Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145236.roa
File:                     AS145236.roa (raw, json)
Hash identifier:          i3TlUgP1cUnWUhbPdp8N+RVdCQpJdQwHa1+L/Xc0g/g=
Subject key identifier:   93:23:45:DA:73:42:11:15:F7:73:0E:EA:11:9B:0C:8D:F3:F5:88:09
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       2CFA55BF1BE1E74632CD6EAB423B69483FED7221
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145236.roa
Signing time:             Wed 04 Mar 2026 06:20:36 +0000
ROA not before:           Wed 04 Mar 2026 06:15:36 +0000
ROA not after:            Wed 03 Mar 2027 06:20:36 +0000
asID:                     145236
IP address blocks:        240a:aa1a::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2c:fa:55:bf:1b:e1:e7:46:32:cd:6e:ab:42:3b:69:48:3f:ed:72:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:15:36 2026 GMT
            Not After : Mar  3 06:20:36 2027 GMT
        Subject: CN=932345DA73421115F7730EEA119B0C8DF3F58809
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:16:3d:99:ca:b3:88:09:70:75:cf:f6:95:79:
                    37:7f:61:02:c6:43:87:d9:db:73:8a:90:78:8a:94:
                    41:4f:66:6a:ed:0e:b1:e7:1a:05:4a:f7:4b:af:e7:
                    57:f4:1c:ad:32:97:38:c4:7c:4d:2c:25:21:6d:50:
                    75:e9:8f:a9:c5:42:86:28:0f:16:06:0b:99:d5:41:
                    ae:a3:07:52:11:b6:43:cd:40:46:76:db:eb:d9:8d:
                    42:c7:66:08:74:39:12:7d:54:9c:1c:ad:20:06:b7:
                    91:48:69:90:d8:99:bf:50:62:48:19:55:28:e2:14:
                    ed:cc:dc:ba:37:ba:6e:b4:29:53:17:5c:33:08:65:
                    cb:ef:c4:e7:83:dc:41:6f:8e:08:9b:19:4e:72:7d:
                    79:e8:57:10:74:4f:f4:c9:46:b9:08:1a:49:c7:ad:
                    fb:cd:50:a3:a1:6b:27:25:5a:e9:dc:a4:4c:d8:b0:
                    ed:e8:0f:20:8b:30:f4:6c:da:35:cf:9c:20:cf:88:
                    c4:92:b6:6e:46:de:2a:b4:08:c8:83:74:e3:dd:52:
                    a1:b6:d6:22:d2:1f:59:8c:9e:1e:84:0f:96:2a:a7:
                    c2:55:d1:6a:0b:eb:26:a6:d1:0d:82:94:e8:8d:01:
                    78:80:32:bf:07:c1:e7:91:c4:85:c1:1e:f1:8c:cd:
                    c7:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:23:45:DA:73:42:11:15:F7:73:0E:EA:11:9B:0C:8D:F3:F5:88:09
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145236.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:aa1a::/32

    Signature Algorithm: sha256WithRSAEncryption
         2a:af:70:8a:0c:d9:49:da:7b:e7:ff:ec:6f:ab:0a:7f:21:a4:
         24:16:9f:e8:de:a3:7b:64:4c:03:93:3c:7e:ee:5c:26:46:1e:
         0a:c3:fc:73:9e:e6:9b:ec:9a:6d:41:df:59:5e:bc:46:68:82:
         5e:1d:d2:75:e6:9e:04:57:b2:f3:56:3c:0c:2d:b1:86:21:7e:
         53:59:0a:5e:10:8b:f1:dd:90:6e:92:98:ba:7e:c4:5c:ae:99:
         5f:a5:ff:94:38:be:8f:f9:b9:7c:41:82:c7:12:dd:01:c7:a1:
         c3:f0:06:95:6f:94:54:36:b7:06:e8:26:58:7f:79:eb:36:7b:
         9f:01:f0:fc:8f:f4:e2:c5:0d:73:6c:5c:fb:b5:33:71:1a:83:
         2b:41:88:8e:0a:8b:0b:1d:45:7f:d8:a0:60:1a:c9:bd:4b:3d:
         bd:29:1f:db:b3:b2:f2:99:12:62:9f:0b:9d:9a:04:54:99:3f:
         ce:20:d2:39:93:26:73:ea:d8:e0:61:59:e3:1d:02:c5:46:87:
         e6:87:ef:1d:34:5e:15:31:d5:7c:cd:e1:eb:1e:2c:ba:95:34:
         2d:5e:ae:6b:ea:b9:e7:1f:1b:2f:64:25:88:cf:f7:e8:a6:26:
         e8:1c:9d:9d:a8:24:25:6b:aa:52:ce:d4:a9:2a:16:99:79:48:
         12:22:17:10
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIULPpVvxvh50YyzW6rQjtpSD/tciEwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTUzNloX
DTI3MDMwMzA2MjAzNlowMzExMC8GA1UEAxMoOTMyMzQ1REE3MzQyMTExNUY3NzMw
RUVBMTE5QjBDOERGM0Y1ODgwOTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALYWPZnKs4gJcHXP9pV5N39hAsZDh9nbc4qQeIqUQU9mau0OsecaBUr3S6/n
V/QcrTKXOMR8TSwlIW1QdemPqcVChigPFgYLmdVBrqMHUhG2Q81ARnbb69mNQsdm
CHQ5En1UnBytIAa3kUhpkNiZv1BiSBlVKOIU7czcuje6brQpUxdcMwhly+/E54Pc
QW+OCJsZTnJ9eehXEHRP9MlGuQgaScet+81Qo6FrJyVa6dykTNiw7egPIIsw9Gza
Nc+cIM+IxJK2bkbeKrQIyIN0491SobbWItIfWYyeHoQPliqnwlXRagvrJqbRDYKU
6I0BeIAyvwfB55HEhcEe8YzNx+8CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBSTI0Xa
c0IRFfdzDuoRmwyN8/WICTAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTIzNi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
qhowDQYJKoZIhvcNAQELBQADggEBACqvcIoM2Unae+f/7G+rCn8hpCQWn+jeo3tk
TAOTPH7uXCZGHgrD/HOe5pvsmm1B31levEZogl4d0nXmngRXsvNWPAwtsYYhflNZ
Cl4Qi/HdkG6SmLp+xFyumV+l/5Q4vo/5uXxBgscS3QHHocPwBpVvlFQ2twboJlh/
ees2e58B8PyP9OLFDXNsXPu1M3EagytBiI4KiwsdRX/YoGAayb1LPb0pH9uzsvKZ
EmKfC52aBFSZP84g0jmTJnPq2OBhWeMdAsVGh+aH7x00XhUx1XzN4eseLLqVNC1e
rmvquecfGy9kJYjP9+imJugcnZ2oJCVrqlLO1KkqFpl5SBIiFxA=
-----END CERTIFICATE-----