Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145152.roa
File:                     AS145152.roa (raw, json)
Hash identifier:          8kzssGhHv403kKgPaKZdUs1ADAZRqhHMpqaG+11Jbgg=
Subject key identifier:   4E:53:2F:3B:3E:00:22:A4:F6:EE:ED:31:E8:78:51:B2:9B:A1:43:16
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       2B43A0D07728A339AF69C26D1209C14075A3A819
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145152.roa
Signing time:             Wed 04 Mar 2026 06:21:59 +0000
ROA not before:           Wed 04 Mar 2026 06:16:59 +0000
ROA not after:            Wed 03 Mar 2027 06:21:59 +0000
asID:                     145152
IP address blocks:        240a:a9c6::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2b:43:a0:d0:77:28:a3:39:af:69:c2:6d:12:09:c1:40:75:a3:a8:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:16:59 2026 GMT
            Not After : Mar  3 06:21:59 2027 GMT
        Subject: CN=4E532F3B3E0022A4F6EEED31E87851B29BA14316
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:c6:71:dd:ff:b8:2d:32:d0:5c:51:3b:58:30:
                    ff:2c:6b:16:f5:f1:f9:f2:4d:60:5d:de:6d:07:6e:
                    ff:9f:f2:c6:7b:68:8b:67:b7:1a:fc:3b:77:e1:a2:
                    cf:b8:40:5b:56:7a:e2:05:b4:18:9a:94:b9:bf:78:
                    3d:ef:57:ee:cc:5f:e9:07:71:30:ec:bc:7e:c9:5b:
                    2f:2d:92:5d:c9:de:07:d1:f0:ad:8b:68:ea:1d:18:
                    37:d5:55:80:06:c6:82:69:9c:d7:7c:e8:40:64:36:
                    66:03:7e:a6:f7:e8:68:83:67:9d:eb:19:00:cb:3e:
                    26:ec:a6:9f:59:c0:35:62:1a:34:17:b5:60:af:6f:
                    ef:39:fd:29:d2:4c:39:4e:e0:22:31:1d:15:9a:4a:
                    c3:59:2a:a7:ca:24:08:52:a8:af:9a:d3:6b:13:c3:
                    b7:52:bb:2f:f5:a5:ea:04:0d:d0:d4:fc:c3:86:18:
                    9f:09:8e:87:e8:9b:ed:ca:7b:19:ad:bb:00:61:12:
                    b7:9b:cf:9a:f9:e5:62:7b:54:83:01:0b:30:35:87:
                    3c:f3:61:81:1d:2e:d1:48:f7:1b:7c:c9:4b:20:1a:
                    6b:da:a9:43:c2:e2:f8:1a:f4:d6:f8:65:87:b0:7c:
                    57:de:cf:21:25:09:56:c2:80:67:44:48:a0:6f:fb:
                    e5:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:53:2F:3B:3E:00:22:A4:F6:EE:ED:31:E8:78:51:B2:9B:A1:43:16
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145152.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a9c6::/32

    Signature Algorithm: sha256WithRSAEncryption
         ba:21:2d:8d:6d:5d:38:53:58:3c:e2:10:d3:16:a5:24:e8:f5:
         46:bf:b1:8b:99:a3:28:e6:2c:6a:7c:60:4b:12:7a:a2:d2:d3:
         0f:f1:7d:69:5b:3c:b5:fd:5c:12:8c:b6:26:fd:55:f2:01:d5:
         84:06:b8:3c:18:ca:48:c0:94:b4:88:ed:4a:f0:54:a0:00:ee:
         44:d3:63:01:21:b5:0f:9d:82:f3:92:1b:f0:07:8c:82:18:f2:
         3c:1a:f8:3e:f8:93:d6:94:20:bf:e3:20:ac:78:79:39:7d:ac:
         b3:4c:94:e6:4f:a5:a8:69:94:6b:88:0d:ea:4d:ff:02:73:37:
         33:c2:6c:77:12:bc:46:55:4a:41:45:0f:63:1b:b6:32:8f:97:
         56:05:05:0e:3a:84:41:8b:3f:c6:96:29:4d:5f:ab:d6:0d:15:
         e2:25:e5:f0:6f:fa:b7:74:33:0b:0c:12:a7:f8:fe:26:be:7f:
         e2:58:2b:86:ea:de:6d:2c:28:07:0e:7a:34:fb:70:4e:51:12:
         e0:6d:72:6e:a7:a0:5b:79:f6:6d:b3:6a:a4:23:d8:e1:b1:30:
         67:8c:70:8d:23:40:23:55:35:f4:c9:25:56:74:45:54:92:f1:
         ec:ab:3c:7a:8a:1e:b7:2f:f4:3b:af:de:d4:ed:b4:ac:cb:af:
         48:d0:b3:42
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUK0Og0HcoozmvacJtEgnBQHWjqBkwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTY1OVoX
DTI3MDMwMzA2MjE1OVowMzExMC8GA1UEAxMoNEU1MzJGM0IzRTAwMjJBNEY2RUVF
RDMxRTg3ODUxQjI5QkExNDMxNjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMvGcd3/uC0y0FxRO1gw/yxrFvXx+fJNYF3ebQdu/5/yxntoi2e3Gvw7d+Gi
z7hAW1Z64gW0GJqUub94Pe9X7sxf6QdxMOy8fslbLy2SXcneB9HwrYto6h0YN9VV
gAbGgmmc13zoQGQ2ZgN+pvfoaINnnesZAMs+Juymn1nANWIaNBe1YK9v7zn9KdJM
OU7gIjEdFZpKw1kqp8okCFKor5rTaxPDt1K7L/Wl6gQN0NT8w4YYnwmOh+ib7cp7
Ga27AGESt5vPmvnlYntUgwELMDWHPPNhgR0u0Uj3G3zJSyAaa9qpQ8Li+Br01vhl
h7B8V97PISUJVsKAZ0RIoG/75VUCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBROUy87
PgAipPbu7THoeFGym6FDFjAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTE1Mi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
qcYwDQYJKoZIhvcNAQELBQADggEBALohLY1tXThTWDziENMWpSTo9Ua/sYuZoyjm
LGp8YEsSeqLS0w/xfWlbPLX9XBKMtib9VfIB1YQGuDwYykjAlLSI7UrwVKAA7kTT
YwEhtQ+dgvOSG/AHjIIY8jwa+D74k9aUIL/jIKx4eTl9rLNMlOZPpahplGuIDepN
/wJzNzPCbHcSvEZVSkFFD2MbtjKPl1YFBQ46hEGLP8aWKU1fq9YNFeIl5fBv+rd0
MwsMEqf4/ia+f+JYK4bq3m0sKAcOejT7cE5REuBtcm6noFt59m2zaqQj2OGxMGeM
cI0jQCNVNfTJJVZ0RVSS8eyrPHqKHrcv9Duv3tTttKzLr0jQs0I=
-----END CERTIFICATE-----