Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145294.roa
File:                     AS145294.roa (raw, json)
Hash identifier:          PIa8xrUmfA29kGBjaO6o5DA4Refe9FPxR6ZAXE49Pog=
Subject key identifier:   4F:18:B1:1B:30:DF:97:59:F0:C7:59:0B:40:B9:15:D9:D7:26:3E:0F
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       06DF42F52E512F5647651D5E3534F03828665BC4
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145294.roa
Signing time:             Wed 04 Mar 2026 06:22:33 +0000
ROA not before:           Wed 04 Mar 2026 06:17:33 +0000
ROA not after:            Wed 03 Mar 2027 06:22:33 +0000
asID:                     145294
IP address blocks:        240a:aa54::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            06:df:42:f5:2e:51:2f:56:47:65:1d:5e:35:34:f0:38:28:66:5b:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:17:33 2026 GMT
            Not After : Mar  3 06:22:33 2027 GMT
        Subject: CN=4F18B11B30DF9759F0C7590B40B915D9D7263E0F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:24:f9:d1:19:f4:12:a4:a2:83:2e:d4:c0:8b:
                    d5:df:34:47:3b:24:8b:01:71:26:f7:11:58:a2:50:
                    f3:7d:54:a2:68:55:bc:99:4e:1d:21:8a:a5:dd:85:
                    35:30:4b:72:18:80:27:49:61:6d:47:77:4b:5c:10:
                    c3:d0:bf:ba:07:e4:e5:19:39:71:77:78:f3:ef:93:
                    a7:fb:80:f1:a2:2c:51:b9:9b:00:bc:7a:f2:f5:6b:
                    77:a7:89:0e:64:df:d9:23:1f:a9:f7:33:41:cd:78:
                    fc:84:ae:14:c3:2d:2f:a6:c9:76:23:da:48:ac:11:
                    2c:66:93:09:55:93:f9:2a:43:97:b6:82:ca:1a:84:
                    18:1a:84:82:d2:f7:1f:e0:c1:85:84:ec:2c:28:19:
                    1a:83:bd:d5:a8:3f:cf:00:2c:35:b2:25:54:08:32:
                    79:de:a2:7a:f1:dd:3c:ce:6b:49:21:73:40:19:f9:
                    cd:da:a9:2e:98:90:5f:71:e6:99:c4:22:7c:a9:5e:
                    49:42:c5:2a:30:d1:57:6a:11:e1:05:c7:a1:6f:d4:
                    7d:60:19:47:ea:7e:fb:49:b8:02:5b:17:1c:68:e7:
                    f5:f4:f3:22:ed:e0:34:31:ba:f5:c6:c8:ac:48:19:
                    b6:4f:c6:bf:b6:64:79:29:44:53:48:30:c8:ae:50:
                    50:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:18:B1:1B:30:DF:97:59:F0:C7:59:0B:40:B9:15:D9:D7:26:3E:0F
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145294.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:aa54::/32

    Signature Algorithm: sha256WithRSAEncryption
         49:ba:b0:ca:12:69:8e:86:f7:12:56:57:6a:20:1a:bb:66:51:
         be:af:ee:bd:2a:c9:ce:e2:84:9f:05:bb:34:77:8e:56:78:1f:
         0d:f0:4d:f6:f2:e4:9a:f8:53:db:a9:c6:3f:78:55:9b:74:1e:
         1a:f5:4b:41:2d:a3:66:fd:72:22:94:d0:d5:db:9e:8a:fb:7c:
         a8:d1:45:80:eb:7c:d6:66:21:18:35:93:c6:25:b8:01:f0:08:
         3e:67:a9:4c:b8:d7:e6:dd:0b:50:87:c9:4a:af:27:9e:98:30:
         af:1f:9c:b9:09:7c:05:b0:6a:69:95:6c:f1:94:20:56:3b:10:
         7f:74:95:b5:10:9f:1b:a8:c1:b2:60:37:c3:fb:7c:5a:7f:7d:
         9a:82:c5:29:0a:96:f8:48:6a:58:61:5b:18:4c:10:f4:e3:d8:
         c5:70:56:68:d9:d6:c9:40:a4:18:8d:d8:0b:60:66:81:cc:54:
         ae:fe:50:d6:ef:81:22:c9:fb:e3:1f:31:cf:ba:6f:8c:61:0a:
         41:db:32:b9:77:e5:f2:da:23:e2:0f:90:6b:c4:04:09:91:fd:
         dd:91:df:4b:a8:dd:d2:1c:e9:3b:fd:83:a0:3e:a0:d0:fc:84:
         d7:e8:82:80:db:8c:cb:fe:6f:1c:7d:c4:5c:dd:0d:c2:b6:af:
         b0:36:92:5a
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUBt9C9S5RL1ZHZR1eNTTwOChmW8QwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTczM1oX
DTI3MDMwMzA2MjIzM1owMzExMC8GA1UEAxMoNEYxOEIxMUIzMERGOTc1OUYwQzc1
OTBCNDBCOTE1RDlENzI2M0UwRjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANck+dEZ9BKkooMu1MCL1d80RzskiwFxJvcRWKJQ831UomhVvJlOHSGKpd2F
NTBLchiAJ0lhbUd3S1wQw9C/ugfk5Rk5cXd48++Tp/uA8aIsUbmbALx68vVrd6eJ
DmTf2SMfqfczQc14/ISuFMMtL6bJdiPaSKwRLGaTCVWT+SpDl7aCyhqEGBqEgtL3
H+DBhYTsLCgZGoO91ag/zwAsNbIlVAgyed6ievHdPM5rSSFzQBn5zdqpLpiQX3Hm
mcQifKleSULFKjDRV2oR4QXHoW/UfWAZR+p++0m4AlsXHGjn9fTzIu3gNDG69cbI
rEgZtk/Gv7ZkeSlEU0gwyK5QUEMCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBRPGLEb
MN+XWfDHWQtAuRXZ1yY+DzAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTI5NC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
qlQwDQYJKoZIhvcNAQELBQADggEBAEm6sMoSaY6G9xJWV2ogGrtmUb6v7r0qyc7i
hJ8FuzR3jlZ4Hw3wTfby5Jr4U9upxj94VZt0Hhr1S0Eto2b9ciKU0NXbnor7fKjR
RYDrfNZmIRg1k8YluAHwCD5nqUy41+bdC1CHyUqvJ56YMK8fnLkJfAWwammVbPGU
IFY7EH90lbUQnxuowbJgN8P7fFp/fZqCxSkKlvhIalhhWxhMEPTj2MVwVmjZ1slA
pBiN2AtgZoHMVK7+UNbvgSLJ++MfMc+6b4xhCkHbMrl35fLaI+IPkGvEBAmR/d2R
30uo3dIc6Tv9g6A+oND8hNfogoDbjMv+bxx9xFzdDcK2r7A2klo=
-----END CERTIFICATE-----