Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145153.roa
File:                     AS145153.roa (raw, json)
Hash identifier:          7kYa9voxNPRAyxoSpcYS9NI1NiEUQtFmkTjd7b50scI=
Subject key identifier:   16:92:65:BE:F8:E1:73:34:DD:1A:34:46:16:81:D9:AC:67:F3:84:90
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       5A4A5AEA75511013229FD91165896CA11072998E
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145153.roa
Signing time:             Wed 04 Mar 2026 06:21:24 +0000
ROA not before:           Wed 04 Mar 2026 06:16:24 +0000
ROA not after:            Wed 03 Mar 2027 06:21:24 +0000
asID:                     145153
IP address blocks:        240a:a9c7::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5a:4a:5a:ea:75:51:10:13:22:9f:d9:11:65:89:6c:a1:10:72:99:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:16:24 2026 GMT
            Not After : Mar  3 06:21:24 2027 GMT
        Subject: CN=169265BEF8E17334DD1A34461681D9AC67F38490
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:72:80:fb:cd:ef:58:0d:cc:f3:fa:db:4b:81:
                    d4:2e:06:c4:09:eb:dc:51:3b:eb:ca:67:14:34:29:
                    52:14:48:e3:cf:49:37:d0:21:9d:38:7a:08:90:dd:
                    e5:13:ec:f6:61:10:43:c2:bc:cf:e6:56:72:36:ae:
                    c1:b3:09:07:48:fd:6c:82:da:ab:64:50:24:ee:58:
                    a9:8b:39:85:88:0d:e3:e9:88:1a:e8:29:70:3d:71:
                    57:f1:ba:be:d8:54:fa:51:10:40:dd:aa:18:43:56:
                    10:ae:8c:3d:f9:5a:bd:59:e5:ff:59:68:46:9f:b0:
                    16:4f:52:b7:b2:be:32:3c:8f:48:77:c0:dd:bc:0e:
                    83:80:be:85:51:11:99:60:03:22:39:7d:cb:33:85:
                    01:60:9b:3b:bc:fe:9e:21:d8:0c:9e:0a:07:78:8d:
                    2c:d2:f4:80:65:a6:6b:ae:d7:e2:34:41:07:10:ac:
                    29:69:3a:77:2d:41:6a:f6:04:cd:aa:df:c8:2d:b0:
                    54:5a:95:34:04:bb:5b:38:ae:fb:bc:07:df:8e:81:
                    c1:64:96:74:4b:96:18:43:79:be:17:c7:f4:20:f6:
                    4b:c6:1c:e6:c4:69:68:df:94:a5:91:ca:5d:59:5e:
                    73:ef:cf:6e:bb:20:53:b0:55:72:60:ef:c8:6b:d6:
                    8a:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:92:65:BE:F8:E1:73:34:DD:1A:34:46:16:81:D9:AC:67:F3:84:90
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145153.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a9c7::/32

    Signature Algorithm: sha256WithRSAEncryption
         9f:7a:22:d9:03:ff:ef:98:4a:f1:bc:7a:b7:86:96:de:ca:cd:
         d0:41:58:76:c8:2e:c2:f1:b1:23:c1:2c:86:55:97:cb:e8:42:
         1c:82:c0:93:16:77:0b:b2:18:c1:37:63:ec:ea:6d:2c:f8:78:
         89:c0:24:d6:43:66:15:ca:ef:ed:a5:0b:04:52:89:51:d8:6f:
         89:d4:ef:78:3f:cd:56:b7:9b:f0:56:c7:1f:02:28:e4:06:96:
         b4:5d:e8:2f:18:14:ac:e7:bd:a4:12:7b:09:63:bf:48:dd:b9:
         cd:d1:de:45:00:92:23:c9:f2:e0:38:6b:46:33:68:99:ae:68:
         e1:66:ad:3a:c0:9f:59:3c:f9:09:51:eb:9f:6e:af:14:db:db:
         03:b2:b7:ca:5c:0c:28:49:2b:41:e3:bc:39:26:92:b2:8c:be:
         da:d1:68:b3:ba:04:56:66:c5:62:5e:99:bf:77:34:2c:e9:65:
         9b:74:39:c1:83:0d:70:3d:ef:1f:a5:3e:86:56:8b:c6:06:54:
         6f:f2:e4:af:fb:d2:21:50:06:34:ce:8b:cb:44:3c:ff:2c:c7:
         80:4d:c1:8d:35:81:e0:54:7c:4c:d8:99:7f:bc:3a:e4:ed:8f:
         96:b8:5f:9a:fb:66:dd:73:8f:45:47:35:c2:73:cc:fe:bf:d4:
         72:fe:e9:9c
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUWkpa6nVREBMin9kRZYlsoRBymY4wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTYyNFoX
DTI3MDMwMzA2MjEyNFowMzExMC8GA1UEAxMoMTY5MjY1QkVGOEUxNzMzNEREMUEz
NDQ2MTY4MUQ5QUM2N0YzODQ5MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJJygPvN71gNzPP620uB1C4GxAnr3FE768pnFDQpUhRI489JN9AhnTh6CJDd
5RPs9mEQQ8K8z+ZWcjauwbMJB0j9bILaq2RQJO5YqYs5hYgN4+mIGugpcD1xV/G6
vthU+lEQQN2qGENWEK6MPflavVnl/1loRp+wFk9St7K+MjyPSHfA3bwOg4C+hVER
mWADIjl9yzOFAWCbO7z+niHYDJ4KB3iNLNL0gGWma67X4jRBBxCsKWk6dy1BavYE
zarfyC2wVFqVNAS7Wziu+7wH346BwWSWdEuWGEN5vhfH9CD2S8Yc5sRpaN+UpZHK
XVlec+/PbrsgU7BVcmDvyGvWigcCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQWkmW+
+OFzNN0aNEYWgdmsZ/OEkDAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTE1My5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
qccwDQYJKoZIhvcNAQELBQADggEBAJ96ItkD/++YSvG8ereGlt7KzdBBWHbILsLx
sSPBLIZVl8voQhyCwJMWdwuyGME3Y+zqbSz4eInAJNZDZhXK7+2lCwRSiVHYb4nU
73g/zVa3m/BWxx8CKOQGlrRd6C8YFKznvaQSewljv0jduc3R3kUAkiPJ8uA4a0Yz
aJmuaOFmrTrAn1k8+QlR659urxTb2wOyt8pcDChJK0HjvDkmkrKMvtrRaLO6BFZm
xWJemb93NCzpZZt0OcGDDXA97x+lPoZWi8YGVG/y5K/70iFQBjTOi8tEPP8sx4BN
wY01geBUfEzYmX+8OuTtj5a4X5r7Zt1zj0VHNcJzzP6/1HL+6Zw=
-----END CERTIFICATE-----