Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145275.roa
File:                     AS145275.roa (raw, json)
Hash identifier:          6E48Mla7skHiuwvM80gKEP3yHwnmh1PdIsGPI8WvWaQ=
Subject key identifier:   42:43:4F:12:B5:A8:63:37:84:C9:6A:28:0A:DF:5B:53:15:11:1E:09
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       0BA2E2CFBB33CEFE8629335C1751F3B7A6863CD7
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145275.roa
Signing time:             Wed 04 Mar 2026 06:19:39 +0000
ROA not before:           Wed 04 Mar 2026 06:14:39 +0000
ROA not after:            Wed 03 Mar 2027 06:19:39 +0000
asID:                     145275
IP address blocks:        240a:aa41::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0b:a2:e2:cf:bb:33:ce:fe:86:29:33:5c:17:51:f3:b7:a6:86:3c:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:14:39 2026 GMT
            Not After : Mar  3 06:19:39 2027 GMT
        Subject: CN=42434F12B5A8633784C96A280ADF5B5315111E09
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:28:43:e7:6f:73:49:7e:6d:82:7c:a9:f9:97:
                    25:db:31:74:45:97:58:b5:04:25:45:ff:cc:a5:01:
                    7d:10:33:7a:49:82:65:8c:32:d2:03:80:35:46:c4:
                    2a:31:bd:9c:32:77:b9:75:9f:0f:e2:17:2c:71:e0:
                    d8:19:06:ea:3b:2d:bb:97:db:73:23:e2:00:09:3e:
                    97:84:ec:f2:3f:06:5f:00:47:92:b8:c6:56:2b:1e:
                    a7:02:80:88:60:e7:42:da:1c:09:2d:b5:35:07:eb:
                    61:dc:46:8f:7c:6f:53:88:96:f3:e4:7d:dc:5c:43:
                    a9:58:d4:c6:8f:25:a8:02:d2:5f:c6:e5:87:d8:87:
                    43:b3:68:80:7e:30:b9:a3:6d:4c:b2:f1:9f:ed:a9:
                    4f:97:28:d8:f8:61:7f:b8:80:01:49:b5:0d:ce:ff:
                    a2:6a:1b:68:f3:88:b0:95:9d:d5:8e:63:22:0f:17:
                    32:46:f7:69:a2:58:a4:d5:83:c3:22:3c:57:26:0b:
                    76:8d:f4:20:31:ff:3f:a1:5a:9d:e4:99:18:50:a9:
                    d2:a3:77:be:54:c9:2b:74:af:ca:3a:cb:07:db:01:
                    56:19:20:b8:27:d5:d1:2d:22:53:e9:4d:f1:01:70:
                    f1:5d:8f:c5:56:8d:62:6f:74:86:20:bf:bf:3f:f4:
                    64:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:43:4F:12:B5:A8:63:37:84:C9:6A:28:0A:DF:5B:53:15:11:1E:09
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145275.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:aa41::/32

    Signature Algorithm: sha256WithRSAEncryption
         4a:a1:d8:d1:e4:0c:75:9d:1b:59:b1:80:0a:50:91:59:ee:10:
         b2:e6:89:5d:e2:44:d7:91:05:50:16:c1:6a:49:ee:15:55:bc:
         6f:7d:dd:dd:85:e9:09:89:af:02:28:15:9e:5c:be:78:ec:7c:
         0e:6a:05:49:02:f1:89:db:50:73:90:d3:33:6e:0a:94:7d:f1:
         81:43:42:98:61:66:db:12:38:f6:58:6f:7f:2e:c7:54:13:57:
         18:0f:a3:99:d1:41:f6:97:8e:e7:7f:a2:4b:e3:56:a8:9f:d8:
         70:7a:c4:83:1b:fb:f1:c0:dd:0f:15:5e:70:1d:aa:b6:4d:5d:
         1f:4e:e0:2e:bc:87:c9:19:05:85:7b:56:27:80:3f:e5:b4:06:
         f4:10:b4:1e:cc:96:d0:4d:53:7c:ac:9d:6a:b6:c2:7d:cd:c0:
         69:01:56:65:5b:15:61:af:40:dc:3b:06:11:5b:4a:3e:f6:f7:
         67:b6:bf:bb:90:3a:01:90:5f:89:d0:a3:3d:5e:0a:31:23:71:
         88:8f:07:2e:2d:bf:67:6a:16:e0:fd:f1:07:01:57:a7:f1:aa:
         9c:07:82:59:93:3c:86:b8:8a:b0:fc:fe:96:75:52:51:59:32:
         1a:3b:55:8f:e1:8e:89:5e:7d:55:02:22:41:c5:2c:b0:b1:d7:
         ad:af:97:07
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUC6Liz7szzv6GKTNcF1Hzt6aGPNcwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTQzOVoX
DTI3MDMwMzA2MTkzOVowMzExMC8GA1UEAxMoNDI0MzRGMTJCNUE4NjMzNzg0Qzk2
QTI4MEFERjVCNTMxNTExMUUwOTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAM4oQ+dvc0l+bYJ8qfmXJdsxdEWXWLUEJUX/zKUBfRAzekmCZYwy0gOANUbE
KjG9nDJ3uXWfD+IXLHHg2BkG6jstu5fbcyPiAAk+l4Ts8j8GXwBHkrjGVisepwKA
iGDnQtocCS21NQfrYdxGj3xvU4iW8+R93FxDqVjUxo8lqALSX8blh9iHQ7NogH4w
uaNtTLLxn+2pT5co2Phhf7iAAUm1Dc7/omobaPOIsJWd1Y5jIg8XMkb3aaJYpNWD
wyI8VyYLdo30IDH/P6FaneSZGFCp0qN3vlTJK3SvyjrLB9sBVhkguCfV0S0iU+lN
8QFw8V2PxVaNYm90hiC/vz/0ZFUCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBRCQ08S
tahjN4TJaigK31tTFREeCTAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTI3NS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
qkEwDQYJKoZIhvcNAQELBQADggEBAEqh2NHkDHWdG1mxgApQkVnuELLmiV3iRNeR
BVAWwWpJ7hVVvG993d2F6QmJrwIoFZ5cvnjsfA5qBUkC8YnbUHOQ0zNuCpR98YFD
QphhZtsSOPZYb38ux1QTVxgPo5nRQfaXjud/okvjVqif2HB6xIMb+/HA3Q8VXnAd
qrZNXR9O4C68h8kZBYV7VieAP+W0BvQQtB7MltBNU3ysnWq2wn3NwGkBVmVbFWGv
QNw7BhFbSj7292e2v7uQOgGQX4nQoz1eCjEjcYiPBy4tv2dqFuD98QcBV6fxqpwH
glmTPIa4irD8/pZ1UlFZMho7VY/hjolefVUCIkHFLLCx162vlwc=
-----END CERTIFICATE-----