Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145886.roa
File:                     AS145886.roa (raw, json)
Hash identifier:          6ax3BebcxlPpZuL21/OExay/pTOn/B/U0Jez5JMlLRw=
Subject key identifier:   0D:FD:66:AA:C4:9E:16:F9:69:03:60:A1:75:15:58:8C:6B:55:B3:86
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       1D4D100864AEF93A6B3AA1661E19D4062ED64281
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145886.roa
Signing time:             Wed 04 Mar 2026 06:30:04 +0000
ROA not before:           Wed 04 Mar 2026 06:25:04 +0000
ROA not after:            Wed 03 Mar 2027 06:30:04 +0000
asID:                     145886
IP address blocks:        240a:aca4::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:4d:10:08:64:ae:f9:3a:6b:3a:a1:66:1e:19:d4:06:2e:d6:42:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:25:04 2026 GMT
            Not After : Mar  3 06:30:04 2027 GMT
        Subject: CN=0DFD66AAC49E16F9690360A17515588C6B55B386
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:06:5c:ca:67:1f:a6:a3:c8:df:c8:bc:51:37:
                    ec:41:14:6c:f9:50:fa:e3:fb:79:db:80:9a:7e:7a:
                    9b:11:f1:89:ad:cc:93:0a:8a:a6:82:25:02:d6:f6:
                    e4:08:91:9b:c1:51:fb:5e:33:5a:ea:65:75:35:54:
                    a4:e7:49:74:82:00:61:64:d0:49:0e:08:11:82:cf:
                    24:29:00:2f:bd:2d:c8:3b:cb:01:7a:b4:5b:78:6a:
                    87:ae:26:c6:c3:04:54:c5:f9:8e:18:b4:1b:59:b0:
                    36:50:a3:64:15:3f:38:20:e6:d1:78:e9:0b:8f:69:
                    07:93:cb:03:d8:0b:f7:cc:0c:e9:19:5a:94:8a:8a:
                    21:d8:45:d1:9d:2d:c7:79:44:c8:ee:27:78:03:d0:
                    e3:55:8a:b8:53:cc:dc:d6:d1:aa:6e:a5:2a:75:45:
                    91:39:fb:74:64:9d:18:b1:6a:71:77:4b:ef:69:4b:
                    46:c3:6d:00:f3:3e:5d:9b:f0:71:87:41:6c:25:8e:
                    fb:b0:43:7d:1b:06:12:09:4c:c1:04:ed:59:5d:33:
                    06:79:72:04:bb:a9:89:68:f0:bd:19:c6:ac:9f:97:
                    4c:21:02:2e:f2:8d:15:f7:d0:cc:18:3d:d7:86:1e:
                    f7:28:40:0e:0c:83:eb:a9:f0:d5:08:bb:a9:40:bb:
                    9d:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:FD:66:AA:C4:9E:16:F9:69:03:60:A1:75:15:58:8C:6B:55:B3:86
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145886.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:aca4::/32

    Signature Algorithm: sha256WithRSAEncryption
         6b:2e:d2:08:96:db:ae:d6:c8:a2:e5:24:a6:ae:ad:ec:62:b0:
         5f:ff:6e:45:35:0a:93:72:50:cf:a7:c7:0d:1f:12:75:b6:60:
         34:6b:c5:09:09:ec:c6:de:cc:c9:a5:53:4d:f7:e2:a7:58:5b:
         f1:fd:15:7f:79:a8:6d:51:cc:1b:cb:9c:3f:85:95:d3:39:58:
         c5:87:75:42:55:66:2d:cb:4e:6a:09:fe:c6:74:b8:44:02:33:
         4c:5b:b7:8f:9f:19:7f:1c:b4:3b:81:e6:ea:73:b5:ca:79:e2:
         7d:5a:9d:5b:17:b2:d7:c0:2e:c7:84:d7:c5:7c:2d:f8:ae:c5:
         b5:73:48:14:74:fc:13:f9:3e:15:e8:0c:31:03:48:b3:c4:64:
         bb:f5:c1:b0:f3:bb:ea:53:f0:aa:21:df:be:f3:ea:eb:b0:1d:
         37:bd:42:51:9b:97:01:9e:a4:da:90:1e:4c:85:77:5a:82:ca:
         b1:ba:b9:3b:c1:9e:eb:f5:c1:29:33:b7:16:20:de:1a:2b:d1:
         e6:70:98:79:b8:29:d7:c3:c1:ea:00:fd:bd:9d:93:31:7b:1e:
         ec:77:5e:53:6b:e7:70:12:37:e9:aa:df:a9:04:6f:47:3b:a0:
         ce:fa:80:76:df:74:54:b1:b0:71:5e:08:08:df:f3:4a:d8:2f:
         37:ac:62:77
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUHU0QCGSu+TprOqFmHhnUBi7WQoEwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MjUwNFoX
DTI3MDMwMzA2MzAwNFowMzExMC8GA1UEAxMoMERGRDY2QUFDNDlFMTZGOTY5MDM2
MEExNzUxNTU4OEM2QjU1QjM4NjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOMGXMpnH6ajyN/IvFE37EEUbPlQ+uP7eduAmn56mxHxia3MkwqKpoIlAtb2
5AiRm8FR+14zWupldTVUpOdJdIIAYWTQSQ4IEYLPJCkAL70tyDvLAXq0W3hqh64m
xsMEVMX5jhi0G1mwNlCjZBU/OCDm0XjpC49pB5PLA9gL98wM6RlalIqKIdhF0Z0t
x3lEyO4neAPQ41WKuFPM3NbRqm6lKnVFkTn7dGSdGLFqcXdL72lLRsNtAPM+XZvw
cYdBbCWO+7BDfRsGEglMwQTtWV0zBnlyBLupiWjwvRnGrJ+XTCECLvKNFffQzBg9
14Ye9yhADgyD66nw1Qi7qUC7ndUCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQN/Waq
xJ4W+WkDYKF1FViMa1WzhjAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTg4Ni5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
rKQwDQYJKoZIhvcNAQELBQADggEBAGsu0giW267WyKLlJKaurexisF//bkU1CpNy
UM+nxw0fEnW2YDRrxQkJ7MbezMmlU0334qdYW/H9FX95qG1RzBvLnD+FldM5WMWH
dUJVZi3LTmoJ/sZ0uEQCM0xbt4+fGX8ctDuB5upztcp54n1anVsXstfALseE18V8
LfiuxbVzSBR0/BP5PhXoDDEDSLPEZLv1wbDzu+pT8Koh377z6uuwHTe9QlGblwGe
pNqQHkyFd1qCyrG6uTvBnuv1wSkztxYg3hor0eZwmHm4KdfDweoA/b2dkzF7Hux3
XlNr53ASN+mq36kEb0c7oM76gHbfdFSxsHFeCAjf80rYLzesYnc=
-----END CERTIFICATE-----