Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145313.roa
File:                     AS145313.roa (raw, json)
Hash identifier:          cxvvM7r9T9EMGN4oQco99dczkVAJBiemXHQd2+SgjGY=
Subject key identifier:   B8:F2:91:52:42:1A:E3:9B:E4:30:7E:71:15:1D:B1:50:54:CD:C8:96
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       012613E003F3CD70C143B16E1694A7C4490DDFC6
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145313.roa
Signing time:             Wed 04 Mar 2026 06:20:57 +0000
ROA not before:           Wed 04 Mar 2026 06:15:57 +0000
ROA not after:            Wed 03 Mar 2027 06:20:57 +0000
asID:                     145313
IP address blocks:        240a:aa67::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:26:13:e0:03:f3:cd:70:c1:43:b1:6e:16:94:a7:c4:49:0d:df:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:15:57 2026 GMT
            Not After : Mar  3 06:20:57 2027 GMT
        Subject: CN=B8F29152421AE39BE4307E71151DB15054CDC896
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:87:2f:95:ec:fe:ca:ba:59:17:34:6b:81:8f:
                    cf:af:26:86:b5:92:08:7b:34:7e:ce:4f:8a:37:b5:
                    9e:0b:4e:30:24:91:71:36:76:b5:a9:1e:e3:bd:01:
                    5d:fd:6e:6d:fa:74:ab:d7:ca:e2:81:82:98:fd:bc:
                    24:a0:95:c4:35:6b:15:bb:ff:d4:c0:b7:cb:cf:d8:
                    3a:99:29:be:77:fd:43:ff:ee:23:67:21:72:e2:fd:
                    e6:a6:4a:d3:54:88:19:94:aa:d7:fa:60:65:d5:62:
                    9a:6e:2d:c7:5d:00:47:ea:a2:0f:f0:f9:13:3b:62:
                    1e:4c:7d:81:fa:5a:f8:05:0a:7f:6b:80:57:6f:6c:
                    cc:41:ad:b9:68:db:b7:25:9c:08:a3:31:bd:ff:a2:
                    18:ca:55:1c:21:33:4e:d3:37:ca:ec:9a:b6:ef:50:
                    08:55:2e:f6:95:38:81:a4:1f:53:59:90:06:0b:4d:
                    47:be:a3:d5:bd:54:71:b8:20:ce:a2:50:be:16:fe:
                    41:fb:2b:80:7a:c0:9b:f6:4e:dc:67:bf:c3:54:a3:
                    df:ab:d0:bf:ee:09:d8:67:83:38:70:4f:d8:f5:f8:
                    75:79:12:3b:6c:49:7d:75:d8:d2:db:2e:c2:90:69:
                    c4:62:21:8b:0e:9c:5f:07:1b:71:31:7d:46:6c:47:
                    c4:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:F2:91:52:42:1A:E3:9B:E4:30:7E:71:15:1D:B1:50:54:CD:C8:96
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145313.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:aa67::/32

    Signature Algorithm: sha256WithRSAEncryption
         45:a5:74:58:e4:b7:d5:4f:97:3e:77:11:de:ae:00:4d:16:ad:
         b8:a2:97:39:88:72:6b:71:35:46:cc:75:ea:de:49:4a:e2:72:
         dc:2d:09:bb:2d:63:49:c2:0a:e4:95:e2:50:17:47:29:52:c6:
         a8:69:6b:cb:55:83:3e:19:23:e1:93:76:6d:b4:15:ff:e6:b7:
         f6:dc:2e:16:63:81:fc:c6:a6:87:cc:a8:67:a4:6a:56:bd:b4:
         7a:54:57:91:2f:da:bc:2f:fd:5e:86:9d:38:47:9e:96:da:26:
         3d:c0:d8:e8:d2:97:2f:89:be:65:f2:6b:00:d0:65:b7:77:46:
         57:34:a9:a9:00:2d:8b:7c:58:3f:32:a1:32:5a:89:48:1d:5a:
         30:95:f3:6b:00:d9:10:d6:77:8e:d4:d4:0c:fb:20:cf:70:fb:
         76:06:61:c0:05:4d:96:c1:22:65:46:6b:17:88:15:e0:88:de:
         d2:e0:f8:d6:e7:7e:25:07:cc:a7:2c:19:d0:3d:a6:57:d2:d0:
         a1:db:30:90:c4:16:34:9a:28:2a:8d:59:df:53:a1:db:3d:1c:
         57:a3:f5:33:77:e1:23:0d:d7:80:e1:33:c3:96:0b:46:e1:d0:
         83:90:dd:d7:02:08:52:ad:6a:b8:08:20:a5:bc:bf:b2:07:e1:
         07:dc:61:54
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUASYT4APzzXDBQ7FuFpSnxEkN38YwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTU1N1oX
DTI3MDMwMzA2MjA1N1owMzExMC8GA1UEAxMoQjhGMjkxNTI0MjFBRTM5QkU0MzA3
RTcxMTUxREIxNTA1NENEQzg5NjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOyHL5Xs/sq6WRc0a4GPz68mhrWSCHs0fs5Pije1ngtOMCSRcTZ2take470B
Xf1ubfp0q9fK4oGCmP28JKCVxDVrFbv/1MC3y8/YOpkpvnf9Q//uI2chcuL95qZK
01SIGZSq1/pgZdVimm4tx10AR+qiD/D5EztiHkx9gfpa+AUKf2uAV29szEGtuWjb
tyWcCKMxvf+iGMpVHCEzTtM3yuyatu9QCFUu9pU4gaQfU1mQBgtNR76j1b1Ucbgg
zqJQvhb+QfsrgHrAm/ZO3Ge/w1Sj36vQv+4J2GeDOHBP2PX4dXkSO2xJfXXY0tsu
wpBpxGIhiw6cXwcbcTF9RmxHxJECAwEAAaOCAcUwggHBMB0GA1UdDgQWBBS48pFS
Qhrjm+QwfnEVHbFQVM3IljAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTMxMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
qmcwDQYJKoZIhvcNAQELBQADggEBAEWldFjkt9VPlz53Ed6uAE0WrbiilzmIcmtx
NUbMdereSUrictwtCbstY0nCCuSV4lAXRylSxqhpa8tVgz4ZI+GTdm20Ff/mt/bc
LhZjgfzGpofMqGekala9tHpUV5Ev2rwv/V6GnThHnpbaJj3A2OjSly+JvmXyawDQ
Zbd3Rlc0qakALYt8WD8yoTJaiUgdWjCV82sA2RDWd47U1Az7IM9w+3YGYcAFTZbB
ImVGaxeIFeCI3tLg+NbnfiUHzKcsGdA9plfS0KHbMJDEFjSaKCqNWd9Tods9HFej
9TN34SMN14DhM8OWC0bh0IOQ3dcCCFKtargIIKW8v7IH4QfcYVQ=
-----END CERTIFICATE-----