Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145166.roa
File:                     AS145166.roa (raw, json)
Hash identifier:          rpz4pN15MeeA5JZUnVD643vVhgB0xDBkK3z6XSfPy7o=
Subject key identifier:   3A:F0:35:2F:A6:11:AC:6E:DB:A5:0A:24:E5:EF:6B:61:CB:94:FB:90
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       6A3452E3E6FC31AB1AF28FBE77508C377F9CB73A
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145166.roa
Signing time:             Wed 04 Mar 2026 06:22:24 +0000
ROA not before:           Wed 04 Mar 2026 06:17:24 +0000
ROA not after:            Wed 03 Mar 2027 06:22:24 +0000
asID:                     145166
IP address blocks:        240a:a9d4::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6a:34:52:e3:e6:fc:31:ab:1a:f2:8f:be:77:50:8c:37:7f:9c:b7:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:17:24 2026 GMT
            Not After : Mar  3 06:22:24 2027 GMT
        Subject: CN=3AF0352FA611AC6EDBA50A24E5EF6B61CB94FB90
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:29:f9:ac:c0:f2:30:ad:69:48:95:22:6b:17:
                    f3:4c:6c:25:81:70:72:62:a7:30:c6:a3:15:2f:41:
                    a1:a9:b0:7c:e2:1f:d8:ac:7a:e1:30:58:05:e0:5f:
                    ba:28:e2:83:c9:dd:2a:c3:fd:f0:b7:34:d4:00:37:
                    96:6e:1f:75:de:64:ab:ec:c8:86:da:4d:38:98:3a:
                    34:bf:fb:32:d6:eb:3b:c7:d2:96:23:90:02:ea:5b:
                    a8:11:00:03:20:50:7d:ff:30:40:a4:eb:7b:22:51:
                    8f:58:b1:e5:6f:52:b7:1d:20:c9:5e:93:4f:0b:85:
                    77:b1:ec:57:88:3a:30:a7:6c:79:f1:6c:d5:bc:74:
                    a4:88:22:cd:70:8d:36:fe:1d:dc:b8:76:af:a4:2c:
                    d7:52:fe:4f:cf:59:20:47:6a:43:da:43:5a:6e:96:
                    4e:7a:b8:ac:f0:40:1d:fb:bb:f7:06:f5:cc:88:c4:
                    14:8a:0f:eb:26:8a:6b:4b:4d:d1:11:f3:eb:07:bb:
                    31:ad:b2:20:c0:3c:40:0c:79:1c:fa:90:a7:fd:e0:
                    48:e9:29:5a:09:e4:30:5f:2a:ff:4f:86:10:a7:e3:
                    20:f9:7f:8c:46:85:3e:95:39:7a:55:d9:8a:62:32:
                    a3:c1:bc:a4:4d:91:b6:01:f3:0f:fa:a4:df:b7:85:
                    bb:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:F0:35:2F:A6:11:AC:6E:DB:A5:0A:24:E5:EF:6B:61:CB:94:FB:90
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145166.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a9d4::/32

    Signature Algorithm: sha256WithRSAEncryption
         65:c4:40:af:dc:0a:18:75:a8:df:be:de:8d:f1:40:d6:81:bf:
         fc:f1:1e:b4:96:58:a3:ed:c6:7d:93:ce:10:1d:ba:89:32:2c:
         6c:48:b5:bb:5b:35:ef:99:64:d3:f0:97:f6:c8:d5:a3:9f:ac:
         c1:1b:76:f1:99:84:98:cd:ca:22:15:1a:d0:00:aa:3a:23:bc:
         aa:22:00:58:b7:04:00:f2:3d:25:0b:f9:cd:e4:d6:29:46:fc:
         23:a6:70:44:79:f7:b9:30:bb:b2:73:b3:7e:c1:4c:ca:1c:b7:
         61:10:a8:fb:ef:d8:50:66:66:a6:55:52:e1:e2:69:20:6c:c7:
         73:1c:f3:63:2d:93:bb:d3:2f:65:0a:37:7f:d0:af:05:f7:5b:
         08:8c:b8:0b:c3:94:4d:55:c4:0d:06:e3:3e:34:90:ca:ca:d7:
         8f:08:c0:85:b9:d6:a7:4a:63:7c:ce:a3:8d:56:65:29:c0:3c:
         46:66:cd:81:d1:c8:af:2d:95:50:08:e4:31:96:13:10:a1:30:
         db:88:29:78:58:da:ee:13:98:db:77:52:1e:2b:8b:43:e8:f4:
         35:dd:90:a2:67:4d:ff:1a:c6:8d:61:c4:66:92:23:6d:b1:a3:
         57:54:1a:fd:d8:79:f3:30:77:c5:6e:65:43:b2:1b:c1:41:3b:
         cc:d2:f2:ae
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUajRS4+b8Masa8o++d1CMN3+ctzowDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTcyNFoX
DTI3MDMwMzA2MjIyNFowMzExMC8GA1UEAxMoM0FGMDM1MkZBNjExQUM2RURCQTUw
QTI0RTVFRjZCNjFDQjk0RkI5MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMkp+azA8jCtaUiVImsX80xsJYFwcmKnMMajFS9BoamwfOIf2Kx64TBYBeBf
uijig8ndKsP98Lc01AA3lm4fdd5kq+zIhtpNOJg6NL/7MtbrO8fSliOQAupbqBEA
AyBQff8wQKTreyJRj1ix5W9Stx0gyV6TTwuFd7HsV4g6MKdsefFs1bx0pIgizXCN
Nv4d3Lh2r6Qs11L+T89ZIEdqQ9pDWm6WTnq4rPBAHfu79wb1zIjEFIoP6yaKa0tN
0RHz6we7Ma2yIMA8QAx5HPqQp/3gSOkpWgnkMF8q/0+GEKfjIPl/jEaFPpU5elXZ
imIyo8G8pE2RtgHzD/qk37eFu/kCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQ68DUv
phGsbtulCiTl72thy5T7kDAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTE2Ni5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
qdQwDQYJKoZIhvcNAQELBQADggEBAGXEQK/cChh1qN++3o3xQNaBv/zxHrSWWKPt
xn2TzhAduokyLGxItbtbNe+ZZNPwl/bI1aOfrMEbdvGZhJjNyiIVGtAAqjojvKoi
AFi3BADyPSUL+c3k1ilG/COmcER597kwu7Jzs37BTMoct2EQqPvv2FBmZqZVUuHi
aSBsx3Mc82Mtk7vTL2UKN3/QrwX3WwiMuAvDlE1VxA0G4z40kMrK148IwIW51qdK
Y3zOo41WZSnAPEZmzYHRyK8tlVAI5DGWExChMNuIKXhY2u4TmNt3Uh4ri0Po9DXd
kKJnTf8axo1hxGaSI22xo1dUGv3YefMwd8VuZUOyG8FBO8zS8q4=
-----END CERTIFICATE-----