Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145157.roa
File:                     AS145157.roa (raw, json)
Hash identifier:          H+qWbjkx+2UOub3SM5Z5WbnXOZC0WabrTr12nceElKA=
Subject key identifier:   39:B7:99:A5:D5:4C:BD:6B:0F:70:58:63:92:48:B2:48:CF:F9:10:FE
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       62AA8D5311C3F1D9922E2B5362A197C5D2248941
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145157.roa
Signing time:             Wed 04 Mar 2026 06:20:23 +0000
ROA not before:           Wed 04 Mar 2026 06:15:23 +0000
ROA not after:            Wed 03 Mar 2027 06:20:23 +0000
asID:                     145157
IP address blocks:        240a:a9cb::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            62:aa:8d:53:11:c3:f1:d9:92:2e:2b:53:62:a1:97:c5:d2:24:89:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:15:23 2026 GMT
            Not After : Mar  3 06:20:23 2027 GMT
        Subject: CN=39B799A5D54CBD6B0F7058639248B248CFF910FE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:c5:7c:4e:51:34:e6:10:d9:cc:6f:42:05:03:
                    43:b8:8c:db:6a:78:e7:86:3d:1c:00:89:fc:9d:81:
                    13:fb:bc:be:f2:f4:50:56:ec:5f:5e:a4:0b:c3:eb:
                    9b:99:cc:81:1b:65:30:ed:c1:99:55:4d:60:9f:6a:
                    c7:da:9b:00:c8:6c:86:28:9f:d6:31:50:fe:d6:17:
                    67:c2:26:5f:29:48:02:5c:40:6d:71:22:e1:1d:57:
                    52:cb:a1:fb:c1:dd:c5:0e:67:a9:51:a1:ce:a8:04:
                    9f:a9:0d:ef:f7:4f:c2:47:43:86:ee:8f:5d:23:41:
                    a2:78:6e:87:6b:be:c2:3d:85:11:00:af:62:2d:bf:
                    7d:6d:fe:78:f2:0a:71:eb:b2:c6:1b:01:d4:a0:0f:
                    93:a7:ca:11:3b:ca:05:3c:5f:94:82:a8:bb:c0:ff:
                    f4:52:02:14:d6:77:3c:95:b4:67:61:42:0c:e5:14:
                    7e:79:fa:bf:44:55:eb:04:f5:96:ce:84:bd:03:51:
                    c5:62:b7:55:6d:92:ac:60:7c:ec:d7:f7:36:c2:2d:
                    f6:e8:f3:8e:38:d8:a8:de:60:e8:ef:e5:96:17:3d:
                    1a:c5:3d:54:0e:6d:6f:08:a9:37:76:c9:a9:15:05:
                    9e:07:12:89:2c:d7:7b:c6:89:f7:19:f2:57:b4:fa:
                    64:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:B7:99:A5:D5:4C:BD:6B:0F:70:58:63:92:48:B2:48:CF:F9:10:FE
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145157.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a9cb::/32

    Signature Algorithm: sha256WithRSAEncryption
         7b:70:77:ab:78:b3:26:c5:b9:7e:d3:62:d8:71:14:a6:0a:c9:
         37:25:10:97:1b:fe:11:37:1e:6f:b2:bd:89:fe:9c:ed:30:62:
         c6:11:e6:af:1c:f3:86:61:f2:a0:8a:8e:aa:0d:42:3b:16:66:
         0b:d8:f2:9b:eb:0b:7d:ce:61:15:c4:0f:a8:73:c5:81:28:3e:
         86:f6:49:b4:27:48:80:82:a7:04:6d:f7:1c:d6:da:37:bd:cc:
         e5:d2:75:7c:85:a6:c4:33:03:b3:8c:66:80:58:96:32:7a:eb:
         76:76:6a:cf:07:30:a8:c3:76:b8:fa:35:1c:6e:ea:07:de:32:
         8d:2e:e7:d2:d6:7d:c2:ac:c5:8b:16:bb:9e:a3:9e:a0:ec:66:
         d9:27:02:e9:6b:98:00:25:72:56:c7:f9:a4:82:cb:7b:d5:b9:
         61:01:04:91:06:0a:db:8f:f7:8b:4a:6a:23:b8:67:5c:26:b3:
         59:5f:d5:51:3a:38:ed:5b:6a:48:d8:ec:aa:73:c7:e0:04:be:
         4c:f8:7f:f7:37:9e:24:02:49:2a:3a:86:2d:3c:81:d2:b7:9a:
         b5:e3:ba:47:5e:11:f9:a7:bb:5e:59:47:f1:30:e9:23:fb:bb:
         2e:3c:39:13:a7:ad:41:e8:db:65:2b:e8:d5:5d:b1:40:b6:b2:
         04:a9:eb:62
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUYqqNUxHD8dmSLitTYqGXxdIkiUEwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTUyM1oX
DTI3MDMwMzA2MjAyM1owMzExMC8GA1UEAxMoMzlCNzk5QTVENTRDQkQ2QjBGNzA1
ODYzOTI0OEIyNDhDRkY5MTBGRTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL/FfE5RNOYQ2cxvQgUDQ7iM22p454Y9HACJ/J2BE/u8vvL0UFbsX16kC8Pr
m5nMgRtlMO3BmVVNYJ9qx9qbAMhshiif1jFQ/tYXZ8ImXylIAlxAbXEi4R1XUsuh
+8HdxQ5nqVGhzqgEn6kN7/dPwkdDhu6PXSNBonhuh2u+wj2FEQCvYi2/fW3+ePIK
ceuyxhsB1KAPk6fKETvKBTxflIKou8D/9FICFNZ3PJW0Z2FCDOUUfnn6v0RV6wT1
ls6EvQNRxWK3VW2SrGB87Nf3NsIt9ujzjjjYqN5g6O/llhc9GsU9VA5tbwipN3bJ
qRUFngcSiSzXe8aJ9xnyV7T6ZE8CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQ5t5ml
1Uy9aw9wWGOSSLJIz/kQ/jAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTE1Ny5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
qcswDQYJKoZIhvcNAQELBQADggEBAHtwd6t4sybFuX7TYthxFKYKyTclEJcb/hE3
Hm+yvYn+nO0wYsYR5q8c84Zh8qCKjqoNQjsWZgvY8pvrC33OYRXED6hzxYEoPob2
SbQnSICCpwRt9xzW2je9zOXSdXyFpsQzA7OMZoBYljJ663Z2as8HMKjDdrj6NRxu
6gfeMo0u59LWfcKsxYsWu56jnqDsZtknAulrmAAlclbH+aSCy3vVuWEBBJEGCtuP
94tKaiO4Z1wms1lf1VE6OO1bakjY7Kpzx+AEvkz4f/c3niQCSSo6hi08gdK3mrXj
ukdeEfmnu15ZR/Ew6SP7uy48OROnrUHo22Ur6NVdsUC2sgSp62I=
-----END CERTIFICATE-----