Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145131.roa
File:                     AS145131.roa (raw, json)
Hash identifier:          zsR5o86LAdzXj7jG6zzJ5sTTD3DQaSes8A7SHLH2M1c=
Subject key identifier:   5F:F9:EE:0B:47:CE:5C:7D:C7:36:FC:D2:7D:58:A2:78:AD:59:6C:8C
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       7645DD2EEFAFD3E4AA6D3E51FBD1217605301FCF
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145131.roa
Signing time:             Wed 04 Mar 2026 06:20:01 +0000
ROA not before:           Wed 04 Mar 2026 06:15:01 +0000
ROA not after:            Wed 03 Mar 2027 06:20:01 +0000
asID:                     145131
IP address blocks:        240a:a9b1::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            76:45:dd:2e:ef:af:d3:e4:aa:6d:3e:51:fb:d1:21:76:05:30:1f:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:15:01 2026 GMT
            Not After : Mar  3 06:20:01 2027 GMT
        Subject: CN=5FF9EE0B47CE5C7DC736FCD27D58A278AD596C8C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:a8:39:4f:f1:0d:22:c7:94:5a:80:a4:a5:f9:
                    8f:73:5c:ee:17:40:7e:38:68:a7:ae:4b:a3:56:0a:
                    3e:5b:8e:1d:99:c5:00:2f:af:2d:7b:88:7c:5f:4b:
                    3c:bc:df:32:dc:af:08:ad:09:b1:1a:af:96:f1:54:
                    9e:8c:8b:4b:95:02:16:f9:c6:b9:32:bb:24:16:45:
                    dc:17:f4:50:12:5c:07:a2:c6:66:81:2c:3e:00:e1:
                    ed:02:a4:17:87:a9:b0:77:ad:c1:99:96:33:f9:a2:
                    57:08:28:70:4b:ee:bc:65:82:1c:76:ae:a8:3f:3a:
                    96:df:7c:dd:2e:54:66:6a:fd:8d:81:db:06:da:23:
                    2a:5f:f8:83:f3:e5:c7:d1:47:e0:14:04:0a:cb:8d:
                    93:5b:d3:55:7d:64:ea:75:7a:b5:3c:93:75:f4:f0:
                    ac:7a:11:8d:7c:a1:aa:25:fa:b9:e6:d7:22:c7:63:
                    d4:8d:46:3f:08:4c:d4:b9:e1:c7:ae:dd:c7:b3:68:
                    44:ce:81:76:93:0b:0b:97:65:b5:69:93:85:a9:12:
                    6c:47:66:4b:87:ef:5e:f7:9e:d5:49:75:08:c2:1c:
                    88:89:ec:54:0e:76:63:64:51:9f:76:a2:45:65:10:
                    63:63:6e:14:37:4e:8e:bd:0d:70:af:bc:a3:4f:70:
                    a5:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:F9:EE:0B:47:CE:5C:7D:C7:36:FC:D2:7D:58:A2:78:AD:59:6C:8C
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145131.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a9b1::/32

    Signature Algorithm: sha256WithRSAEncryption
         bb:8e:a0:7f:2e:73:29:45:0b:c2:50:b2:9c:01:b3:81:06:00:
         46:04:cb:e9:d0:16:73:17:33:43:c6:58:1b:0d:2d:33:6c:16:
         da:b9:c5:f5:8e:0f:73:21:8d:1e:29:22:a0:93:76:55:4d:90:
         9d:04:61:70:49:39:0f:a1:d5:36:d1:5b:22:d2:85:e2:f2:e3:
         ba:3f:50:5f:a4:2f:d1:34:f1:67:62:e6:79:39:a7:74:4b:cc:
         75:56:7b:a8:a2:87:b7:75:97:9b:2d:22:c8:0f:56:b6:18:e4:
         05:14:0b:c7:f7:9d:8b:db:6b:9e:42:c3:af:43:53:e3:25:79:
         23:14:fa:76:42:d0:29:f6:8d:a2:fd:99:9c:aa:42:12:04:4f:
         3e:a4:d6:16:06:6e:26:5d:77:a1:09:14:e3:d5:ca:dc:02:a2:
         be:5b:8a:28:b0:a6:fc:7c:4e:dc:c8:93:33:4e:9a:43:63:47:
         06:1f:92:70:bc:2f:6b:28:b1:d3:15:cd:6c:c6:cd:06:1c:ea:
         35:d5:8c:68:bf:28:75:f1:0f:f7:4d:c2:9c:b6:d5:36:24:1b:
         5c:6e:b8:f4:45:fe:19:bc:d1:14:dd:e8:b7:b8:ac:18:23:c4:
         13:ff:b6:5f:05:d2:77:06:7f:73:6b:af:79:ed:4b:0c:66:26:
         cf:c8:c1:e5
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUdkXdLu+v0+SqbT5R+9EhdgUwH88wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTUwMVoX
DTI3MDMwMzA2MjAwMVowMzExMC8GA1UEAxMoNUZGOUVFMEI0N0NFNUM3REM3MzZG
Q0QyN0Q1OEEyNzhBRDU5NkM4QzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJSoOU/xDSLHlFqApKX5j3Nc7hdAfjhop65Lo1YKPluOHZnFAC+vLXuIfF9L
PLzfMtyvCK0JsRqvlvFUnoyLS5UCFvnGuTK7JBZF3Bf0UBJcB6LGZoEsPgDh7QKk
F4epsHetwZmWM/miVwgocEvuvGWCHHauqD86lt983S5UZmr9jYHbBtojKl/4g/Pl
x9FH4BQECsuNk1vTVX1k6nV6tTyTdfTwrHoRjXyhqiX6uebXIsdj1I1GPwhM1Lnh
x67dx7NoRM6BdpMLC5dltWmThakSbEdmS4fvXvee1Ul1CMIciInsVA52Y2RRn3ai
RWUQY2NuFDdOjr0NcK+8o09wpYkCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBRf+e4L
R85cfcc2/NJ9WKJ4rVlsjDAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTEzMS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
qbEwDQYJKoZIhvcNAQELBQADggEBALuOoH8ucylFC8JQspwBs4EGAEYEy+nQFnMX
M0PGWBsNLTNsFtq5xfWOD3MhjR4pIqCTdlVNkJ0EYXBJOQ+h1TbRWyLSheLy47o/
UF+kL9E08Wdi5nk5p3RLzHVWe6iih7d1l5stIsgPVrYY5AUUC8f3nYvba55Cw69D
U+MleSMU+nZC0Cn2jaL9mZyqQhIETz6k1hYGbiZdd6EJFOPVytwCor5biiiwpvx8
TtzIkzNOmkNjRwYfknC8L2sosdMVzWzGzQYc6jXVjGi/KHXxD/dNwpy21TYkG1xu
uPRF/hm80RTd6Le4rBgjxBP/tl8F0ncGf3Nrr3ntSwxmJs/IweU=
-----END CERTIFICATE-----