cb:da:bb:b3:78:cc:cc:f7:1c:c6:d5:29:61:
         57:5f:8b:a9:dc:ca:48:95:9a:2f:23:ad:6a:6f:37:60:c8:9d:
         a2:5d:19:b7:a3:7a:0b:1b:dc:f5:37:cb:40:2e:1a:a4:74:9d:
         bb:da:cd:8e:32:d5:2e:5b:22:03:90:94:0a:a2:b7:13:07:2f:
         e0:08:f1:76
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUa82a6UBu2vgRt32OOvFs3S/fan8wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MjQzNFoX
DTI3MDMwMzA2MjkzNFowMzExMC8GA1UEAxMoOEY5RkVDNkJEN0FCQjY3OTcxMUE1
MDBGNTdCOEUxRTY3Mjg1MEZCQjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANuB6wUkZ4BdkFsNldQND25zIP9+i56j8VnA+eCxhlm8FwYgetYypPm2ko5M
kC1uqGB2mOuITagK1cPwjiUHj/26mJHcPdaqttAsVb21IkAhZBswVjE7prApPSzg
JG6CZoPqwJ1mcljFWJTh4UChkR0Uh4TVABFGVtOMMOZIqcZgg5jwpPzijUZwFn0W
Bk2ReExNQQ8/W6sIbDTWkv5kr/kzvxROB3byVImRshXtC+fmFkN9c6+fZogVzaVC
2sZKd+3RKVQmmNiYgiOIzhUGYl8/MYSefG6dzz5CKEw6N0TqVTOCeUc0wmv7zOhl
g6w891FZdocu9nVfpZGpjnbXo00CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBSPn+xr
16u2eXEaUA9XuOHmcoUPuzAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTg0NS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
rHswDQYJKoZIhvcNAQELBQADggEBAGGnHUmP2f452WP+ghU3HfCEBPMhQtB/CB82
j69p5ioBKYWOBcejAJd0LEZRbVOiqStAKwTaI91v1YSzxx4Asqrif6xEd2lpUZ+C
67X7hmQZMf4eawTqw8jgY19D5JzFpRZsc2yEhy0vhhtqcYozoUTOTTfKTS3vcELG
eXjbwMsFrToQ2eImAsiLFvoZvhd6P0kAmjmm35VdOvJEHAeVzAiwnI6QkcrO3D06
74bjS23uksW+PxdHnocmy9q7s3jMzPccxtUpYVdfi6ncykiVmi8jrWpvN2DInaJd
Gbejegsb3PU3y0AuGqR0nbvazY4y1S5bIgOQlAqitxMHL+AI8XY=
-----END CERTIFICATE-----