Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145133.roa
File:                     AS145133.roa (raw, json)
Hash identifier:          ozjBQcdwsF2mC9LcGkCV4sxUqn4qG2q7l+fc9KHXxIo=
Subject key identifier:   1B:64:00:2D:E4:FC:B8:2B:D0:F1:11:77:5A:B4:76:A4:58:C1:C7:CD
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       3D85030B9D347F7D5B3B85023548FA0BD70AD777
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145133.roa
Signing time:             Wed 04 Mar 2026 06:21:08 +0000
ROA not before:           Wed 04 Mar 2026 06:16:08 +0000
ROA not after:            Wed 03 Mar 2027 06:21:08 +0000
asID:                     145133
IP address blocks:        240a:a9b3::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:85:03:0b:9d:34:7f:7d:5b:3b:85:02:35:48:fa:0b:d7:0a:d7:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:16:08 2026 GMT
            Not After : Mar  3 06:21:08 2027 GMT
        Subject: CN=1B64002DE4FCB82BD0F111775AB476A458C1C7CD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:25:d1:95:e6:f9:9e:d8:6b:39:60:39:a6:13:
                    2f:cb:71:5a:c4:0c:31:97:66:2b:d8:e2:51:0e:9a:
                    7a:c1:6e:85:d5:90:92:df:45:99:f0:e6:d8:48:cc:
                    91:b9:55:c7:48:5e:1b:60:b9:bd:22:3b:f7:bc:b6:
                    87:5b:7b:02:fa:19:83:ba:b7:74:8e:80:8b:d2:8f:
                    20:ef:c4:a0:9b:ff:b4:3c:b2:6b:ef:f1:83:02:54:
                    bf:2a:5f:8b:34:84:c1:fe:45:07:5e:0b:b8:74:7a:
                    ae:62:27:00:58:27:ce:a8:a6:4e:68:f6:fe:96:a9:
                    28:22:57:7f:34:71:41:6d:e3:e1:a3:25:36:b7:59:
                    a9:b3:90:bf:88:b2:23:b5:40:f7:7c:ba:c4:fb:fc:
                    f4:02:58:8f:39:6f:88:c5:b6:ce:5c:12:19:80:ed:
                    90:e2:58:4f:fe:ec:e0:c4:df:4c:ea:e7:dd:3e:58:
                    6c:7d:98:84:23:53:37:fe:d0:34:21:4b:85:6e:05:
                    0d:f1:25:f6:f7:51:9b:3c:36:7a:74:20:ff:e5:82:
                    50:c1:55:76:41:a4:cd:56:92:a2:d4:e8:6b:97:28:
                    a9:ae:5b:13:88:cf:b1:93:7b:0f:6b:44:51:a6:78:
                    0d:6d:8e:f9:8c:3d:ff:75:bd:b0:63:0c:06:ab:40:
                    78:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:64:00:2D:E4:FC:B8:2B:D0:F1:11:77:5A:B4:76:A4:58:C1:C7:CD
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145133.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a9b3::/32

    Signature Algorithm: sha256WithRSAEncryption
         6a:e7:e8:7d:f7:84:b8:bf:55:60:75:76:09:37:e6:d2:30:9a:
         ac:4b:09:2c:5e:f3:b5:e2:cc:18:c8:41:dd:26:38:b1:12:db:
         df:b4:bb:99:68:47:2a:81:96:67:74:32:b0:14:83:4c:ef:3b:
         22:16:8a:a5:45:d2:19:6f:34:9b:dc:1f:10:80:4b:43:16:3d:
         11:9a:64:a0:49:e6:c1:c5:e5:50:57:2f:66:0f:53:3d:49:8a:
         bd:2a:cb:cf:55:14:63:35:59:ab:24:29:fe:30:21:48:eb:9c:
         48:ce:e4:9f:2d:ca:d4:30:ad:72:c6:b7:8c:e7:50:96:a7:3e:
         04:70:00:f6:96:9b:28:d3:e6:25:63:ce:1e:14:c9:36:fd:be:
         08:10:61:01:8f:bf:ad:d2:a1:09:8e:35:da:b1:b7:78:8d:7e:
         ca:c8:ab:e4:49:2e:21:cd:f0:c2:2e:e6:be:d3:60:3f:5a:aa:
         e3:7d:0f:9b:91:f0:9b:28:ff:e3:6d:3d:86:a6:4a:78:04:5b:
         b9:d5:e7:d5:68:3b:16:c2:df:89:86:ce:b6:d1:77:ae:17:a4:
         98:1f:cf:2f:09:23:2b:e7:92:38:aa:e3:45:2a:d4:6a:e5:6a:
         f7:94:11:dc:51:1e:7c:3d:fe:27:b2:32:c1:8a:64:66:08:5d:
         60:e0:d7:cc
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUPYUDC500f31bO4UCNUj6C9cK13cwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTYwOFoX
DTI3MDMwMzA2MjEwOFowMzExMC8GA1UEAxMoMUI2NDAwMkRFNEZDQjgyQkQwRjEx
MTc3NUFCNDc2QTQ1OEMxQzdDRDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKUl0ZXm+Z7YazlgOaYTL8txWsQMMZdmK9jiUQ6aesFuhdWQkt9FmfDm2EjM
kblVx0heG2C5vSI797y2h1t7AvoZg7q3dI6Ai9KPIO/EoJv/tDyya+/xgwJUvypf
izSEwf5FB14LuHR6rmInAFgnzqimTmj2/papKCJXfzRxQW3j4aMlNrdZqbOQv4iy
I7VA93y6xPv89AJYjzlviMW2zlwSGYDtkOJYT/7s4MTfTOrn3T5YbH2YhCNTN/7Q
NCFLhW4FDfEl9vdRmzw2enQg/+WCUMFVdkGkzVaSotToa5coqa5bE4jPsZN7D2tE
UaZ4DW2O+Yw9/3W9sGMMBqtAeG8CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQbZAAt
5Py4K9DxEXdatHakWMHHzTAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTEzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
qbMwDQYJKoZIhvcNAQELBQADggEBAGrn6H33hLi/VWB1dgk35tIwmqxLCSxe87Xi
zBjIQd0mOLES29+0u5loRyqBlmd0MrAUg0zvOyIWiqVF0hlvNJvcHxCAS0MWPRGa
ZKBJ5sHF5VBXL2YPUz1Jir0qy89VFGM1WaskKf4wIUjrnEjO5J8tytQwrXLGt4zn
UJanPgRwAPaWmyjT5iVjzh4UyTb9vggQYQGPv63SoQmONdqxt3iNfsrIq+RJLiHN
8MIu5r7TYD9aquN9D5uR8Jso/+NtPYamSngEW7nV59VoOxbC34mGzrbRd64XpJgf
zy8JIyvnkjiq40Uq1GrlaveUEdxRHnw9/ieyMsGKZGYIXWDg18w=
-----END CERTIFICATE-----