Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145205.roa
File:                     AS145205.roa (raw, json)
Hash identifier:          v1G7Ro7CvdLLjhdiQhi7k8UE83yuYlt4Ytiy6V6UtKE=
Subject key identifier:   EA:3B:F1:49:87:E8:D3:79:56:5A:87:21:7D:06:06:36:41:D3:EC:98
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       3F1B28EA8A4C807901AFE30740D3792B77DA8164
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145205.roa
Signing time:             Wed 04 Mar 2026 06:22:37 +0000
ROA not before:           Wed 04 Mar 2026 06:17:37 +0000
ROA not after:            Wed 03 Mar 2027 06:22:37 +0000
asID:                     145205
IP address blocks:        240a:a9fb::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3f:1b:28:ea:8a:4c:80:79:01:af:e3:07:40:d3:79:2b:77:da:81:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:17:37 2026 GMT
            Not After : Mar  3 06:22:37 2027 GMT
        Subject: CN=EA3BF14987E8D379565A87217D06063641D3EC98
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:a9:44:94:73:da:22:c7:0d:9c:89:bf:c0:ff:
                    08:e3:a0:ec:c9:5e:49:09:6c:5f:cb:cc:f2:df:cf:
                    48:9e:64:75:56:67:9a:ec:c0:cb:65:e8:d1:85:d6:
                    33:0b:18:4f:69:c6:48:a3:14:43:07:da:78:bd:73:
                    e4:eb:0b:8e:86:80:77:8b:26:82:0f:32:92:90:36:
                    53:bf:e9:4c:23:32:f3:9c:da:09:53:df:d3:8a:43:
                    b0:15:8a:8d:0b:b0:a0:cd:c0:40:12:bd:8d:73:b4:
                    2d:bf:0a:68:a7:7d:47:64:08:d8:58:8f:a4:3d:74:
                    87:a6:23:0c:20:bb:76:8d:c7:90:60:c9:a9:06:22:
                    e3:d6:49:1b:ce:3c:8b:67:ab:1e:8a:c6:98:18:cd:
                    01:d6:97:d3:d6:54:58:7b:36:fc:56:cd:d6:81:ac:
                    f2:85:3a:ab:0c:62:9c:2f:82:fe:8c:c2:8e:4d:d0:
                    d7:bb:8b:75:e3:ab:44:00:76:19:37:3b:2e:49:eb:
                    e4:13:74:1f:ff:e1:3d:f1:c5:4c:4d:32:6e:bc:de:
                    eb:fb:be:9e:75:34:37:d3:75:7c:63:53:57:24:e9:
                    16:b1:06:6e:2e:5d:20:a4:fb:30:08:82:aa:a8:a3:
                    74:76:ef:d7:64:56:a0:ff:47:d6:b0:99:5b:79:eb:
                    36:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:3B:F1:49:87:E8:D3:79:56:5A:87:21:7D:06:06:36:41:D3:EC:98
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145205.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a9fb::/32

    Signature Algorithm: sha256WithRSAEncryption
         da:1f:04:f5:03:05:f0:a9:cf:e1:06:2f:77:96:bc:7e:da:8b:
         be:af:35:b5:2a:b4:47:59:d7:f3:bc:6a:1c:2c:d5:a0:02:15:
         5c:a1:fc:7a:09:90:a2:97:c6:44:cb:2e:43:1c:14:e9:51:29:
         89:b7:aa:87:1b:08:74:8f:ac:84:d2:4e:68:35:0c:1f:1f:56:
         ec:52:e6:7c:47:91:42:db:ac:46:71:3c:e6:fa:2c:59:68:22:
         ba:ec:90:ae:bc:4d:dd:a0:c9:4f:af:7d:c7:ff:1a:59:f1:88:
         a4:bc:c5:82:a9:40:d8:cb:48:7e:59:3c:c5:5c:ec:17:2e:41:
         fc:90:bf:47:70:44:f6:59:99:b7:2b:68:0a:d6:2b:a7:ae:9e:
         94:0c:59:fc:ac:91:26:16:b2:1e:b7:4a:39:c0:c4:99:4d:db:
         ff:2d:ad:b5:29:14:c4:e3:c6:28:e3:15:a5:0b:97:6d:72:37:
         9c:ac:94:b0:cb:c9:50:ce:51:32:f9:f1:9f:57:44:5f:18:f0:
         40:f9:85:78:66:87:ff:41:0a:79:c1:ad:8c:b4:d4:93:16:73:
         51:0a:12:57:95:c6:e6:ca:2a:66:b0:07:fd:be:aa:9f:6e:15:
         1b:30:f9:5c:3b:ee:7f:69:47:0d:1c:35:bd:5b:0f:0a:79:6d:
         87:bd:fa:25
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUPxso6opMgHkBr+MHQNN5K3fagWQwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTczN1oX
DTI3MDMwMzA2MjIzN1owMzExMC8GA1UEAxMoRUEzQkYxNDk4N0U4RDM3OTU2NUE4
NzIxN0QwNjA2MzY0MUQzRUM5ODCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALypRJRz2iLHDZyJv8D/COOg7MleSQlsX8vM8t/PSJ5kdVZnmuzAy2Xo0YXW
MwsYT2nGSKMUQwfaeL1z5OsLjoaAd4smgg8ykpA2U7/pTCMy85zaCVPf04pDsBWK
jQuwoM3AQBK9jXO0Lb8KaKd9R2QI2FiPpD10h6YjDCC7do3HkGDJqQYi49ZJG848
i2erHorGmBjNAdaX09ZUWHs2/FbN1oGs8oU6qwxinC+C/ozCjk3Q17uLdeOrRAB2
GTc7Lknr5BN0H//hPfHFTE0ybrze6/u+nnU0N9N1fGNTVyTpFrEGbi5dIKT7MAiC
qqijdHbv12RWoP9H1rCZW3nrNjkCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBTqO/FJ
h+jTeVZahyF9BgY2QdPsmDAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTIwNS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
qfswDQYJKoZIhvcNAQELBQADggEBANofBPUDBfCpz+EGL3eWvH7ai76vNbUqtEdZ
1/O8ahws1aACFVyh/HoJkKKXxkTLLkMcFOlRKYm3qocbCHSPrITSTmg1DB8fVuxS
5nxHkULbrEZxPOb6LFloIrrskK68Td2gyU+vfcf/GlnxiKS8xYKpQNjLSH5ZPMVc
7BcuQfyQv0dwRPZZmbcraArWK6eunpQMWfyskSYWsh63SjnAxJlN2/8trbUpFMTj
xijjFaULl21yN5yslLDLyVDOUTL58Z9XRF8Y8ED5hXhmh/9BCnnBrYy01JMWc1EK
EleVxubKKmawB/2+qp9uFRsw+Vw77n9pRw0cNb1bDwp5bYe9+iU=
-----END CERTIFICATE-----