Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145298.roa
File:                     AS145298.roa (raw, json)
Hash identifier:          iAP9UqIVF930RO/sh6zzPv4VM7/RSwJ6o9HtTx920Jc=
Subject key identifier:   4D:27:AA:1A:20:34:27:00:97:F4:42:F5:CF:80:D0:D3:D3:37:80:DB
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       4BF1625B7F27D312A763B44B800BE5BA8F6C291E
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145298.roa
Signing time:             Wed 04 Mar 2026 06:20:39 +0000
ROA not before:           Wed 04 Mar 2026 06:15:39 +0000
ROA not after:            Wed 03 Mar 2027 06:20:39 +0000
asID:                     145298
IP address blocks:        240a:aa58::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4b:f1:62:5b:7f:27:d3:12:a7:63:b4:4b:80:0b:e5:ba:8f:6c:29:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:15:39 2026 GMT
            Not After : Mar  3 06:20:39 2027 GMT
        Subject: CN=4D27AA1A2034270097F442F5CF80D0D3D33780DB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:15:70:79:96:6c:93:ac:59:15:58:58:3a:ea:
                    a9:3f:e7:c1:a4:ac:b8:fd:c8:27:d8:08:5c:9b:6f:
                    15:15:6f:ff:ad:2e:50:01:1b:6b:c6:10:f5:43:ae:
                    fe:09:b6:05:af:fa:dc:b1:9e:07:d4:15:ee:81:56:
                    43:d5:59:2b:43:8f:86:d5:d3:7e:3c:a3:82:f0:f6:
                    39:b2:8c:e4:60:f8:e1:91:77:cc:38:0d:0e:07:21:
                    b1:df:89:55:74:07:bc:80:00:77:85:23:be:ba:6f:
                    6e:1a:83:0a:31:37:e6:c6:37:5f:b9:b1:52:82:3e:
                    19:78:31:98:6c:78:e0:28:b4:75:c5:9f:70:fc:46:
                    cf:c2:9d:4c:2e:21:b6:39:60:f0:a4:53:2f:71:e9:
                    d8:6f:b7:8b:f5:9e:ce:68:42:1d:d3:ac:3a:9f:e1:
                    35:77:43:3a:38:a6:6f:1e:df:64:36:ec:7e:67:21:
                    36:01:02:cc:cd:16:1f:5c:6d:0e:59:0d:ae:c3:aa:
                    cc:83:16:a7:9b:c2:2b:74:a3:76:ea:f0:f0:1e:1c:
                    d0:63:e1:1d:e2:73:2c:13:8e:87:21:5e:27:e0:e5:
                    b7:37:45:f3:11:e9:89:c0:ba:4f:f6:af:23:1d:18:
                    da:10:88:7b:29:d6:b7:ec:6e:86:d6:1c:e5:4f:6c:
                    88:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:27:AA:1A:20:34:27:00:97:F4:42:F5:CF:80:D0:D3:D3:37:80:DB
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145298.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:aa58::/32

    Signature Algorithm: sha256WithRSAEncryption
         32:df:80:ce:ff:90:ee:34:51:87:b6:3a:d3:bd:09:a2:17:c7:
         5c:40:06:13:c6:d3:b4:b1:b7:5d:f6:5e:31:47:4c:06:28:0d:
         fa:82:2a:8b:af:db:27:29:e1:4a:f1:8b:ea:7d:37:23:a4:5a:
         a0:97:77:a7:d7:c9:21:b5:38:84:97:a0:4b:ac:ae:6f:d6:e3:
         a0:38:f9:43:87:54:05:e6:34:80:05:87:18:44:7e:4c:c6:26:
         86:26:38:aa:da:0f:9b:05:7d:08:0e:18:cd:7e:17:7e:e1:21:
         ee:de:75:7f:1e:a4:fd:1b:0b:9d:4a:d2:f0:01:06:be:72:63:
         f5:e6:2d:6b:53:ab:65:8f:0b:b4:bd:24:18:66:64:e9:ca:93:
         af:c9:70:a6:9a:62:be:a1:c5:18:57:13:9a:c2:b9:ad:30:b9:
         84:e4:0b:bc:fc:36:11:b8:42:73:6f:aa:9b:98:6d:c4:5a:7a:
         a1:19:65:20:a9:3b:6f:33:1a:3e:d4:22:08:80:a6:bf:9e:03:
         50:ec:c5:df:ec:c4:23:45:99:c7:e7:8d:e4:5c:4b:ec:a6:03:
         c2:f4:5e:c6:e3:18:ba:02:63:38:73:e9:06:1c:97:d3:f1:07:
         9e:d3:af:fc:cb:84:32:b2:11:5c:b8:78:94:8a:04:8f:df:5f:
         0e:2f:90:bf
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUS/FiW38n0xKnY7RLgAvluo9sKR4wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTUzOVoX
DTI3MDMwMzA2MjAzOVowMzExMC8GA1UEAxMoNEQyN0FBMUEyMDM0MjcwMDk3RjQ0
MkY1Q0Y4MEQwRDNEMzM3ODBEQjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJAVcHmWbJOsWRVYWDrqqT/nwaSsuP3IJ9gIXJtvFRVv/60uUAEba8YQ9UOu
/gm2Ba/63LGeB9QV7oFWQ9VZK0OPhtXTfjyjgvD2ObKM5GD44ZF3zDgNDgchsd+J
VXQHvIAAd4UjvrpvbhqDCjE35sY3X7mxUoI+GXgxmGx44Ci0dcWfcPxGz8KdTC4h
tjlg8KRTL3Hp2G+3i/WezmhCHdOsOp/hNXdDOjimbx7fZDbsfmchNgECzM0WH1xt
DlkNrsOqzIMWp5vCK3Sjdurw8B4c0GPhHeJzLBOOhyFeJ+DltzdF8xHpicC6T/av
Ix0Y2hCIeynWt+xuhtYc5U9siIkCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBRNJ6oa
IDQnAJf0QvXPgNDT0zeA2zAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTI5OC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
qlgwDQYJKoZIhvcNAQELBQADggEBADLfgM7/kO40UYe2OtO9CaIXx1xABhPG07Sx
t132XjFHTAYoDfqCKouv2ycp4Urxi+p9NyOkWqCXd6fXySG1OISXoEusrm/W46A4
+UOHVAXmNIAFhxhEfkzGJoYmOKraD5sFfQgOGM1+F37hIe7edX8epP0bC51K0vAB
Br5yY/XmLWtTq2WPC7S9JBhmZOnKk6/JcKaaYr6hxRhXE5rCua0wuYTkC7z8NhG4
QnNvqpuYbcRaeqEZZSCpO28zGj7UIgiApr+eA1Dsxd/sxCNFmcfnjeRcS+ymA8L0
XsbjGLoCYzhz6QYcl9PxB57Tr/zLhDKyEVy4eJSKBI/fXw4vkL8=
-----END CERTIFICATE-----