Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145010.roa
File:                     AS145010.roa (raw, json)
Hash identifier:          ftDtO/NlyWaqZCvzRdm1UB2IVGolli2Qsi1GNUZ04Vk=
Subject key identifier:   2D:3F:6F:07:5D:63:84:AC:80:AB:4C:CE:86:20:0F:D4:93:FA:7D:19
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       4092C7D6BB5DD241463B3DE9BD161EB810F8E9DE
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145010.roa
Signing time:             Wed 04 Mar 2026 06:21:42 +0000
ROA not before:           Wed 04 Mar 2026 06:16:42 +0000
ROA not after:            Wed 03 Mar 2027 06:21:42 +0000
asID:                     145010
IP address blocks:        240a:a938::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:92:c7:d6:bb:5d:d2:41:46:3b:3d:e9:bd:16:1e:b8:10:f8:e9:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:16:42 2026 GMT
            Not After : Mar  3 06:21:42 2027 GMT
        Subject: CN=2D3F6F075D6384AC80AB4CCE86200FD493FA7D19
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:76:63:15:22:ab:8b:2f:2f:d4:02:3f:db:56:
                    66:c4:e3:6e:67:bf:08:5b:c5:98:2c:f6:1d:27:37:
                    1c:9e:69:d9:47:2a:8f:1b:d1:86:61:f6:5b:88:3c:
                    98:51:54:cd:1a:ff:2c:02:51:b4:d4:d1:ef:87:d0:
                    63:25:e0:53:2d:95:ae:74:1d:9e:ec:e2:0f:e1:26:
                    68:d1:3d:71:b0:53:51:01:fe:1e:bb:95:e1:ef:1d:
                    2e:85:36:63:f8:dd:23:d5:ce:9b:ca:d1:a8:14:f9:
                    f9:33:4d:48:fd:39:d4:90:92:8f:ca:40:ab:90:51:
                    af:9a:aa:f9:2f:de:c7:7e:da:9d:fe:f4:af:93:cf:
                    51:80:a4:79:27:80:19:b7:08:b7:bf:14:3d:e3:a8:
                    d9:a4:60:e5:19:2c:95:74:6d:bd:cf:2a:1e:9d:a0:
                    de:bb:b5:ab:01:f9:8e:f2:c5:d7:f2:a1:9e:e6:bd:
                    25:ba:e1:ca:d2:c9:3d:17:42:52:36:31:09:f7:5a:
                    10:da:ae:e8:ea:6b:f7:4d:2e:6e:a3:03:a9:1b:d3:
                    66:5f:d8:b3:1d:ee:dd:e7:54:03:57:67:a8:aa:4b:
                    af:01:7b:28:3f:65:ba:8d:91:a4:42:b9:1d:6a:40:
                    9d:aa:1f:cc:c1:ee:c9:9f:d4:ce:aa:00:a5:8b:2d:
                    7c:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:3F:6F:07:5D:63:84:AC:80:AB:4C:CE:86:20:0F:D4:93:FA:7D:19
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145010.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a938::/32

    Signature Algorithm: sha256WithRSAEncryption
         a2:cd:4a:05:89:b2:dd:24:74:09:29:3f:c3:86:db:3d:10:e8:
         a5:df:41:b4:fa:d4:bd:60:c9:6e:56:7d:5e:e4:f4:c4:00:d3:
         46:c1:af:8e:72:f1:9f:2f:3f:82:47:ec:04:6a:2e:62:21:54:
         44:9d:af:f6:b2:e5:e5:20:09:6e:26:7b:8d:cf:ed:af:9d:1f:
         47:da:7d:84:72:a2:e9:3b:83:a4:9c:1c:5d:02:c3:19:db:f3:
         65:50:25:1e:96:ae:62:df:f2:f9:d0:a9:95:1e:11:d8:c6:b7:
         d6:f1:6a:63:b0:90:54:a3:94:22:cd:d0:a6:e9:fc:17:3f:37:
         a1:02:1a:93:d6:ba:49:92:b5:6d:ca:0e:a5:c6:a3:a3:63:f4:
         97:11:c4:66:6d:0f:f7:4f:17:06:6d:95:c3:3b:32:e7:d8:10:
         48:a8:4f:5d:db:e5:0a:8b:88:ab:d6:61:71:65:62:26:24:8b:
         73:d7:4b:02:cf:07:46:67:08:a0:37:b4:f9:a6:18:6a:0d:8a:
         44:2b:0e:18:e3:40:f7:98:5a:85:10:84:a9:5e:56:d1:fa:92:
         bf:2d:7d:8a:50:2a:97:8d:9b:60:2f:8c:1b:23:6a:90:e2:80:
         e1:30:26:15:ae:53:8b:8f:b9:c4:fa:6b:5c:19:57:ba:d4:dc:
         bf:7a:7e:a5
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUQJLH1rtd0kFGOz3pvRYeuBD46d4wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTY0MloX
DTI3MDMwMzA2MjE0MlowMzExMC8GA1UEAxMoMkQzRjZGMDc1RDYzODRBQzgwQUI0
Q0NFODYyMDBGRDQ5M0ZBN0QxOTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKp2YxUiq4svL9QCP9tWZsTjbme/CFvFmCz2HSc3HJ5p2UcqjxvRhmH2W4g8
mFFUzRr/LAJRtNTR74fQYyXgUy2VrnQdnuziD+EmaNE9cbBTUQH+HruV4e8dLoU2
Y/jdI9XOm8rRqBT5+TNNSP051JCSj8pAq5BRr5qq+S/ex37anf70r5PPUYCkeSeA
GbcIt78UPeOo2aRg5RkslXRtvc8qHp2g3ru1qwH5jvLF1/Khnua9JbrhytLJPRdC
UjYxCfdaENqu6Opr900ubqMDqRvTZl/Ysx3u3edUA1dnqKpLrwF7KD9luo2RpEK5
HWpAnaofzMHuyZ/UzqoApYstfLcCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQtP28H
XWOErICrTM6GIA/Uk/p9GTAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTAxMC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
qTgwDQYJKoZIhvcNAQELBQADggEBAKLNSgWJst0kdAkpP8OG2z0Q6KXfQbT61L1g
yW5WfV7k9MQA00bBr45y8Z8vP4JH7ARqLmIhVESdr/ay5eUgCW4me43P7a+dH0fa
fYRyouk7g6ScHF0Cwxnb82VQJR6WrmLf8vnQqZUeEdjGt9bxamOwkFSjlCLN0Kbp
/Bc/N6ECGpPWukmStW3KDqXGo6Nj9JcRxGZtD/dPFwZtlcM7MufYEEioT13b5QqL
iKvWYXFlYiYki3PXSwLPB0ZnCKA3tPmmGGoNikQrDhjjQPeYWoUQhKleVtH6kr8t
fYpQKpeNm2AvjBsjapDigOEwJhWuU4uPucT6a1wZV7rU3L96fqU=
-----END CERTIFICATE-----