Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145245.roa
File:                     AS145245.roa (raw, json)
Hash identifier:          OKIVgedysDRupM6Edr3dcbIVZxTW7az/CpxK/uf3m6s=
Subject key identifier:   17:84:A8:A9:A3:0F:2D:31:DB:00:92:29:C6:28:CF:21:95:58:7C:0F
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       022A8081AE920B952180219FA2881AC401FCBD43
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145245.roa
Signing time:             Wed 04 Mar 2026 06:21:57 +0000
ROA not before:           Wed 04 Mar 2026 06:16:57 +0000
ROA not after:            Wed 03 Mar 2027 06:21:57 +0000
asID:                     145245
IP address blocks:        240a:aa23::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:2a:80:81:ae:92:0b:95:21:80:21:9f:a2:88:1a:c4:01:fc:bd:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:16:57 2026 GMT
            Not After : Mar  3 06:21:57 2027 GMT
        Subject: CN=1784A8A9A30F2D31DB009229C628CF2195587C0F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:d1:8d:a6:b9:e8:3f:86:7d:e9:8d:43:76:d7:
                    0e:56:25:f3:27:65:9e:41:9a:d0:95:6c:0d:ea:52:
                    ac:2a:b0:2c:63:68:10:8d:2f:0f:56:1a:2e:7e:48:
                    60:35:85:62:c2:15:4b:d5:b6:b8:24:b5:f1:98:90:
                    be:f0:84:bf:2f:c6:7e:50:2e:df:58:09:8e:7b:db:
                    48:fe:a1:47:5c:f6:58:0d:41:1f:97:2d:29:9e:88:
                    b1:d5:56:3b:5f:ed:91:9e:b1:16:bf:fa:68:74:e8:
                    37:60:7f:bf:e6:dc:02:e2:85:6b:1f:d2:37:76:46:
                    de:4c:ee:bb:25:98:92:00:0f:27:cd:bc:84:53:42:
                    b6:db:30:1c:e3:cf:76:f1:a5:6a:6a:5b:94:03:ad:
                    ed:3e:97:c5:2e:5a:6d:d7:86:90:a3:d3:91:c8:1c:
                    fc:44:16:f0:ab:e9:a2:d0:42:0e:09:6f:a4:1d:8d:
                    6e:8f:e5:05:dc:2f:a5:a7:54:f5:49:2b:6c:55:cc:
                    78:53:a1:7b:ac:ad:a0:88:7b:67:5b:eb:e9:9e:12:
                    a5:0c:a9:13:ef:c5:88:bd:bd:e3:90:fa:cf:34:c7:
                    42:13:f4:1b:8d:de:af:bf:ba:65:e5:e5:22:59:cb:
                    0e:d9:71:0a:0d:42:02:b2:ed:b4:fd:bb:c2:82:8c:
                    c3:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:84:A8:A9:A3:0F:2D:31:DB:00:92:29:C6:28:CF:21:95:58:7C:0F
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145245.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:aa23::/32

    Signature Algorithm: sha256WithRSAEncryption
         93:2a:83:2f:41:38:59:7f:9a:6c:f9:52:7a:e9:c4:29:74:f1:
         53:e4:70:f5:ac:ad:3b:5c:52:c4:8f:92:8b:95:b5:a6:7d:c7:
         7b:a3:7c:84:15:56:5a:31:be:b2:88:7c:e4:16:03:a4:28:ca:
         17:5f:d2:ba:a8:46:a6:83:71:10:01:da:29:97:9d:4f:fe:f0:
         14:db:ce:b3:03:60:09:8a:4f:6e:dc:24:d7:e4:44:6f:d1:7a:
         1c:d0:58:32:54:25:54:96:d2:45:db:13:9c:e4:c2:0f:ee:54:
         c1:83:49:29:d3:c2:33:19:a2:19:ec:fb:f3:ff:72:b2:7e:71:
         d4:5a:7c:ea:6d:e0:da:88:e6:02:8a:cc:91:ee:01:2c:28:2c:
         59:cf:0c:53:38:27:ae:41:8d:91:98:e8:72:74:11:01:bc:94:
         8a:27:43:a9:3e:83:e7:1c:c8:3f:d1:ef:50:53:23:14:0c:85:
         0f:66:08:a7:a2:8f:58:55:33:32:c9:34:8b:55:c7:2a:42:da:
         c1:63:f3:73:12:69:38:a4:0e:58:b4:7e:1f:30:c1:15:79:82:
         5f:9e:6b:91:c2:2d:4a:c5:58:7d:e9:c2:a0:19:7b:a8:4b:51:
         ad:1d:82:b5:eb:9c:f5:10:7c:7b:0d:d8:d6:15:54:f3:a6:d4:
         80:97:44:14
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUAiqAga6SC5UhgCGfoogaxAH8vUMwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTY1N1oX
DTI3MDMwMzA2MjE1N1owMzExMC8GA1UEAxMoMTc4NEE4QTlBMzBGMkQzMURCMDA5
MjI5QzYyOENGMjE5NTU4N0MwRjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAM/Rjaa56D+GfemNQ3bXDlYl8ydlnkGa0JVsDepSrCqwLGNoEI0vD1YaLn5I
YDWFYsIVS9W2uCS18ZiQvvCEvy/GflAu31gJjnvbSP6hR1z2WA1BH5ctKZ6IsdVW
O1/tkZ6xFr/6aHToN2B/v+bcAuKFax/SN3ZG3kzuuyWYkgAPJ828hFNCttswHOPP
dvGlampblAOt7T6XxS5abdeGkKPTkcgc/EQW8KvpotBCDglvpB2Nbo/lBdwvpadU
9UkrbFXMeFOhe6ytoIh7Z1vr6Z4SpQypE+/FiL2945D6zzTHQhP0G43er7+6ZeXl
IlnLDtlxCg1CArLttP27woKMw+sCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQXhKip
ow8tMdsAkinGKM8hlVh8DzAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTI0NS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
qiMwDQYJKoZIhvcNAQELBQADggEBAJMqgy9BOFl/mmz5UnrpxCl08VPkcPWsrTtc
UsSPkouVtaZ9x3ujfIQVVloxvrKIfOQWA6Qoyhdf0rqoRqaDcRAB2imXnU/+8BTb
zrMDYAmKT27cJNfkRG/RehzQWDJUJVSW0kXbE5zkwg/uVMGDSSnTwjMZohns+/P/
crJ+cdRafOpt4NqI5gKKzJHuASwoLFnPDFM4J65BjZGY6HJ0EQG8lIonQ6k+g+cc
yD/R71BTIxQMhQ9mCKeij1hVMzLJNItVxypC2sFj83MSaTikDli0fh8wwRV5gl+e
a5HCLUrFWH3pwqAZe6hLUa0dgrXrnPUQfHsN2NYVVPOm1ICXRBQ=
-----END CERTIFICATE-----