Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145182.roa
File:                     AS145182.roa (raw, json)
Hash identifier:          wFW1+O/34vEeGm5KV8GTVVKEMRVwuLZoGNWxbDqzbvE=
Subject key identifier:   9D:63:1E:6E:96:92:A0:B5:2C:41:CA:A0:0F:36:A6:9B:BB:29:44:90
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       23FE79F7A5291D675119753E98C8957D4052CA76
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145182.roa
Signing time:             Wed 04 Mar 2026 06:21:32 +0000
ROA not before:           Wed 04 Mar 2026 06:16:32 +0000
ROA not after:            Wed 03 Mar 2027 06:21:32 +0000
asID:                     145182
IP address blocks:        240a:a9e4::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            23:fe:79:f7:a5:29:1d:67:51:19:75:3e:98:c8:95:7d:40:52:ca:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:16:32 2026 GMT
            Not After : Mar  3 06:21:32 2027 GMT
        Subject: CN=9D631E6E9692A0B52C41CAA00F36A69BBB294490
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:2b:49:ef:78:8e:ed:a1:f2:9a:ee:e3:69:f8:
                    e0:32:fc:cd:8b:3d:da:53:e6:92:2b:96:02:b6:0c:
                    9b:c6:64:4f:01:84:7d:06:78:e1:16:9b:45:f0:b4:
                    cd:de:68:8a:4b:4c:4a:e7:c0:0f:db:a1:45:0a:3a:
                    00:87:09:50:d0:4e:31:72:03:3d:dc:09:3a:66:56:
                    56:b0:eb:93:2e:32:17:0f:0d:8b:83:20:e6:5e:3d:
                    dc:4d:58:c5:f8:b6:c6:9c:c4:c9:0b:6f:c0:cd:30:
                    83:6d:43:1e:38:e1:05:6a:62:5c:a6:78:4f:bd:0c:
                    29:68:59:86:3c:83:9e:34:7d:1a:14:49:7a:0f:be:
                    43:a0:82:9f:14:76:b3:57:d2:bc:82:3c:62:87:9b:
                    0d:63:34:be:af:64:75:bc:70:1f:47:ff:47:5b:7d:
                    ac:ed:d4:8f:07:5f:3a:e4:25:67:a4:0b:1b:52:66:
                    aa:19:6f:f3:2c:35:34:a9:80:fa:c2:4f:e8:6a:72:
                    f2:56:ad:4d:80:a5:b7:8a:7d:da:f4:d9:00:14:d3:
                    f0:b0:f2:02:4a:44:8c:9f:4f:53:50:51:77:c1:72:
                    38:52:ab:c1:e4:94:cd:6d:fe:c1:79:de:a1:4d:3e:
                    8a:2d:cf:66:b5:17:e0:d1:b8:06:3d:a5:46:41:16:
                    c1:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:63:1E:6E:96:92:A0:B5:2C:41:CA:A0:0F:36:A6:9B:BB:29:44:90
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145182.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a9e4::/32

    Signature Algorithm: sha256WithRSAEncryption
         b2:78:d8:8d:3c:32:b3:9a:f2:d7:cf:34:37:00:13:a6:64:83:
         95:4a:a3:03:ac:16:f1:6b:cf:08:37:09:8e:6e:80:57:99:fb:
         eb:b3:06:30:fe:c6:b0:e4:60:9e:ae:26:66:57:21:b7:4f:28:
         66:10:39:0f:eb:19:e2:eb:67:df:ac:7d:6b:fa:3a:ce:5c:b0:
         00:61:db:45:eb:11:60:40:e5:45:a2:16:23:c4:ae:7d:6e:8a:
         0c:92:78:90:fe:e2:5a:b2:31:ba:2f:19:df:a4:be:7d:4c:39:
         33:41:c5:1a:50:a8:cd:d8:2f:82:dc:25:83:72:58:32:8b:48:
         9d:1a:f6:21:5f:40:88:26:a9:d1:96:a8:b6:8c:7f:11:a4:d6:
         79:ee:5e:4f:bc:d9:78:51:4f:e0:8f:8d:19:c0:f2:55:67:95:
         ec:0c:49:e0:59:65:09:d7:e3:46:21:20:26:69:60:36:7d:96:
         6e:7e:23:63:48:0f:9f:c9:99:6b:21:f3:4c:12:3e:d9:99:d6:
         de:65:60:11:9b:e1:2e:98:cf:96:e8:17:7b:f8:49:b9:37:86:
         46:54:54:c6:1f:58:dd:1b:7d:2a:34:b2:ed:61:fc:10:53:dc:
         11:cf:36:e2:42:83:b1:d8:8d:f3:16:77:7b:f7:48:42:88:13:
         d7:d0:a1:a9
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUI/5596UpHWdRGXU+mMiVfUBSynYwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTYzMloX
DTI3MDMwMzA2MjEzMlowMzExMC8GA1UEAxMoOUQ2MzFFNkU5NjkyQTBCNTJDNDFD
QUEwMEYzNkE2OUJCQjI5NDQ5MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKcrSe94ju2h8pru42n44DL8zYs92lPmkiuWArYMm8ZkTwGEfQZ44RabRfC0
zd5oiktMSufAD9uhRQo6AIcJUNBOMXIDPdwJOmZWVrDrky4yFw8Ni4Mg5l493E1Y
xfi2xpzEyQtvwM0wg21DHjjhBWpiXKZ4T70MKWhZhjyDnjR9GhRJeg++Q6CCnxR2
s1fSvII8YoebDWM0vq9kdbxwH0f/R1t9rO3UjwdfOuQlZ6QLG1Jmqhlv8yw1NKmA
+sJP6Gpy8latTYClt4p92vTZABTT8LDyAkpEjJ9PU1BRd8FyOFKrweSUzW3+wXne
oU0+ii3PZrUX4NG4Bj2lRkEWwY0CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBSdYx5u
lpKgtSxByqAPNqabuylEkDAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTE4Mi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
qeQwDQYJKoZIhvcNAQELBQADggEBALJ42I08MrOa8tfPNDcAE6Zkg5VKowOsFvFr
zwg3CY5ugFeZ++uzBjD+xrDkYJ6uJmZXIbdPKGYQOQ/rGeLrZ9+sfWv6Os5csABh
20XrEWBA5UWiFiPErn1uigySeJD+4lqyMbovGd+kvn1MOTNBxRpQqM3YL4LcJYNy
WDKLSJ0a9iFfQIgmqdGWqLaMfxGk1nnuXk+82XhRT+CPjRnA8lVnlewMSeBZZQnX
40YhICZpYDZ9lm5+I2NID5/JmWsh80wSPtmZ1t5lYBGb4S6Yz5boF3v4Sbk3hkZU
VMYfWN0bfSo0su1h/BBT3BHPNuJCg7HYjfMWd3v3SEKIE9fQoak=
-----END CERTIFICATE-----