Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145224.roa
File:                     AS145224.roa (raw, json)
Hash identifier:          KtyQxXZgrlPCMoOKY5b9DqbS6jOImnTYhY2pv/ZhtCE=
Subject key identifier:   55:FE:D3:A1:61:1C:C4:03:66:19:1A:AC:62:B4:37:BF:07:30:5B:3D
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       186768D572EFF684E5DDFA4C80EC99A36EE6C0FA
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145224.roa
Signing time:             Wed 04 Mar 2026 06:21:54 +0000
ROA not before:           Wed 04 Mar 2026 06:16:54 +0000
ROA not after:            Wed 03 Mar 2027 06:21:54 +0000
asID:                     145224
IP address blocks:        240a:aa0e::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:67:68:d5:72:ef:f6:84:e5:dd:fa:4c:80:ec:99:a3:6e:e6:c0:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:16:54 2026 GMT
            Not After : Mar  3 06:21:54 2027 GMT
        Subject: CN=55FED3A1611CC40366191AAC62B437BF07305B3D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:7d:05:59:63:33:7d:ae:a6:1a:64:35:8e:4e:
                    70:fb:2a:0d:c8:dc:74:1f:3b:22:c3:79:11:96:d1:
                    79:c5:17:00:43:27:ca:7d:93:41:b1:8d:a7:d0:f3:
                    51:40:e3:3b:54:77:09:26:81:6c:fb:bc:1b:20:c5:
                    e3:cf:cd:c6:c4:7f:e6:db:73:07:bb:82:06:78:ea:
                    32:8c:d1:77:ed:59:08:98:06:0e:85:27:d7:cd:5a:
                    65:67:d1:7b:d2:0d:5b:a8:64:bc:a0:c1:02:e2:37:
                    65:52:27:6e:93:63:36:33:11:09:78:47:ff:01:2d:
                    f9:10:64:d5:1b:ba:f7:8d:54:91:a9:3d:f7:d0:f8:
                    39:84:10:cb:00:1b:89:3d:c9:45:80:a0:8a:a6:57:
                    69:75:9c:1c:e6:95:a1:e8:52:94:30:83:23:db:8c:
                    0c:f4:b7:46:85:db:ac:61:22:05:e0:40:ba:8f:62:
                    a3:d6:f5:91:3d:65:ad:ff:e2:f1:5d:07:38:46:06:
                    fa:86:43:b3:f3:1f:85:65:e3:81:d7:f8:cf:d1:bc:
                    ed:7c:73:f7:4d:e4:48:27:a6:4f:81:77:6e:1a:32:
                    c7:48:9d:06:44:cd:ee:69:40:9f:4a:80:65:ba:d9:
                    2f:5e:bf:1d:e3:54:8e:35:78:00:41:5a:29:24:b6:
                    0b:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:FE:D3:A1:61:1C:C4:03:66:19:1A:AC:62:B4:37:BF:07:30:5B:3D
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145224.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:aa0e::/32

    Signature Algorithm: sha256WithRSAEncryption
         d7:f3:a6:8c:c2:77:99:7f:ee:4b:ef:1d:e0:bd:28:f1:88:57:
         1f:e0:f1:30:fa:03:6b:d4:5d:c7:6f:77:80:c6:9f:de:e9:8e:
         6a:01:a6:39:f4:0e:ed:ea:9a:b2:c6:96:9c:8c:f5:eb:f3:88:
         cc:f7:74:1e:9d:60:6b:75:3f:2d:97:76:a7:15:e0:f2:c1:53:
         57:8f:1f:b9:7b:23:3e:99:27:cc:bb:3f:7e:e4:75:d4:2a:a6:
         28:44:4f:50:50:b5:61:ec:3e:9a:a9:24:69:f1:b3:40:cc:26:
         0c:ec:8a:83:e8:42:70:83:66:05:6b:ca:8c:93:71:15:74:3d:
         ea:31:16:93:f4:28:a2:51:c8:18:e2:cd:26:a7:a9:e9:21:3c:
         1f:81:94:5b:ba:16:95:f5:af:c4:17:36:08:2a:98:c0:96:7e:
         6e:a8:ff:79:46:d0:d1:50:5f:9f:18:27:ed:fa:e3:87:7c:bf:
         74:c3:aa:f8:bf:0c:b7:88:fa:fa:67:ee:86:98:51:c1:ef:62:
         20:df:c6:eb:94:bf:f6:16:d5:95:34:2d:4e:f8:04:a5:6f:08:
         5b:01:50:88:51:34:2b:7c:00:03:fa:7a:75:9b:a6:4d:26:d3:
         3c:75:87:bb:4c:26:60:eb:ce:ea:b3:f0:aa:b5:f7:1d:9c:a9:
         a8:a6:6a:ac
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUGGdo1XLv9oTl3fpMgOyZo27mwPowDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTY1NFoX
DTI3MDMwMzA2MjE1NFowMzExMC8GA1UEAxMoNTVGRUQzQTE2MTFDQzQwMzY2MTkx
QUFDNjJCNDM3QkYwNzMwNUIzRDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOl9BVljM32uphpkNY5OcPsqDcjcdB87IsN5EZbRecUXAEMnyn2TQbGNp9Dz
UUDjO1R3CSaBbPu8GyDF48/NxsR/5ttzB7uCBnjqMozRd+1ZCJgGDoUn181aZWfR
e9INW6hkvKDBAuI3ZVInbpNjNjMRCXhH/wEt+RBk1Ru6941Ukak999D4OYQQywAb
iT3JRYCgiqZXaXWcHOaVoehSlDCDI9uMDPS3RoXbrGEiBeBAuo9io9b1kT1lrf/i
8V0HOEYG+oZDs/MfhWXjgdf4z9G87Xxz903kSCemT4F3bhoyx0idBkTN7mlAn0qA
ZbrZL16/HeNUjjV4AEFaKSS2C68CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBRV/tOh
YRzEA2YZGqxitDe/BzBbPTAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTIyNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
qg4wDQYJKoZIhvcNAQELBQADggEBANfzpozCd5l/7kvvHeC9KPGIVx/g8TD6A2vU
Xcdvd4DGn97pjmoBpjn0Du3qmrLGlpyM9evziMz3dB6dYGt1Py2XdqcV4PLBU1eP
H7l7Iz6ZJ8y7P37kddQqpihET1BQtWHsPpqpJGnxs0DMJgzsioPoQnCDZgVryoyT
cRV0PeoxFpP0KKJRyBjizSanqekhPB+BlFu6FpX1r8QXNggqmMCWfm6o/3lG0NFQ
X58YJ+3644d8v3TDqvi/DLeI+vpn7oaYUcHvYiDfxuuUv/YW1ZU0LU74BKVvCFsB
UIhRNCt8AAP6enWbpk0m0zx1h7tMJmDrzuqz8Kq19x2cqaimaqw=
-----END CERTIFICATE-----