Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145993.roa
File:                     AS145993.roa (raw, json)
Hash identifier:          QlWaZzFSm+yWqL5Z7a97dP1Ro7Al5UyrstT9qhrb1xI=
Subject key identifier:   64:7C:C0:81:13:D9:94:EE:45:96:0E:C0:71:6E:63:88:46:BC:2A:13
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       39E1C4DC9A0712EB419FDC405CA5AA56743232CD
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145993.roa
Signing time:             Wed 04 Mar 2026 06:29:53 +0000
ROA not before:           Wed 04 Mar 2026 06:24:53 +0000
ROA not after:            Wed 03 Mar 2027 06:29:53 +0000
asID:                     145993
IP address blocks:        240a:ad0f::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:e1:c4:dc:9a:07:12:eb:41:9f:dc:40:5c:a5:aa:56:74:32:32:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:24:53 2026 GMT
            Not After : Mar  3 06:29:53 2027 GMT
        Subject: CN=647CC08113D994EE45960EC0716E638846BC2A13
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:e2:c9:38:e7:58:5c:89:d8:a0:f2:9b:ef:55:
                    2e:01:25:47:eb:e6:8c:a2:48:20:6f:4a:84:97:a2:
                    7a:47:90:59:84:85:27:47:ab:49:71:e7:13:44:4a:
                    d3:f4:bf:8c:76:52:c2:d0:d3:ad:8e:12:cc:ce:43:
                    74:6c:38:2c:9d:92:82:e7:0f:2f:9a:a0:54:3f:89:
                    88:4b:a2:49:96:9b:c6:c7:0f:6b:99:3f:f0:f5:31:
                    ba:41:84:5f:ee:09:b8:50:23:0a:79:12:23:93:8d:
                    68:66:2c:95:a0:d8:58:07:9f:0e:e0:82:b8:43:11:
                    b9:38:c8:c7:4a:25:38:47:48:e8:c9:26:2a:c6:5c:
                    5e:de:82:e2:9d:09:73:64:fd:30:13:98:e3:8d:de:
                    c5:06:75:97:02:ad:70:f7:67:d0:2e:30:aa:63:b0:
                    cd:34:5a:c1:11:b1:cf:c8:71:8e:14:cb:cd:2f:f5:
                    2e:e6:f9:e4:b2:e6:d0:b6:c1:a8:94:8e:53:39:8e:
                    9a:42:47:2f:3d:ae:59:c4:7f:08:a5:08:e7:d3:c7:
                    4e:e5:10:07:ee:40:62:6c:81:cc:1f:8e:90:d4:d7:
                    a7:4e:0a:80:de:6f:01:ee:87:3a:a7:50:c2:a8:23:
                    b1:5d:91:74:86:c7:cb:08:93:c9:45:87:03:0f:7a:
                    ce:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:7C:C0:81:13:D9:94:EE:45:96:0E:C0:71:6E:63:88:46:BC:2A:13
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145993.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:ad0f::/32

    Signature Algorithm: sha256WithRSAEncryption
         18:59:c7:b2:fb:a5:c0:51:3b:a5:d8:03:c5:fe:d9:34:5f:1c:
         77:97:5c:fa:0f:dd:ce:0d:a6:fe:e6:9a:96:f1:b3:2d:b0:a0:
         56:b5:75:c5:28:01:3a:64:ba:c6:dc:4d:c7:99:e5:5a:c6:e8:
         d9:e8:c5:a0:5e:48:8d:45:a0:71:a0:6d:f3:43:eb:64:7c:19:
         3e:7b:9e:0c:2d:63:1f:40:ef:d5:4b:65:43:36:67:0c:ee:a5:
         f8:8d:57:ef:79:54:3d:5d:5f:1a:75:96:03:b9:ec:e1:b8:79:
         37:5c:f4:4f:a7:25:ae:63:46:01:28:8c:11:41:83:02:a8:f4:
         89:70:8e:e4:ca:ff:9d:1e:4e:8b:71:29:f8:05:4b:95:83:3e:
         7d:07:fb:df:b0:c7:f8:f7:94:56:45:8c:ae:77:64:a0:1c:15:
         29:fc:d4:51:d6:34:1f:e4:a7:41:4c:9b:00:47:79:fb:ea:74:
         10:82:2b:90:50:a7:43:66:5a:ca:a6:a5:dd:e3:88:7f:3b:ee:
         9f:83:bd:ab:95:ad:da:a4:b4:aa:dd:f3:17:76:f4:e3:3a:53:
         b5:9e:9a:52:a1:f6:c7:49:a1:41:58:1e:11:e2:10:e1:c5:23:
         d7:9b:39:6d:ec:d9:f2:07:e0:45:03:50:04:6f:bd:70:ef:46:
         ea:1a:23:49
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUOeHE3JoHEutBn9xAXKWqVnQyMs0wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MjQ1M1oX
DTI3MDMwMzA2Mjk1M1owMzExMC8GA1UEAxMoNjQ3Q0MwODExM0Q5OTRFRTQ1OTYw
RUMwNzE2RTYzODg0NkJDMkExMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOXiyTjnWFyJ2KDym+9VLgElR+vmjKJIIG9KhJeiekeQWYSFJ0erSXHnE0RK
0/S/jHZSwtDTrY4SzM5DdGw4LJ2SgucPL5qgVD+JiEuiSZabxscPa5k/8PUxukGE
X+4JuFAjCnkSI5ONaGYslaDYWAefDuCCuEMRuTjIx0olOEdI6MkmKsZcXt6C4p0J
c2T9MBOY443exQZ1lwKtcPdn0C4wqmOwzTRawRGxz8hxjhTLzS/1Lub55LLm0LbB
qJSOUzmOmkJHLz2uWcR/CKUI59PHTuUQB+5AYmyBzB+OkNTXp04KgN5vAe6HOqdQ
wqgjsV2RdIbHywiTyUWHAw96zsMCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBRkfMCB
E9mU7kWWDsBxbmOIRrwqEzAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTk5My5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
rQ8wDQYJKoZIhvcNAQELBQADggEBABhZx7L7pcBRO6XYA8X+2TRfHHeXXPoP3c4N
pv7mmpbxsy2woFa1dcUoATpkusbcTceZ5VrG6NnoxaBeSI1FoHGgbfND62R8GT57
ngwtYx9A79VLZUM2ZwzupfiNV+95VD1dXxp1lgO57OG4eTdc9E+nJa5jRgEojBFB
gwKo9IlwjuTK/50eTotxKfgFS5WDPn0H+9+wx/j3lFZFjK53ZKAcFSn81FHWNB/k
p0FMmwBHefvqdBCCK5BQp0NmWsqmpd3jiH877p+DvauVrdqktKrd8xd29OM6U7We
mlKh9sdJoUFYHhHiEOHFI9ebOW3s2fIH4EUDUARvvXDvRuoaI0k=
-----END CERTIFICATE-----