Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145161.roa
File:                     AS145161.roa (raw, json)
Hash identifier:          8ooNVEd2x501XBY0h+cP5hqX1zCToSWAias5uYENaY4=
Subject key identifier:   C8:29:E8:56:13:FB:1C:16:19:87:BE:94:E8:13:F0:BD:CB:74:59:53
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       724E660038EE387CF077835A980239805F59CE32
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145161.roa
Signing time:             Wed 04 Mar 2026 06:20:00 +0000
ROA not before:           Wed 04 Mar 2026 06:15:00 +0000
ROA not after:            Wed 03 Mar 2027 06:20:00 +0000
asID:                     145161
IP address blocks:        240a:a9cf::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            72:4e:66:00:38:ee:38:7c:f0:77:83:5a:98:02:39:80:5f:59:ce:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:15:00 2026 GMT
            Not After : Mar  3 06:20:00 2027 GMT
        Subject: CN=C829E85613FB1C161987BE94E813F0BDCB745953
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:df:23:09:61:06:9b:1d:a8:a5:aa:c4:97:1d:
                    f9:89:9e:b2:df:2b:f1:69:39:75:25:10:69:e3:bf:
                    ca:c7:74:c9:ce:10:0a:6d:5a:ab:77:0c:22:96:04:
                    c1:e9:da:e5:36:a4:0f:c8:1e:e0:12:a3:c5:fb:1c:
                    36:93:18:22:4f:df:43:2a:2b:f3:e9:9d:9b:14:2a:
                    68:47:52:c9:1f:02:ef:5d:31:03:3b:25:a4:88:0f:
                    18:32:40:da:68:5a:5d:ce:41:8e:ff:ad:56:91:22:
                    d4:2d:02:1d:a7:ed:60:c2:a2:a8:37:9e:31:35:1b:
                    b0:a5:10:7f:d2:b8:e5:f7:66:3d:34:3a:6e:52:5b:
                    43:30:3e:4f:a5:38:fa:fe:13:73:db:5e:36:44:0c:
                    0a:51:75:9b:6e:92:42:7f:32:9b:6d:94:ec:1d:6d:
                    13:b5:4b:a9:aa:3a:4d:ea:13:a6:b6:51:20:66:b5:
                    8a:30:33:bf:64:db:71:ee:b2:9d:5a:4e:45:0b:78:
                    83:3a:80:77:68:43:80:7b:b6:f3:82:37:1d:13:8d:
                    20:bd:94:bd:a1:f3:da:ad:e0:b0:02:61:c9:73:47:
                    9e:d8:2e:b8:26:29:5e:cc:72:a3:34:8a:63:3d:f0:
                    c9:4f:03:6a:54:6d:ae:f0:ec:ea:7d:81:0d:7c:75:
                    3d:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:29:E8:56:13:FB:1C:16:19:87:BE:94:E8:13:F0:BD:CB:74:59:53
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145161.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a9cf::/32

    Signature Algorithm: sha256WithRSAEncryption
         64:cb:65:9d:5d:6f:c6:2a:b4:93:28:eb:f9:1b:52:9a:2f:f7:
         fd:ee:79:b9:fb:2c:31:42:63:e4:fb:00:28:d7:82:47:51:e2:
         0e:95:1c:f8:c4:a0:8a:85:29:1f:c6:be:a3:ab:1b:00:ed:4e:
         b2:00:cf:63:92:c1:40:23:db:c2:3c:9a:fc:1b:1a:04:dc:0c:
         57:fe:99:0e:7e:4d:d6:5e:92:0b:5d:cc:62:1d:c8:c0:08:af:
         48:f6:7a:81:a9:80:4b:d7:fd:63:52:e4:63:ab:60:05:87:ca:
         67:bc:d7:90:d6:94:32:39:79:98:45:d5:0b:db:0a:08:c3:20:
         2c:05:d3:ba:a6:d5:83:aa:70:69:be:4f:30:67:2f:3a:04:01:
         23:e3:e0:d4:82:29:17:41:64:c1:73:30:86:70:b4:6b:93:6a:
         a5:49:d5:a9:e5:c4:eb:f2:43:e5:0d:eb:8b:cd:b6:90:d9:d8:
         b5:d3:c3:a5:90:07:d3:66:13:a1:a9:d0:d9:96:0a:af:44:e7:
         c7:a5:60:dc:27:74:b6:e1:95:ab:04:15:6e:f9:45:8d:00:ba:
         da:5e:39:f0:f9:1b:46:c2:86:0a:be:b5:bb:bb:29:1a:02:76:
         19:a3:df:13:d8:d3:be:6c:90:4c:6a:79:74:4e:68:32:ab:e2:
         8a:fa:b8:cd
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUck5mADjuOHzwd4NamAI5gF9ZzjIwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTUwMFoX
DTI3MDMwMzA2MjAwMFowMzExMC8GA1UEAxMoQzgyOUU4NTYxM0ZCMUMxNjE5ODdC
RTk0RTgxM0YwQkRDQjc0NTk1MzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKvfIwlhBpsdqKWqxJcd+Ymest8r8Wk5dSUQaeO/ysd0yc4QCm1aq3cMIpYE
wena5TakD8ge4BKjxfscNpMYIk/fQyor8+mdmxQqaEdSyR8C710xAzslpIgPGDJA
2mhaXc5Bjv+tVpEi1C0CHaftYMKiqDeeMTUbsKUQf9K45fdmPTQ6blJbQzA+T6U4
+v4Tc9teNkQMClF1m26SQn8ym22U7B1tE7VLqao6TeoTprZRIGa1ijAzv2Tbce6y
nVpORQt4gzqAd2hDgHu284I3HRONIL2UvaHz2q3gsAJhyXNHntguuCYpXsxyozSK
Yz3wyU8DalRtrvDs6n2BDXx1PTMCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBTIKehW
E/scFhmHvpToE/C9y3RZUzAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTE2MS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
qc8wDQYJKoZIhvcNAQELBQADggEBAGTLZZ1db8YqtJMo6/kbUpov9/3uebn7LDFC
Y+T7ACjXgkdR4g6VHPjEoIqFKR/GvqOrGwDtTrIAz2OSwUAj28I8mvwbGgTcDFf+
mQ5+TdZekgtdzGIdyMAIr0j2eoGpgEvX/WNS5GOrYAWHyme815DWlDI5eZhF1Qvb
CgjDICwF07qm1YOqcGm+TzBnLzoEASPj4NSCKRdBZMFzMIZwtGuTaqVJ1anlxOvy
Q+UN64vNtpDZ2LXTw6WQB9NmE6Gp0NmWCq9E58elYNwndLbhlasEFW75RY0Autpe
OfD5G0bChgq+tbu7KRoCdhmj3xPY075skExqeXROaDKr4or6uM0=
-----END CERTIFICATE-----