Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145315.roa
File:                     AS145315.roa (raw, json)
Hash identifier:          O6gp6JXPvFvgUZdOjd+/9Cq0SXW2h9B+KKx0loIex0I=
Subject key identifier:   F9:28:FE:AC:DB:38:3F:F4:3F:DA:14:2E:AD:B3:23:F8:EC:07:E6:E4
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       7694E43CC7D2391BCB310C5FEA34992A2E44E6EB
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145315.roa
Signing time:             Wed 04 Mar 2026 06:22:04 +0000
ROA not before:           Wed 04 Mar 2026 06:17:04 +0000
ROA not after:            Wed 03 Mar 2027 06:22:04 +0000
asID:                     145315
IP address blocks:        240a:aa69::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            76:94:e4:3c:c7:d2:39:1b:cb:31:0c:5f:ea:34:99:2a:2e:44:e6:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:17:04 2026 GMT
            Not After : Mar  3 06:22:04 2027 GMT
        Subject: CN=F928FEACDB383FF43FDA142EADB323F8EC07E6E4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:69:ab:96:94:dc:31:af:14:00:27:ce:8d:a7:
                    8d:25:ca:db:2a:b3:9c:a8:a1:0a:23:f4:bc:ce:27:
                    dc:2d:53:82:62:2b:64:f9:b5:92:44:03:ec:1f:f1:
                    3f:15:1c:65:63:c0:a5:81:55:b3:85:f1:f8:43:ae:
                    0a:e8:cd:8c:37:60:87:70:72:b5:3b:db:de:e3:56:
                    23:cc:56:17:3c:bd:cd:3c:25:4a:dd:be:cf:39:52:
                    3d:f2:e5:c7:ff:60:ff:77:51:f8:ce:0b:82:11:fd:
                    bb:b3:24:ed:c2:a3:80:cf:08:11:96:64:fe:e3:ba:
                    e3:b7:11:bd:e6:52:59:74:ce:f4:b1:58:82:08:6a:
                    d6:a7:b6:b2:a7:99:6e:c0:10:58:a2:2b:96:d1:11:
                    01:ed:38:96:fc:4b:3a:7d:83:99:fd:0d:5a:28:84:
                    15:a7:a9:8c:80:ec:a8:7a:f6:21:2b:c4:f7:9d:98:
                    00:79:a7:6f:cd:97:fb:39:16:30:13:b9:9a:fc:28:
                    df:19:92:f1:43:12:32:3b:fc:52:ce:27:00:f7:b9:
                    03:3f:9d:e7:ba:c5:27:6f:e2:7d:9b:59:36:fd:ed:
                    b5:ba:94:20:fe:9d:6a:67:fa:9d:76:b7:13:03:e7:
                    0a:a2:2e:81:50:03:0c:37:b3:a5:b8:c4:69:e7:1f:
                    99:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:28:FE:AC:DB:38:3F:F4:3F:DA:14:2E:AD:B3:23:F8:EC:07:E6:E4
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145315.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:aa69::/32

    Signature Algorithm: sha256WithRSAEncryption
         80:5e:31:21:71:f4:34:41:6f:c1:c2:76:8a:ab:73:c4:8d:6e:
         92:c0:8d:75:42:09:98:53:b2:f5:db:17:25:20:f7:99:8a:8a:
         60:74:77:3b:1c:a9:2b:0d:d8:7b:0a:b4:8d:be:25:82:83:f4:
         27:51:e7:45:1d:08:4d:fb:d8:0c:3f:65:23:8c:61:5d:33:4a:
         a0:0e:63:e4:44:b7:53:ec:88:d2:30:f1:40:10:17:c5:43:da:
         fb:41:a9:d0:97:af:12:2e:f2:67:b2:6d:bf:ef:96:7f:12:eb:
         e2:e2:79:91:f2:bc:54:3a:35:b9:11:cf:d7:fe:a6:b9:03:13:
         91:69:ba:03:68:40:f8:09:88:f7:6f:25:4c:9a:ae:d3:ed:68:
         99:e9:88:d4:d5:52:ca:1d:14:a5:fe:cf:5b:0b:bc:81:32:f5:
         b3:25:4c:b1:66:e2:08:39:f4:a2:44:32:62:43:db:8f:c8:39:
         af:ec:c4:34:33:90:c5:0b:69:39:9f:3e:7d:d5:ec:e6:00:40:
         2a:aa:eb:ab:b6:d3:88:b7:02:a4:57:95:30:9b:cf:bb:14:7b:
         d8:cf:00:39:41:c6:a2:b2:6f:be:2d:fc:d6:9c:d9:ff:c5:88:
         1a:56:ef:e6:3c:d0:6d:d5:2c:ec:8a:61:91:80:3a:c6:1f:20:
         61:d8:7b:d1
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUdpTkPMfSORvLMQxf6jSZKi5E5uswDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTcwNFoX
DTI3MDMwMzA2MjIwNFowMzExMC8GA1UEAxMoRjkyOEZFQUNEQjM4M0ZGNDNGREEx
NDJFQURCMzIzRjhFQzA3RTZFNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJxpq5aU3DGvFAAnzo2njSXK2yqznKihCiP0vM4n3C1TgmIrZPm1kkQD7B/x
PxUcZWPApYFVs4Xx+EOuCujNjDdgh3BytTvb3uNWI8xWFzy9zTwlSt2+zzlSPfLl
x/9g/3dR+M4LghH9u7Mk7cKjgM8IEZZk/uO647cRveZSWXTO9LFYgghq1qe2sqeZ
bsAQWKIrltERAe04lvxLOn2Dmf0NWiiEFaepjIDsqHr2ISvE952YAHmnb82X+zkW
MBO5mvwo3xmS8UMSMjv8Us4nAPe5Az+d57rFJ2/ifZtZNv3ttbqUIP6damf6nXa3
EwPnCqIugVADDDezpbjEaecfmdkCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBT5KP6s
2zg/9D/aFC6tsyP47Afm5DAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTMxNS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
qmkwDQYJKoZIhvcNAQELBQADggEBAIBeMSFx9DRBb8HCdoqrc8SNbpLAjXVCCZhT
svXbFyUg95mKimB0dzscqSsN2HsKtI2+JYKD9CdR50UdCE372Aw/ZSOMYV0zSqAO
Y+REt1PsiNIw8UAQF8VD2vtBqdCXrxIu8meybb/vln8S6+LieZHyvFQ6NbkRz9f+
prkDE5FpugNoQPgJiPdvJUyartPtaJnpiNTVUsodFKX+z1sLvIEy9bMlTLFm4gg5
9KJEMmJD24/IOa/sxDQzkMULaTmfPn3V7OYAQCqq66u204i3AqRXlTCbz7sUe9jP
ADlBxqKyb74t/Nac2f/FiBpW7+Y80G3VLOyKYZGAOsYfIGHYe9E=
-----END CERTIFICATE-----