Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145866.roa
File:                     AS145866.roa (raw, json)
Hash identifier:          Vzj3zoQU6FCyNKrR/p+TVkGheRo8wsGwRlXere10ovM=
Subject key identifier:   06:44:E8:0C:00:DC:C6:C9:75:99:C6:19:84:23:98:9C:13:A7:DE:92
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       7167F7BE53CA812029D7C4558576EAA44C42BC07
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145866.roa
Signing time:             Wed 04 Mar 2026 06:30:32 +0000
ROA not before:           Wed 04 Mar 2026 06:25:32 +0000
ROA not after:            Wed 03 Mar 2027 06:30:32 +0000
asID:                     145866
IP address blocks:        240a:ac90::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            71:67:f7:be:53:ca:81:20:29:d7:c4:55:85:76:ea:a4:4c:42:bc:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:25:32 2026 GMT
            Not After : Mar  3 06:30:32 2027 GMT
        Subject: CN=0644E80C00DCC6C97599C6198423989C13A7DE92
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:7c:ad:01:00:40:3d:6d:81:08:f5:f5:b0:e3:
                    e2:4b:2d:2e:a6:0b:7c:51:d0:35:d3:45:83:7c:da:
                    a4:c1:ed:c7:5e:ff:cd:91:2e:99:cf:b7:62:9c:7c:
                    6d:03:31:5d:48:0d:4d:63:b9:35:0c:9b:01:b3:b6:
                    e5:59:d3:08:6e:c1:93:8d:25:30:63:5f:78:1a:99:
                    cf:23:0a:37:17:46:ad:53:4d:a8:c2:46:9e:a4:ee:
                    04:4f:7a:3c:94:b8:1f:68:30:4e:a6:13:70:19:97:
                    8f:8f:f8:b9:20:7c:b1:cf:eb:0a:a8:21:3a:9f:fe:
                    33:4a:0f:8d:3a:a7:17:7f:3e:3b:c5:12:a6:72:37:
                    a3:1e:14:00:4f:38:dd:96:fa:48:40:64:61:06:8d:
                    38:55:f8:90:ed:c4:2b:c8:1e:b4:92:48:d9:cd:0b:
                    f1:27:74:c1:f2:a5:8b:7e:31:aa:7c:16:6c:8c:7c:
                    90:60:ab:bc:cd:13:dd:71:fe:a2:df:b2:e5:ee:44:
                    1a:57:7d:06:f5:4d:c2:97:28:57:d2:87:f3:32:c0:
                    b8:8d:35:7e:59:9e:56:c7:f0:e7:96:1c:c5:30:07:
                    0a:61:ab:89:9f:42:38:b6:60:59:eb:96:a1:97:38:
                    25:62:4c:d8:9f:3b:84:ce:b6:86:dd:3d:c3:b0:75:
                    26:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:44:E8:0C:00:DC:C6:C9:75:99:C6:19:84:23:98:9C:13:A7:DE:92
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145866.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:ac90::/32

    Signature Algorithm: sha256WithRSAEncryption
         d3:0e:d8:d5:dd:b8:3b:84:c5:85:ac:7b:4d:e6:87:fa:50:70:
         6f:f0:4c:77:b2:a1:90:9e:68:e9:e4:38:82:bd:4f:ed:aa:3f:
         c1:2e:6a:ca:15:45:21:18:5c:70:c9:6e:c3:13:bd:07:de:ad:
         53:07:ae:bd:af:e4:3e:36:b2:f5:f7:7f:b8:ab:d7:8d:ee:1b:
         5c:69:12:79:d6:b8:9c:24:ed:1f:61:68:84:c9:a8:fa:e2:32:
         da:24:7a:38:70:88:e4:2c:01:8c:52:ca:41:fc:d8:5c:01:2f:
         b3:80:5a:1d:1a:09:ed:f6:78:e3:10:74:19:61:2f:f7:8e:9a:
         fa:39:8a:97:2c:ab:e6:48:a4:d4:2c:28:dd:b4:ea:8f:7f:2e:
         d3:78:24:81:67:4d:f8:1b:b2:1d:96:a8:33:47:93:09:4f:ad:
         1e:1f:07:ba:00:94:13:5a:00:a5:35:61:13:e7:65:a9:3e:a9:
         a5:86:ee:4e:66:c7:ce:83:7f:16:39:d3:a7:46:30:f8:87:c5:
         99:80:9a:5d:ec:a5:67:64:49:74:38:ec:d3:ed:10:f8:e1:d8:
         8d:ba:3b:69:09:09:bc:33:2c:46:ef:35:a6:40:d2:0e:46:c1:
         b8:c4:c9:b6:51:c1:aa:92:a4:38:60:0c:c2:81:38:24:a3:52:
         d0:db:bf:6c
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUcWf3vlPKgSAp18RVhXbqpExCvAcwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MjUzMloX
DTI3MDMwMzA2MzAzMlowMzExMC8GA1UEAxMoMDY0NEU4MEMwMERDQzZDOTc1OTlD
NjE5ODQyMzk4OUMxM0E3REU5MjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMV8rQEAQD1tgQj19bDj4kstLqYLfFHQNdNFg3zapMHtx17/zZEumc+3Ypx8
bQMxXUgNTWO5NQybAbO25VnTCG7Bk40lMGNfeBqZzyMKNxdGrVNNqMJGnqTuBE96
PJS4H2gwTqYTcBmXj4/4uSB8sc/rCqghOp/+M0oPjTqnF38+O8USpnI3ox4UAE84
3Zb6SEBkYQaNOFX4kO3EK8getJJI2c0L8Sd0wfKli34xqnwWbIx8kGCrvM0T3XH+
ot+y5e5EGld9BvVNwpcoV9KH8zLAuI01flmeVsfw55YcxTAHCmGriZ9COLZgWeuW
oZc4JWJM2J87hM62ht09w7B1JjsCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQGROgM
ANzGyXWZxhmEI5icE6fekjAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTg2Ni5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
rJAwDQYJKoZIhvcNAQELBQADggEBANMO2NXduDuExYWse03mh/pQcG/wTHeyoZCe
aOnkOIK9T+2qP8EuasoVRSEYXHDJbsMTvQferVMHrr2v5D42svX3f7ir143uG1xp
EnnWuJwk7R9haITJqPriMtokejhwiOQsAYxSykH82FwBL7OAWh0aCe32eOMQdBlh
L/eOmvo5ipcsq+ZIpNQsKN206o9/LtN4JIFnTfgbsh2WqDNHkwlPrR4fB7oAlBNa
AKU1YRPnZak+qaWG7k5mx86DfxY506dGMPiHxZmAml3spWdkSXQ47NPtEPjh2I26
O2kJCbwzLEbvNaZA0g5GwbjEybZRwaqSpDhgDMKBOCSjUtDbv2w=
-----END CERTIFICATE-----