Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145017.roa
File:                     AS145017.roa (raw, json)
Hash identifier:          lGwj7TBok8Ca9xB259zQErXK4nUEw3lmz/LNnmGq43Q=
Subject key identifier:   E8:CD:5C:61:12:35:F1:1E:09:C5:D3:20:A9:53:5D:DF:61:AA:3E:3F
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       E948C50E2289699D065D4847F9166D8D777A5B
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145017.roa
Signing time:             Wed 04 Mar 2026 06:19:39 +0000
ROA not before:           Wed 04 Mar 2026 06:14:39 +0000
ROA not after:            Wed 03 Mar 2027 06:19:39 +0000
asID:                     145017
IP address blocks:        240a:a93f::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            e9:48:c5:0e:22:89:69:9d:06:5d:48:47:f9:16:6d:8d:77:7a:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:14:39 2026 GMT
            Not After : Mar  3 06:19:39 2027 GMT
        Subject: CN=E8CD5C611235F11E09C5D320A9535DDF61AA3E3F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:f7:10:6e:55:46:48:58:d2:39:ac:33:1b:17:
                    19:17:ee:57:ea:62:10:f4:fe:c6:a5:30:b8:3a:ba:
                    2f:b1:4b:11:9c:78:2f:af:9b:cf:f7:75:35:d4:e0:
                    ea:60:cd:bd:bc:c1:8d:c7:3d:55:77:1d:d9:60:7c:
                    99:10:0c:fa:20:e2:c5:e8:6d:87:55:b2:5e:06:c9:
                    4b:d7:a7:f8:f3:3a:7f:bb:fb:dd:68:03:1c:f3:1e:
                    34:39:10:e9:7f:24:8b:9f:93:99:c6:bb:9a:90:9b:
                    8c:a4:a7:21:ae:92:a5:62:3b:f2:f6:9e:c0:a8:05:
                    bf:b5:28:09:19:8c:92:a4:42:d8:34:ab:d0:e2:10:
                    f7:79:be:12:41:e5:b4:92:d0:81:b9:cd:e3:f4:21:
                    8a:ad:3d:3a:17:0f:49:50:26:43:d7:b7:46:01:bf:
                    11:86:42:1b:c2:58:4d:b1:31:40:06:5a:36:2e:98:
                    19:a0:c7:72:be:69:be:77:c9:91:8c:57:56:c6:24:
                    f3:be:87:cb:40:9d:2d:95:5d:2b:70:0b:8f:54:44:
                    1e:d1:e8:73:ef:d3:1e:45:97:d3:df:41:22:7e:d3:
                    ed:72:ac:7b:76:47:ee:1f:9d:4e:70:78:d2:6f:e2:
                    d2:2c:2f:c4:88:98:73:7c:2c:8d:77:49:ee:13:68:
                    97:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:CD:5C:61:12:35:F1:1E:09:C5:D3:20:A9:53:5D:DF:61:AA:3E:3F
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145017.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a93f::/32

    Signature Algorithm: sha256WithRSAEncryption
         7d:92:64:f3:37:cb:94:2b:48:a7:69:13:b3:10:47:a2:14:9b:
         92:91:7a:8c:f9:e0:0b:8c:30:b4:c3:5e:74:1e:02:29:dd:26:
         10:a9:51:1b:fe:81:d7:12:78:20:a0:87:8b:40:4f:59:bc:87:
         e6:46:9a:df:fc:9a:52:22:db:29:31:cf:1a:4e:79:9f:a0:1a:
         22:8a:db:33:62:d0:45:32:04:9d:7e:b9:6a:11:b7:8b:d3:95:
         a4:62:9a:7f:bf:c5:86:25:b4:f6:11:34:95:a0:37:5c:eb:ff:
         97:c3:34:9e:72:1e:2e:89:87:c2:e9:eb:97:ec:48:42:ca:e8:
         12:46:ff:a6:2e:7b:3d:50:51:52:96:69:95:4f:18:f9:2b:c5:
         04:90:b4:87:07:b4:a4:07:0d:d5:c6:07:6d:74:9a:a3:15:6e:
         d1:a0:a5:66:fc:8a:eb:19:37:1b:ff:53:7b:55:d4:03:75:92:
         f5:63:e6:e4:a5:16:f9:0d:a0:03:8c:39:3c:c0:f9:0c:c0:74:
         84:cd:94:ce:2d:12:50:78:a2:63:2b:b6:08:9d:31:b9:08:44:
         ba:44:4f:25:36:83:6b:e3:28:63:76:eb:e5:0b:3b:44:de:9c:
         a8:b3:80:ba:38:56:af:e1:8d:a8:c4:32:96:76:02:f6:e1:e1:
         2b:7a:30:86
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUAOlIxQ4iiWmdBl1IR/kWbY13elswDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTQzOVoX
DTI3MDMwMzA2MTkzOVowMzExMC8GA1UEAxMoRThDRDVDNjExMjM1RjExRTA5QzVE
MzIwQTk1MzVEREY2MUFBM0UzRjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMf3EG5VRkhY0jmsMxsXGRfuV+piEPT+xqUwuDq6L7FLEZx4L6+bz/d1NdTg
6mDNvbzBjcc9VXcd2WB8mRAM+iDixehth1WyXgbJS9en+PM6f7v73WgDHPMeNDkQ
6X8ki5+Tmca7mpCbjKSnIa6SpWI78vaewKgFv7UoCRmMkqRC2DSr0OIQ93m+EkHl
tJLQgbnN4/Qhiq09OhcPSVAmQ9e3RgG/EYZCG8JYTbExQAZaNi6YGaDHcr5pvnfJ
kYxXVsYk876Hy0CdLZVdK3ALj1REHtHoc+/THkWX099BIn7T7XKse3ZH7h+dTnB4
0m/i0iwvxIiYc3wsjXdJ7hNol9MCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBTozVxh
EjXxHgnF0yCpU13fYao+PzAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTAxNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
qT8wDQYJKoZIhvcNAQELBQADggEBAH2SZPM3y5QrSKdpE7MQR6IUm5KReoz54AuM
MLTDXnQeAindJhCpURv+gdcSeCCgh4tAT1m8h+ZGmt/8mlIi2ykxzxpOeZ+gGiKK
2zNi0EUyBJ1+uWoRt4vTlaRimn+/xYYltPYRNJWgN1zr/5fDNJ5yHi6Jh8Lp65fs
SELK6BJG/6Yuez1QUVKWaZVPGPkrxQSQtIcHtKQHDdXGB210mqMVbtGgpWb8iusZ
Nxv/U3tV1AN1kvVj5uSlFvkNoAOMOTzA+QzAdITNlM4tElB4omMrtgidMbkIRLpE
TyU2g2vjKGN26+ULO0TenKizgLo4Vq/hjajEMpZ2Avbh4St6MIY=
-----END CERTIFICATE-----