Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145853.roa
File:                     AS145853.roa (raw, json)
Hash identifier:          OGFWoOCefwMUDUQOfZu0Aft/+jwtDi9oM0KOqQ3x8gg=
Subject key identifier:   1F:40:13:8E:D5:A2:75:05:FA:FC:ED:7A:94:0A:B9:D1:95:D9:02:D3
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       6A7DB0BC84DB81BB14798895A2F8A928CE469C87
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145853.roa
Signing time:             Wed 04 Mar 2026 06:30:12 +0000
ROA not before:           Wed 04 Mar 2026 06:25:12 +0000
ROA not after:            Wed 03 Mar 2027 06:30:12 +0000
asID:                     145853
IP address blocks:        240a:ac83::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6a:7d:b0:bc:84:db:81:bb:14:79:88:95:a2:f8:a9:28:ce:46:9c:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:25:12 2026 GMT
            Not After : Mar  3 06:30:12 2027 GMT
        Subject: CN=1F40138ED5A27505FAFCED7A940AB9D195D902D3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:fc:69:f3:45:f5:ad:fd:bf:c3:75:17:48:c7:
                    93:e7:5a:57:24:73:9a:67:8c:dc:5d:7a:6d:bf:97:
                    ee:d4:51:13:c9:8b:78:55:ba:a9:7a:fa:a4:2a:d0:
                    75:56:f8:bf:83:50:35:3c:6d:aa:f7:38:31:b5:1f:
                    74:06:24:08:34:b3:f9:7a:9c:7c:d4:5c:a4:a5:48:
                    9a:ef:57:7d:6a:e2:de:14:10:4f:05:d8:db:55:85:
                    da:79:9d:02:77:da:77:ba:dd:25:65:a9:e7:d3:50:
                    4d:7f:5d:b8:a8:1b:3b:96:00:68:ff:51:5f:7a:c9:
                    3f:65:6f:17:7c:83:34:b7:c5:74:0c:5b:31:00:31:
                    03:13:5d:87:6a:4c:86:d9:47:a3:7f:d0:c0:ee:2d:
                    77:1c:6f:97:45:a3:41:a3:4b:ea:a4:4d:ea:c0:3c:
                    bc:db:fb:5c:48:1b:21:48:56:f9:d6:bd:db:01:4b:
                    4c:bb:4f:a4:4b:ef:7b:a3:61:92:d5:b8:cb:75:83:
                    dd:24:dc:f0:42:12:b1:2c:cd:62:f7:4b:f2:7d:3c:
                    c8:f6:71:2e:6f:22:b1:5a:c5:10:8e:7c:f7:1c:34:
                    74:ab:37:4b:d4:98:4d:e9:03:2e:ac:86:c1:0a:b4:
                    ea:95:ab:6e:1d:a7:b8:b0:27:71:80:0b:37:82:c4:
                    86:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:40:13:8E:D5:A2:75:05:FA:FC:ED:7A:94:0A:B9:D1:95:D9:02:D3
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145853.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:ac83::/32

    Signature Algorithm: sha256WithRSAEncryption
         34:76:05:c0:fe:9f:2d:41:ea:39:11:c0:57:5a:47:0c:67:5e:
         b9:99:41:68:80:be:2e:56:2c:21:22:e6:6f:57:92:4e:24:9c:
         b5:e0:38:32:c5:15:d2:33:ad:b1:8b:0c:40:f5:2d:ab:b6:4a:
         85:49:db:06:62:87:91:83:ee:44:c4:5a:b6:e7:e5:0c:a7:2a:
         f3:39:41:57:be:10:cd:28:63:ea:c0:b8:1a:15:db:42:c2:22:
         30:4e:ed:a3:b5:bf:19:ca:51:4b:ce:42:40:cf:7c:98:93:b7:
         02:56:3c:38:f5:8c:62:70:d3:f8:88:73:13:8b:75:4a:99:32:
         b4:e7:f1:92:1c:cd:ac:cc:51:a0:4e:9a:a6:f8:45:96:eb:ad:
         7d:5f:ec:3e:f4:a5:84:7f:08:34:e3:f1:73:9e:46:0f:70:aa:
         59:42:17:59:84:e4:04:11:fc:52:13:37:c0:f8:27:de:08:0f:
         fd:c2:30:d7:a9:f5:ec:85:cb:4f:a1:cd:c2:1b:1a:87:a6:9e:
         b8:8a:9f:7b:f9:a6:0a:b8:1a:01:a1:ce:32:b6:a3:bd:0c:45:
         9c:51:28:30:ae:67:46:51:9f:e6:67:df:f0:11:81:a7:fa:46:
         56:70:10:1f:4b:ce:0e:c2:ac:60:9d:56:5e:03:ae:06:9b:28:
         25:e4:54:f0
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUan2wvITbgbsUeYiVovipKM5GnIcwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MjUxMloX
DTI3MDMwMzA2MzAxMlowMzExMC8GA1UEAxMoMUY0MDEzOEVENUEyNzUwNUZBRkNF
RDdBOTQwQUI5RDE5NUQ5MDJEMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMT8afNF9a39v8N1F0jHk+daVyRzmmeM3F16bb+X7tRRE8mLeFW6qXr6pCrQ
dVb4v4NQNTxtqvc4MbUfdAYkCDSz+XqcfNRcpKVImu9XfWri3hQQTwXY21WF2nmd
Anfad7rdJWWp59NQTX9duKgbO5YAaP9RX3rJP2VvF3yDNLfFdAxbMQAxAxNdh2pM
htlHo3/QwO4tdxxvl0WjQaNL6qRN6sA8vNv7XEgbIUhW+da92wFLTLtPpEvve6Nh
ktW4y3WD3STc8EISsSzNYvdL8n08yPZxLm8isVrFEI589xw0dKs3S9SYTekDLqyG
wQq06pWrbh2nuLAncYALN4LEhlsCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQfQBOO
1aJ1Bfr87XqUCrnRldkC0zAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTg1My5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
rIMwDQYJKoZIhvcNAQELBQADggEBADR2BcD+ny1B6jkRwFdaRwxnXrmZQWiAvi5W
LCEi5m9Xkk4knLXgODLFFdIzrbGLDED1Lau2SoVJ2wZih5GD7kTEWrbn5QynKvM5
QVe+EM0oY+rAuBoV20LCIjBO7aO1vxnKUUvOQkDPfJiTtwJWPDj1jGJw0/iIcxOL
dUqZMrTn8ZIczazMUaBOmqb4RZbrrX1f7D70pYR/CDTj8XOeRg9wqllCF1mE5AQR
/FITN8D4J94ID/3CMNep9eyFy0+hzcIbGoemnriKn3v5pgq4GgGhzjK2o70MRZxR
KDCuZ0ZRn+Zn3/ARgaf6RlZwEB9Lzg7CrGCdVl4DrgabKCXkVPA=
-----END CERTIFICATE-----