Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145038.roa
File:                     AS145038.roa (raw, json)
Hash identifier:          gJlpUXZ2pt7Tj48uIic6qUr1KuADCzqYYoqTTrkthmM=
Subject key identifier:   51:40:7D:F4:94:D5:E7:A2:D4:F6:68:0E:E2:BF:3E:DB:98:BC:2E:2B
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       19D63BAC80BAD0A63441E994B5F118767B40EFC6
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145038.roa
Signing time:             Wed 04 Mar 2026 06:21:07 +0000
ROA not before:           Wed 04 Mar 2026 06:16:07 +0000
ROA not after:            Wed 03 Mar 2027 06:21:07 +0000
asID:                     145038
IP address blocks:        240a:a954::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            19:d6:3b:ac:80:ba:d0:a6:34:41:e9:94:b5:f1:18:76:7b:40:ef:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:16:07 2026 GMT
            Not After : Mar  3 06:21:07 2027 GMT
        Subject: CN=51407DF494D5E7A2D4F6680EE2BF3EDB98BC2E2B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:be:1b:4a:8e:5e:d4:21:17:e6:43:d8:23:30:
                    0e:a5:05:e4:2d:1e:40:ee:ac:69:d5:98:c4:ea:e3:
                    d2:4a:0f:67:14:85:bf:e3:9a:e4:c6:f2:a9:2b:1f:
                    23:a0:70:2c:96:4e:cd:ec:7f:ca:3f:9c:01:7c:b8:
                    e1:7c:7c:33:da:78:36:4f:41:38:ff:54:8b:89:9b:
                    7f:70:6a:a9:37:8d:a0:cb:29:8a:f6:ee:bc:58:89:
                    37:82:f8:1e:aa:c2:f1:72:89:e6:5a:9d:55:9f:1b:
                    2d:31:c7:a0:e1:ec:95:e3:d6:39:19:09:01:57:0e:
                    aa:27:39:2f:2e:34:53:68:a1:df:b6:b4:75:4a:c0:
                    07:88:61:03:94:f6:39:62:af:ce:3e:f4:c6:bd:30:
                    ca:67:f3:c0:49:44:2c:5e:7e:3d:66:cb:00:84:69:
                    f6:3e:9a:5f:3a:3d:30:e6:38:26:53:d4:47:3f:34:
                    b5:20:cd:86:d6:a8:f3:9f:d5:ee:c8:1f:40:83:f9:
                    db:01:d5:ba:d7:2e:d4:97:45:32:93:a2:62:81:94:
                    7d:92:72:ea:fd:38:41:d2:e0:ee:18:5a:28:91:58:
                    0b:24:60:cf:fd:51:f5:a7:f0:9f:81:2a:80:0a:19:
                    60:76:9f:89:14:75:95:52:1f:c3:2f:6e:38:d9:cf:
                    73:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:40:7D:F4:94:D5:E7:A2:D4:F6:68:0E:E2:BF:3E:DB:98:BC:2E:2B
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145038.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a954::/32

    Signature Algorithm: sha256WithRSAEncryption
         af:3b:47:dc:3e:c0:42:27:eb:10:e8:68:9d:48:b1:ca:e7:c5:
         be:d5:e0:66:df:cc:d3:33:ae:f2:60:6e:be:d1:be:ed:5b:84:
         a3:ad:1c:83:a6:62:15:ed:de:ce:bd:20:0d:f2:63:c2:66:08:
         b4:d4:26:12:76:e1:f4:cd:68:6e:ff:f9:de:b8:18:50:f1:6b:
         0e:88:d5:8a:93:0a:05:19:06:ae:d8:6e:07:c2:26:2d:b2:43:
         27:67:67:b4:2a:e9:4f:b1:c1:38:26:8a:87:e4:52:d3:f4:96:
         02:1e:c8:6b:ae:ed:b6:73:a8:e4:a5:9c:2c:87:9c:8d:ad:a6:
         1a:77:ce:27:4e:a1:3d:59:5f:e3:76:56:e5:d8:f1:ee:f3:63:
         24:26:48:26:cc:74:0f:11:91:12:1f:b0:3b:c0:ae:50:ab:52:
         16:0a:7f:9f:08:2e:43:85:ec:ce:67:7e:41:a5:d0:42:34:3f:
         9d:4f:e4:5c:e9:63:ef:62:a4:97:14:a1:5f:e3:06:ae:aa:1e:
         d5:97:1e:75:8d:f4:80:a2:98:15:09:84:cc:76:06:75:f4:09:
         44:c9:2b:d9:73:4e:53:88:b6:04:a1:37:fe:04:45:7d:4b:ee:
         91:8d:64:ce:15:9d:33:a0:f8:84:54:e5:24:9a:ba:34:cb:35:
         26:ef:97:5e
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUGdY7rIC60KY0QemUtfEYdntA78YwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTYwN1oX
DTI3MDMwMzA2MjEwN1owMzExMC8GA1UEAxMoNTE0MDdERjQ5NEQ1RTdBMkQ0RjY2
ODBFRTJCRjNFREI5OEJDMkUyQjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANW+G0qOXtQhF+ZD2CMwDqUF5C0eQO6sadWYxOrj0koPZxSFv+Oa5MbyqSsf
I6BwLJZOzex/yj+cAXy44Xx8M9p4Nk9BOP9Ui4mbf3BqqTeNoMspivbuvFiJN4L4
HqrC8XKJ5lqdVZ8bLTHHoOHslePWORkJAVcOqic5Ly40U2ih37a0dUrAB4hhA5T2
OWKvzj70xr0wymfzwElELF5+PWbLAIRp9j6aXzo9MOY4JlPURz80tSDNhtao85/V
7sgfQIP52wHVutcu1JdFMpOiYoGUfZJy6v04QdLg7hhaKJFYCyRgz/1R9afwn4Eq
gAoZYHafiRR1lVIfwy9uONnPcxkCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBRRQH30
lNXnotT2aA7ivz7bmLwuKzAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTAzOC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
qVQwDQYJKoZIhvcNAQELBQADggEBAK87R9w+wEIn6xDoaJ1Iscrnxb7V4GbfzNMz
rvJgbr7Rvu1bhKOtHIOmYhXt3s69IA3yY8JmCLTUJhJ24fTNaG7/+d64GFDxaw6I
1YqTCgUZBq7YbgfCJi2yQydnZ7Qq6U+xwTgmiofkUtP0lgIeyGuu7bZzqOSlnCyH
nI2tphp3zidOoT1ZX+N2VuXY8e7zYyQmSCbMdA8RkRIfsDvArlCrUhYKf58ILkOF
7M5nfkGl0EI0P51P5FzpY+9ipJcUoV/jBq6qHtWXHnWN9ICimBUJhMx2BnX0CUTJ
K9lzTlOItgShN/4ERX1L7pGNZM4VnTOg+IRU5SSaujTLNSbvl14=
-----END CERTIFICATE-----