Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145040.roa
File:                     AS145040.roa (raw, json)
Hash identifier:          EFCLL7mzfHcbz5HhVmxVnOu43Filtr6euryYTpOt3m8=
Subject key identifier:   C3:11:04:A9:1D:17:AE:4E:F9:F5:F8:35:D2:32:19:2F:D6:86:3C:6C
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       593460165E26F77E70BF0511F3FF6CE7D8EB0BE3
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145040.roa
Signing time:             Wed 04 Mar 2026 06:20:20 +0000
ROA not before:           Wed 04 Mar 2026 06:15:20 +0000
ROA not after:            Wed 03 Mar 2027 06:20:20 +0000
asID:                     145040
IP address blocks:        240a:a956::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            59:34:60:16:5e:26:f7:7e:70:bf:05:11:f3:ff:6c:e7:d8:eb:0b:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:15:20 2026 GMT
            Not After : Mar  3 06:20:20 2027 GMT
        Subject: CN=C31104A91D17AE4EF9F5F835D232192FD6863C6C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:f1:86:4c:a9:de:77:30:5c:00:6f:d4:8a:57:
                    e6:06:a0:75:f4:39:cc:06:ee:62:45:2c:e0:28:c3:
                    d3:26:7a:65:e5:5b:05:66:07:a9:5d:cb:29:88:d7:
                    78:09:a1:52:77:4e:9c:bf:1b:26:f2:48:a1:7f:7e:
                    d0:cf:13:b4:15:1e:75:87:9c:df:83:4d:1f:1e:97:
                    b1:f6:3d:3a:f8:17:25:c3:4b:9d:e9:b4:f2:c3:15:
                    56:9d:e9:bb:cc:fc:59:a8:b7:2c:dd:f9:24:dc:8c:
                    32:51:97:88:c8:44:94:ec:01:dc:c9:bb:24:c2:17:
                    ca:35:7c:6c:a5:64:be:2d:e8:46:c6:0b:69:aa:5b:
                    67:24:95:20:13:e9:43:12:9a:ca:68:50:cd:77:ea:
                    83:fb:71:cd:57:c1:72:29:65:30:ed:64:e0:d7:c5:
                    ff:3b:eb:d7:5c:da:06:f8:ec:58:11:eb:df:0d:97:
                    7f:8a:3b:21:47:8d:17:49:c9:f9:ca:ea:b5:8c:85:
                    91:db:ae:a0:bb:99:5f:65:b8:3e:b3:25:3d:ba:bc:
                    20:06:47:70:28:68:05:2d:ec:35:5a:0b:5c:ba:91:
                    c6:88:54:92:27:d2:b0:7b:37:7a:75:85:04:6d:e2:
                    1f:86:29:77:2e:fd:3b:ba:b8:9b:1b:b7:ed:8a:e3:
                    18:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:11:04:A9:1D:17:AE:4E:F9:F5:F8:35:D2:32:19:2F:D6:86:3C:6C
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145040.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a956::/32

    Signature Algorithm: sha256WithRSAEncryption
         3a:8e:de:67:55:db:f1:6f:ef:83:18:9e:b3:28:d4:51:5d:3b:
         0c:d8:12:62:b7:1d:05:bb:69:e0:54:b6:e6:c1:cf:3e:20:0c:
         96:b3:e9:53:38:ca:1c:80:ac:fe:cf:16:33:1b:e3:71:b7:80:
         fc:29:85:20:7b:41:d4:7b:a9:7d:72:f6:71:c6:0b:48:2f:d0:
         8d:bd:a5:16:a7:a5:38:e7:b5:2f:13:91:00:ff:74:ee:58:20:
         9d:ef:a1:13:53:ce:d5:de:c7:8a:68:4a:69:2e:9a:6c:ad:3c:
         a4:f6:db:19:f1:04:e5:c6:c1:10:6b:61:a8:1e:bf:bd:03:58:
         a3:af:10:cb:20:ac:1d:c8:6c:a2:6f:5a:82:40:0e:46:92:06:
         23:2b:48:20:b2:14:ac:af:55:e0:3a:74:d0:3e:18:54:4d:dd:
         b8:f7:3c:7a:c5:c5:2e:3b:c3:ac:55:45:1d:b6:3c:3d:ca:d1:
         83:5b:19:6e:b0:d2:c7:59:e2:80:08:4a:16:bb:36:e0:f9:e7:
         db:a0:b3:1a:30:0a:8b:a9:52:42:4c:da:07:36:0b:8b:58:6a:
         98:78:d9:42:18:d6:8a:29:1b:09:55:53:85:2f:53:34:0e:c7:
         1a:a5:84:1f:bc:c6:fc:e6:41:d9:ed:c3:54:a5:86:00:9d:f0:
         31:11:d5:45
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUWTRgFl4m935wvwUR8/9s59jrC+MwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTUyMFoX
DTI3MDMwMzA2MjAyMFowMzExMC8GA1UEAxMoQzMxMTA0QTkxRDE3QUU0RUY5RjVG
ODM1RDIzMjE5MkZENjg2M0M2QzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKfxhkyp3ncwXABv1IpX5gagdfQ5zAbuYkUs4CjD0yZ6ZeVbBWYHqV3LKYjX
eAmhUndOnL8bJvJIoX9+0M8TtBUedYec34NNHx6XsfY9OvgXJcNLnem08sMVVp3p
u8z8Wai3LN35JNyMMlGXiMhElOwB3Mm7JMIXyjV8bKVkvi3oRsYLaapbZySVIBPp
QxKaymhQzXfqg/txzVfBcillMO1k4NfF/zvr11zaBvjsWBHr3w2Xf4o7IUeNF0nJ
+crqtYyFkduuoLuZX2W4PrMlPbq8IAZHcChoBS3sNVoLXLqRxohUkifSsHs3enWF
BG3iH4Ypdy79O7q4mxu37YrjGNsCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBTDEQSp
HReuTvn1+DXSMhkv1oY8bDAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTA0MC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
qVYwDQYJKoZIhvcNAQELBQADggEBADqO3mdV2/Fv74MYnrMo1FFdOwzYEmK3HQW7
aeBUtubBzz4gDJaz6VM4yhyArP7PFjMb43G3gPwphSB7QdR7qX1y9nHGC0gv0I29
pRanpTjntS8TkQD/dO5YIJ3voRNTztXex4poSmkummytPKT22xnxBOXGwRBrYage
v70DWKOvEMsgrB3IbKJvWoJADkaSBiMrSCCyFKyvVeA6dNA+GFRN3bj3PHrFxS47
w6xVRR22PD3K0YNbGW6w0sdZ4oAISha7NuD559ugsxowCoupUkJM2gc2C4tYaph4
2UIY1oopGwlVU4UvUzQOxxqlhB+8xvzmQdntw1SlhgCd8DER1UU=
-----END CERTIFICATE-----