Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145031.roa
File:                     AS145031.roa (raw, json)
Hash identifier:          D/lag5ackCHeLbTXqLBcXpzKLEhWvyZOiC/gpOFZq4w=
Subject key identifier:   98:0D:E3:9F:15:52:73:1E:6D:E6:D2:BC:04:3D:99:AE:7B:C7:2A:11
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       5FFE772A4B696FEDADF01B98BE2C28817B2B2D2E
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145031.roa
Signing time:             Wed 04 Mar 2026 06:20:14 +0000
ROA not before:           Wed 04 Mar 2026 06:15:14 +0000
ROA not after:            Wed 03 Mar 2027 06:20:14 +0000
asID:                     145031
IP address blocks:        240a:a94d::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5f:fe:77:2a:4b:69:6f:ed:ad:f0:1b:98:be:2c:28:81:7b:2b:2d:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:15:14 2026 GMT
            Not After : Mar  3 06:20:14 2027 GMT
        Subject: CN=980DE39F1552731E6DE6D2BC043D99AE7BC72A11
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:bf:ed:4d:eb:5d:84:76:81:8a:4d:64:cc:7b:
                    dc:53:7e:97:19:cc:27:a9:a2:a0:37:3a:eb:c2:91:
                    df:74:a2:0f:28:f8:61:39:ce:ab:20:a9:3c:b8:1e:
                    86:0d:e4:e4:7a:a4:80:6f:1f:63:34:53:21:f4:0e:
                    62:62:a6:f5:a9:19:ee:e2:e5:71:c8:e5:21:64:c9:
                    bf:23:ff:b9:89:05:90:a9:c2:35:52:f9:6b:97:a8:
                    79:c4:87:e7:e0:de:c8:30:39:8e:e8:51:2e:97:fe:
                    20:b2:ae:db:11:01:55:ef:6c:c5:13:77:24:be:0b:
                    16:5f:b9:43:af:63:f6:21:1e:f5:e8:f8:75:8a:7e:
                    f9:ff:f2:ac:eb:06:c4:bc:d9:6c:78:64:0a:e4:9b:
                    c0:04:02:fe:f9:1b:f9:cc:ea:b6:96:b4:f2:32:3c:
                    db:01:e4:ec:ca:86:4b:6a:23:b5:a9:85:02:c3:db:
                    11:c8:06:fd:00:45:2f:30:f3:f5:28:06:1b:fd:3f:
                    82:d6:4f:44:06:89:39:9b:03:45:b4:0a:19:0c:45:
                    dc:5c:80:de:c7:41:d4:81:cc:75:65:12:c3:49:6d:
                    a1:fd:dc:9a:25:66:52:5b:be:9b:dd:a0:bf:ee:7d:
                    63:a5:50:5d:04:31:9b:2e:2f:cc:fc:5b:75:36:ee:
                    cb:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:0D:E3:9F:15:52:73:1E:6D:E6:D2:BC:04:3D:99:AE:7B:C7:2A:11
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145031.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a94d::/32

    Signature Algorithm: sha256WithRSAEncryption
         cc:eb:01:7e:b7:cc:48:b8:d5:6c:ca:e9:01:4a:fd:74:68:b1:
         d1:1b:db:fc:ff:3e:f0:b9:57:63:05:70:63:83:63:84:60:42:
         ff:5d:35:d2:f0:dd:db:ba:a7:6d:81:4a:2a:39:8f:6e:66:98:
         de:ff:03:70:f6:d6:9c:a3:d8:3c:01:24:a7:77:9c:dc:46:7a:
         3c:ae:3f:93:04:bd:96:e5:06:52:cc:11:de:14:6e:20:33:05:
         f1:64:ef:81:13:a5:bc:81:c4:31:86:80:a6:00:84:ff:7e:a4:
         78:ab:f9:55:5f:c8:d1:aa:39:36:0c:c2:fd:07:15:01:2b:1a:
         78:28:61:ce:36:57:6b:80:6e:7e:2f:b3:50:80:07:28:10:fa:
         e5:d0:66:3c:d0:76:4f:da:3c:91:8d:e4:20:30:56:dc:ac:77:
         2e:fd:9c:3c:76:e7:4b:01:5b:e8:df:a0:be:32:31:c4:cf:13:
         06:71:81:84:2c:19:ac:a8:db:56:5e:3e:d2:93:30:63:96:20:
         01:77:7b:fd:ec:b3:28:3b:fa:d4:a6:c9:3c:70:42:77:2b:e3:
         94:b0:65:d6:36:57:0a:be:2d:65:1d:54:14:da:a9:69:57:af:
         0e:d3:f4:89:1d:99:9e:f8:30:d9:a7:88:77:d2:b9:36:e2:ed:
         37:d7:3b:82
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUX/53Kktpb+2t8BuYviwogXsrLS4wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTUxNFoX
DTI3MDMwMzA2MjAxNFowMzExMC8GA1UEAxMoOTgwREUzOUYxNTUyNzMxRTZERTZE
MkJDMDQzRDk5QUU3QkM3MkExMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAM6/7U3rXYR2gYpNZMx73FN+lxnMJ6mioDc668KR33SiDyj4YTnOqyCpPLge
hg3k5HqkgG8fYzRTIfQOYmKm9akZ7uLlccjlIWTJvyP/uYkFkKnCNVL5a5eoecSH
5+DeyDA5juhRLpf+ILKu2xEBVe9sxRN3JL4LFl+5Q69j9iEe9ej4dYp++f/yrOsG
xLzZbHhkCuSbwAQC/vkb+czqtpa08jI82wHk7MqGS2ojtamFAsPbEcgG/QBFLzDz
9SgGG/0/gtZPRAaJOZsDRbQKGQxF3FyA3sdB1IHMdWUSw0ltof3cmiVmUlu+m92g
v+59Y6VQXQQxmy4vzPxbdTbuy1MCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBSYDeOf
FVJzHm3m0rwEPZmue8cqETAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTAzMS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
qU0wDQYJKoZIhvcNAQELBQADggEBAMzrAX63zEi41WzK6QFK/XRosdEb2/z/PvC5
V2MFcGODY4RgQv9dNdLw3du6p22BSio5j25mmN7/A3D21pyj2DwBJKd3nNxGejyu
P5MEvZblBlLMEd4UbiAzBfFk74ETpbyBxDGGgKYAhP9+pHir+VVfyNGqOTYMwv0H
FQErGngoYc42V2uAbn4vs1CABygQ+uXQZjzQdk/aPJGN5CAwVtysdy79nDx250sB
W+jfoL4yMcTPEwZxgYQsGayo21ZePtKTMGOWIAF3e/3ssyg7+tSmyTxwQncr45Sw
ZdY2Vwq+LWUdVBTaqWlXrw7T9IkdmZ74MNmniHfSuTbi7TfXO4I=
-----END CERTIFICATE-----