Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145005.roa
File:                     AS145005.roa (raw, json)
Hash identifier:          SCJ26VzltHw4CZDohnczAJ4QPFjWIkSC7elHQx7lvic=
Subject key identifier:   71:FF:47:92:26:24:27:3C:E8:87:B8:17:77:BF:F9:12:FA:20:4D:8A
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       10ACC20CD6EEFC0F2F817929D9176FD7FAF79AD2
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145005.roa
Signing time:             Wed 04 Mar 2026 06:19:58 +0000
ROA not before:           Wed 04 Mar 2026 06:14:58 +0000
ROA not after:            Wed 03 Mar 2027 06:19:58 +0000
asID:                     145005
IP address blocks:        240a:a933::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:ac:c2:0c:d6:ee:fc:0f:2f:81:79:29:d9:17:6f:d7:fa:f7:9a:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:14:58 2026 GMT
            Not After : Mar  3 06:19:58 2027 GMT
        Subject: CN=71FF47922624273CE887B81777BFF912FA204D8A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:3e:e5:34:f4:27:c7:5e:43:55:9e:83:49:55:
                    47:28:c9:66:a3:32:6f:fe:d5:87:d0:41:5a:93:a3:
                    61:50:e7:af:d5:2a:19:2b:fc:46:29:5b:b9:19:8f:
                    cd:f0:6a:94:ac:95:64:ba:54:28:e4:a9:e6:0c:5f:
                    19:7a:da:0e:a4:9e:4e:46:23:c7:55:ad:31:86:73:
                    28:f3:99:e8:c4:d1:72:80:7e:63:51:22:2e:f0:f4:
                    0e:e0:61:6d:60:05:26:be:9c:ed:15:09:03:f0:42:
                    7d:c6:64:2c:e8:6f:9b:42:e5:28:f6:1d:3f:8a:3d:
                    93:ce:58:8f:a2:b1:e3:f3:77:67:a1:10:01:51:41:
                    e3:82:c9:13:ea:a2:58:b1:c6:60:26:76:0c:08:c2:
                    0a:32:34:d1:87:60:08:1c:d7:54:49:4b:24:a2:93:
                    69:15:49:b1:0e:d8:00:1d:13:f0:9c:ae:1f:d6:7d:
                    ee:62:aa:e2:cd:d6:ae:d3:2f:60:da:02:ec:21:66:
                    4a:cf:be:0d:c6:ed:01:98:39:1f:6d:ba:5a:ef:62:
                    97:0a:ba:09:49:8c:68:fb:0e:71:57:b3:48:9b:8a:
                    70:a3:37:cd:80:36:97:5a:9e:40:a6:d9:64:30:a2:
                    7d:05:00:83:c7:ab:5f:b3:99:c3:75:52:ad:a4:f8:
                    98:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:FF:47:92:26:24:27:3C:E8:87:B8:17:77:BF:F9:12:FA:20:4D:8A
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145005.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a933::/32

    Signature Algorithm: sha256WithRSAEncryption
         33:b0:80:cc:24:1c:95:6a:06:1a:1a:54:2e:a4:52:60:60:81:
         80:39:b6:e1:2e:f4:eb:26:eb:b2:52:db:0d:50:d9:ed:0e:ef:
         20:13:69:c2:bc:77:20:50:ed:4a:8e:ee:b0:cc:e2:82:e1:a6:
         df:f3:c8:74:99:bc:0a:89:35:7e:f1:6b:fd:3d:c7:01:c7:92:
         6b:c3:83:c0:bc:69:30:03:83:78:d7:08:5e:0d:e1:3d:08:7c:
         2b:aa:81:9e:a7:09:45:68:c0:f8:12:2d:e0:3d:5a:d6:aa:99:
         6a:8c:3b:76:eb:df:1e:98:db:a5:92:3c:9c:26:89:b9:13:73:
         a9:d3:ad:23:34:5a:4e:bd:77:43:32:c6:67:04:87:0f:36:ef:
         77:7a:57:54:26:d7:e9:bf:b9:9b:e0:5d:ef:4f:04:e9:73:c5:
         81:1d:b8:a4:3e:50:2b:05:25:49:d7:da:9d:c5:62:0e:70:eb:
         14:a4:d0:65:99:c6:46:10:1c:ea:d4:92:58:1f:d0:5e:f6:c8:
         20:fb:a3:0c:dd:a5:5d:a7:28:be:57:64:a6:a9:52:8a:f4:2b:
         38:68:e4:f8:a9:98:47:0c:ee:36:09:5e:2e:df:5c:e7:87:aa:
         d2:e4:96:5e:48:39:83:e4:b8:52:85:9d:ef:a4:57:99:2b:06:
         4b:00:6e:29
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUEKzCDNbu/A8vgXkp2Rdv1/r3mtIwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTQ1OFoX
DTI3MDMwMzA2MTk1OFowMzExMC8GA1UEAxMoNzFGRjQ3OTIyNjI0MjczQ0U4ODdC
ODE3NzdCRkY5MTJGQTIwNEQ4QTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOY+5TT0J8deQ1Weg0lVRyjJZqMyb/7Vh9BBWpOjYVDnr9UqGSv8RilbuRmP
zfBqlKyVZLpUKOSp5gxfGXraDqSeTkYjx1WtMYZzKPOZ6MTRcoB+Y1EiLvD0DuBh
bWAFJr6c7RUJA/BCfcZkLOhvm0LlKPYdP4o9k85Yj6Kx4/N3Z6EQAVFB44LJE+qi
WLHGYCZ2DAjCCjI00YdgCBzXVElLJKKTaRVJsQ7YAB0T8JyuH9Z97mKq4s3WrtMv
YNoC7CFmSs++DcbtAZg5H226Wu9ilwq6CUmMaPsOcVezSJuKcKM3zYA2l1qeQKbZ
ZDCifQUAg8erX7OZw3VSraT4mB8CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBRx/0eS
JiQnPOiHuBd3v/kS+iBNijAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTAwNS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
qTMwDQYJKoZIhvcNAQELBQADggEBADOwgMwkHJVqBhoaVC6kUmBggYA5tuEu9Osm
67JS2w1Q2e0O7yATacK8dyBQ7UqO7rDM4oLhpt/zyHSZvAqJNX7xa/09xwHHkmvD
g8C8aTADg3jXCF4N4T0IfCuqgZ6nCUVowPgSLeA9WtaqmWqMO3br3x6Y26WSPJwm
ibkTc6nTrSM0Wk69d0MyxmcEhw8273d6V1Qm1+m/uZvgXe9PBOlzxYEduKQ+UCsF
JUnX2p3FYg5w6xSk0GWZxkYQHOrUklgf0F72yCD7owzdpV2nKL5XZKapUor0Kzho
5PipmEcM7jYJXi7fXOeHqtLkll5IOYPkuFKFne+kV5krBksAbik=
-----END CERTIFICATE-----