Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145124.roa
File:                     AS145124.roa (raw, json)
Hash identifier:          YvpSlpmkJB3dBcUdEaVKbHTUixyZR8aSoE0dmGq85V0=
Subject key identifier:   EA:2B:9E:A6:00:D8:9D:4A:39:F9:96:AC:2F:EC:1A:F1:51:F1:85:F1
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       7A3B8D15368E86D81C284E137E6286E8D6033719
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145124.roa
Signing time:             Wed 04 Mar 2026 06:22:12 +0000
ROA not before:           Wed 04 Mar 2026 06:17:12 +0000
ROA not after:            Wed 03 Mar 2027 06:22:12 +0000
asID:                     145124
IP address blocks:        240a:a9aa::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7a:3b:8d:15:36:8e:86:d8:1c:28:4e:13:7e:62:86:e8:d6:03:37:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:17:12 2026 GMT
            Not After : Mar  3 06:22:12 2027 GMT
        Subject: CN=EA2B9EA600D89D4A39F996AC2FEC1AF151F185F1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:62:ab:42:54:6b:fe:44:58:13:c7:e5:e4:cc:
                    69:9a:1f:9d:75:dd:04:cb:c2:43:c3:34:d9:df:91:
                    fc:d0:b5:68:1d:b2:e7:3a:f7:c5:05:d8:71:75:07:
                    3c:08:81:fb:8a:af:81:67:76:d3:95:a8:a3:70:d8:
                    f1:f1:20:55:fc:47:f7:d6:52:c5:8f:7b:77:b7:c2:
                    ab:49:33:f4:ef:c4:8f:69:38:8d:02:b9:e5:d9:d0:
                    a2:a7:92:bb:06:f0:ee:fc:d3:7b:bc:c8:b4:16:69:
                    55:f5:a7:12:7b:8c:b8:2b:b4:e0:15:dd:f8:91:d8:
                    1f:3b:3a:92:4a:17:24:65:06:be:f7:b9:e5:43:56:
                    fa:f6:b4:3e:30:ba:ee:54:bd:78:a9:51:f3:3a:a0:
                    6c:a6:42:8d:b7:46:1d:31:b8:86:34:aa:68:a2:31:
                    d5:ec:37:32:2b:0d:3b:20:f0:f0:33:7f:a8:39:ba:
                    36:46:53:97:c1:0d:f4:7e:23:36:b9:04:0d:fd:b1:
                    c0:36:9e:29:7e:b0:91:30:aa:0a:93:04:00:c6:51:
                    42:87:4d:c7:b2:79:c9:66:89:97:b5:aa:4f:fc:b1:
                    51:70:cb:0a:83:32:c5:4c:23:80:2a:db:0f:4f:6b:
                    38:d7:74:94:07:6c:b4:e8:dc:54:d4:94:c2:fb:25:
                    77:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:2B:9E:A6:00:D8:9D:4A:39:F9:96:AC:2F:EC:1A:F1:51:F1:85:F1
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145124.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a9aa::/32

    Signature Algorithm: sha256WithRSAEncryption
         7f:7e:7e:5b:08:a1:8c:ea:9d:ff:c4:c2:de:ba:0f:df:59:96:
         7f:85:a8:03:bd:57:26:d7:60:b7:80:b4:8a:b1:2b:02:15:cf:
         ab:e4:86:5d:f9:49:ac:16:1e:d1:76:34:2f:cc:e3:8b:6b:2c:
         e4:b0:86:8c:4c:87:f5:43:3c:bd:6a:a9:73:c1:16:3e:07:4a:
         09:5a:f2:dc:ef:14:bb:81:70:6f:dd:ec:e4:ce:4a:8c:e8:ff:
         e7:8d:a7:ea:f1:c8:c8:82:98:db:13:dd:be:fd:22:2c:c2:66:
         b0:0a:89:2c:eb:ca:87:0e:a7:90:80:fc:03:e2:28:7d:81:3d:
         72:63:c1:a6:df:f7:ec:63:23:46:b5:b4:c1:5e:9c:b8:f1:d3:
         c5:a0:0e:dc:fd:8c:66:04:01:03:16:e9:07:bc:d2:d9:2e:05:
         f1:ca:83:ee:5a:60:05:43:70:c8:92:72:ca:46:a0:2b:53:4b:
         bb:2d:12:fb:2f:f6:0b:09:b6:2f:91:de:16:84:77:2e:ca:b4:
         f2:09:69:b6:a4:38:4b:06:b2:02:3a:ae:12:82:f5:8c:0b:12:
         80:a7:e6:23:0b:82:c9:63:50:e6:1a:a1:fa:9f:f1:75:37:e2:
         17:21:aa:a4:68:be:43:61:3f:5d:ce:06:96:58:fe:fe:1a:bd:
         86:3d:f4:f0
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUejuNFTaOhtgcKE4TfmKG6NYDNxkwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTcxMloX
DTI3MDMwMzA2MjIxMlowMzExMC8GA1UEAxMoRUEyQjlFQTYwMEQ4OUQ0QTM5Rjk5
NkFDMkZFQzFBRjE1MUYxODVGMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAM5iq0JUa/5EWBPH5eTMaZofnXXdBMvCQ8M02d+R/NC1aB2y5zr3xQXYcXUH
PAiB+4qvgWd205Woo3DY8fEgVfxH99ZSxY97d7fCq0kz9O/Ej2k4jQK55dnQoqeS
uwbw7vzTe7zItBZpVfWnEnuMuCu04BXd+JHYHzs6kkoXJGUGvve55UNW+va0PjC6
7lS9eKlR8zqgbKZCjbdGHTG4hjSqaKIx1ew3MisNOyDw8DN/qDm6NkZTl8EN9H4j
NrkEDf2xwDaeKX6wkTCqCpMEAMZRQodNx7J5yWaJl7WqT/yxUXDLCoMyxUwjgCrb
D09rONd0lAdstOjcVNSUwvsld08CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBTqK56m
ANidSjn5lqwv7BrxUfGF8TAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTEyNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
qaowDQYJKoZIhvcNAQELBQADggEBAH9+flsIoYzqnf/Ewt66D99Zln+FqAO9VybX
YLeAtIqxKwIVz6vkhl35SawWHtF2NC/M44trLOSwhoxMh/VDPL1qqXPBFj4HSgla
8tzvFLuBcG/d7OTOSozo/+eNp+rxyMiCmNsT3b79IizCZrAKiSzryocOp5CA/APi
KH2BPXJjwabf9+xjI0a1tMFenLjx08WgDtz9jGYEAQMW6Qe80tkuBfHKg+5aYAVD
cMiScspGoCtTS7stEvsv9gsJti+R3haEdy7KtPIJabakOEsGsgI6rhKC9YwLEoCn
5iMLgsljUOYaofqf8XU34hchqqRovkNhP13OBpZY/v4avYY99PA=
-----END CERTIFICATE-----