Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145145.roa
File:                     AS145145.roa (raw, json)
Hash identifier:          QxrGQ39ap1w00pzL0uD+bFdU/7bvKfTgXJma2VDMnBk=
Subject key identifier:   34:CA:AF:B6:5B:BB:50:8A:2F:82:EC:2C:F6:C4:07:9A:09:2A:54:CC
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       43079CB0FAF2A5BCC2A61597EAF8A2FF477CB2FA
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145145.roa
Signing time:             Wed 04 Mar 2026 06:20:58 +0000
ROA not before:           Wed 04 Mar 2026 06:15:58 +0000
ROA not after:            Wed 03 Mar 2027 06:20:58 +0000
asID:                     145145
IP address blocks:        240a:a9bf::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:07:9c:b0:fa:f2:a5:bc:c2:a6:15:97:ea:f8:a2:ff:47:7c:b2:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:15:58 2026 GMT
            Not After : Mar  3 06:20:58 2027 GMT
        Subject: CN=34CAAFB65BBB508A2F82EC2CF6C4079A092A54CC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:65:db:89:ad:cc:af:78:d9:b6:10:83:a0:f9:
                    cd:1f:5a:50:2e:72:87:ae:79:84:cc:a1:ef:2b:6e:
                    a9:61:d0:11:66:ca:dd:ba:8b:2e:f0:24:3c:1b:78:
                    6d:78:90:9b:34:50:52:7e:96:ea:e7:c6:0d:cb:63:
                    2e:70:d1:84:a2:4c:d8:35:21:f5:d0:7c:33:4a:17:
                    77:3f:45:79:bc:55:7c:cf:15:ae:b0:9c:9f:39:c6:
                    a6:14:a5:38:fa:89:d6:0d:67:fd:f8:ee:6b:15:80:
                    b9:e1:5f:f7:ec:8d:53:38:5e:69:b1:13:a7:34:97:
                    f4:a6:49:cb:6f:fb:0e:7d:ab:ba:38:ec:61:28:6b:
                    80:5b:7d:b6:f2:43:ef:10:e3:c8:1b:59:a6:9e:77:
                    6c:c3:bb:01:dc:e4:07:2a:b1:8f:5d:bf:6d:4b:ab:
                    5d:cc:b8:95:84:fd:9d:40:36:5c:cd:46:6d:6f:19:
                    ba:cc:f3:67:20:0d:86:85:33:57:0d:78:8a:4e:14:
                    4a:c6:fb:4f:32:a4:ca:17:f5:99:e5:43:73:7a:6e:
                    18:1f:a3:73:b7:4d:9e:b3:15:f3:e4:0d:1e:52:c7:
                    46:34:e3:70:68:75:5a:0f:6c:aa:ee:b6:88:f7:68:
                    3a:5a:3f:28:2c:5b:16:01:b0:71:90:ed:17:04:cb:
                    dc:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:CA:AF:B6:5B:BB:50:8A:2F:82:EC:2C:F6:C4:07:9A:09:2A:54:CC
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145145.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a9bf::/32

    Signature Algorithm: sha256WithRSAEncryption
         3f:a3:cf:7c:37:9e:00:c5:12:97:29:a4:0f:97:76:61:e7:73:
         4a:c1:03:f5:d9:61:68:70:02:7a:20:f9:90:8b:ef:6b:71:5c:
         e2:ba:7d:db:8c:c2:44:89:47:35:84:46:49:d4:60:4d:e8:87:
         86:74:a9:a0:b4:70:77:4b:29:a4:85:ae:94:8c:92:f8:a1:3b:
         f0:e8:e3:72:17:0e:31:d4:1d:65:cd:e3:7f:f4:48:51:1d:35:
         08:30:73:96:3c:e4:1b:69:59:3e:ca:10:f7:56:0f:93:55:a6:
         84:27:70:81:65:72:cd:91:28:d4:57:ff:76:23:5b:36:d6:29:
         31:11:f3:f4:b2:94:6b:a7:d6:a0:37:0f:84:06:3e:aa:ee:40:
         bc:fe:a9:90:da:c1:35:7f:b8:38:4f:00:ec:88:ab:fe:b1:35:
         8f:b8:12:92:60:36:b7:72:24:be:f6:a1:21:b8:c1:08:7f:99:
         a5:6a:99:a7:d4:70:42:41:72:f1:78:03:2f:71:92:e2:6f:d5:
         04:b8:a2:12:39:ab:de:ee:8a:c5:f7:ea:2f:6a:0d:41:6b:a0:
         40:2a:ab:06:82:f3:5a:98:e8:7b:aa:80:48:85:f8:55:f7:11:
         8a:9f:5d:29:00:b1:a9:4b:b9:b8:1f:a5:0b:98:b9:e6:81:03:
         c8:a7:ad:0c
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUQwecsPrypbzCphWX6vii/0d8svowDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTU1OFoX
DTI3MDMwMzA2MjA1OFowMzExMC8GA1UEAxMoMzRDQUFGQjY1QkJCNTA4QTJGODJF
QzJDRjZDNDA3OUEwOTJBNTRDQzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKtl24mtzK942bYQg6D5zR9aUC5yh655hMyh7ytuqWHQEWbK3bqLLvAkPBt4
bXiQmzRQUn6W6ufGDctjLnDRhKJM2DUh9dB8M0oXdz9FebxVfM8VrrCcnznGphSl
OPqJ1g1n/fjuaxWAueFf9+yNUzheabETpzSX9KZJy2/7Dn2rujjsYShrgFt9tvJD
7xDjyBtZpp53bMO7AdzkByqxj12/bUurXcy4lYT9nUA2XM1GbW8ZuszzZyANhoUz
Vw14ik4USsb7TzKkyhf1meVDc3puGB+jc7dNnrMV8+QNHlLHRjTjcGh1Wg9squ62
iPdoOlo/KCxbFgGwcZDtFwTL3OUCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQ0yq+2
W7tQii+C7Cz2xAeaCSpUzDAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTE0NS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
qb8wDQYJKoZIhvcNAQELBQADggEBAD+jz3w3ngDFEpcppA+XdmHnc0rBA/XZYWhw
Anog+ZCL72txXOK6fduMwkSJRzWERknUYE3oh4Z0qaC0cHdLKaSFrpSMkvihO/Do
43IXDjHUHWXN43/0SFEdNQgwc5Y85BtpWT7KEPdWD5NVpoQncIFlcs2RKNRX/3Yj
WzbWKTER8/SylGun1qA3D4QGPqruQLz+qZDawTV/uDhPAOyIq/6xNY+4EpJgNrdy
JL72oSG4wQh/maVqmafUcEJBcvF4Ay9xkuJv1QS4ohI5q97uisX36i9qDUFroEAq
qwaC81qY6HuqgEiF+FX3EYqfXSkAsalLubgfpQuYueaBA8inrQw=
-----END CERTIFICATE-----