Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145331.roa
File:                     AS145331.roa (raw, json)
Hash identifier:          ZUtzSMBq7hQ+grI1MDcqLCa9jCmGPn6nLdmwqsbRpn8=
Subject key identifier:   2F:E3:7D:C7:D0:6A:10:4C:F1:E8:BF:78:78:3C:40:E0:BC:D5:56:F5
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       20F8669D078391D2B98C710D41DC8BC2D812A3C8
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145331.roa
Signing time:             Wed 04 Mar 2026 06:22:18 +0000
ROA not before:           Wed 04 Mar 2026 06:17:18 +0000
ROA not after:            Wed 03 Mar 2027 06:22:18 +0000
asID:                     145331
IP address blocks:        240a:aa79::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:f8:66:9d:07:83:91:d2:b9:8c:71:0d:41:dc:8b:c2:d8:12:a3:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:17:18 2026 GMT
            Not After : Mar  3 06:22:18 2027 GMT
        Subject: CN=2FE37DC7D06A104CF1E8BF78783C40E0BCD556F5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:df:49:da:eb:b9:3b:78:3f:2a:37:e2:d2:a4:
                    c0:d8:46:dd:a0:26:7c:a9:d9:03:27:c0:2b:fe:08:
                    b8:00:8f:de:21:62:6f:8b:66:7d:08:83:7e:5b:7f:
                    e3:a9:74:e2:94:24:9d:ae:f5:76:b0:92:91:36:cf:
                    6b:30:89:f3:06:a0:d2:79:d2:e5:df:44:e3:64:9d:
                    a8:76:86:22:f5:83:93:2d:f2:7f:88:75:fc:73:f5:
                    e1:ca:02:a4:7c:b8:ee:a3:cc:c7:27:80:34:ca:14:
                    fd:d6:21:70:f6:b2:2d:42:f2:48:3e:4a:82:d1:1f:
                    9c:b8:d0:68:55:fe:9c:c8:4f:51:e8:60:8c:c3:b3:
                    0e:46:2d:3c:17:14:af:6f:07:57:5d:0d:46:f0:62:
                    51:fa:14:f4:3e:8b:cf:cb:b5:10:7c:4c:a6:a0:8b:
                    e9:04:19:b7:58:dc:21:5e:1d:cb:c7:0e:84:00:55:
                    d3:19:53:48:90:9b:44:27:c8:6a:c2:ad:33:44:ce:
                    af:22:2d:d0:06:b6:d3:79:15:10:99:79:6b:5e:ab:
                    f4:79:02:0b:80:b8:c7:20:7a:bf:ad:2f:cb:12:bc:
                    f8:c6:02:50:d3:1d:20:7f:e8:fc:f1:18:98:d2:fa:
                    d1:e7:53:8b:23:ea:2a:6a:be:ee:64:ee:75:d9:95:
                    0c:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:E3:7D:C7:D0:6A:10:4C:F1:E8:BF:78:78:3C:40:E0:BC:D5:56:F5
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145331.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:aa79::/32

    Signature Algorithm: sha256WithRSAEncryption
         93:04:66:22:6f:26:e2:34:72:ed:ff:98:7a:f6:c5:6b:1a:e3:
         50:70:74:45:13:e4:73:7c:aa:2a:2c:e8:ff:ee:96:c9:79:42:
         f1:73:6e:57:7d:fe:28:be:4a:b0:72:98:6d:6c:84:b7:0b:7c:
         76:a2:71:5b:3e:9b:e6:9f:4d:fd:54:1a:1a:b0:d0:03:9a:fc:
         ea:a6:86:1f:97:95:6c:a5:1e:78:45:bc:47:ac:5b:84:e6:19:
         5f:15:4b:bc:07:3e:06:1d:7e:05:63:82:d6:6a:e6:1b:e4:02:
         96:be:8f:45:d7:08:be:d2:86:6a:b7:07:f8:b2:db:e5:54:cc:
         d0:c8:55:01:2f:b9:4a:b2:b5:f4:68:bc:e9:c6:f2:1f:02:42:
         62:c7:94:42:68:98:d3:ed:09:eb:bd:11:62:13:00:da:b8:38:
         29:47:52:35:e5:9d:4b:79:3b:1e:7f:b3:cb:7d:21:a1:71:26:
         03:de:8d:c1:6a:c2:52:15:0e:51:e6:9e:c3:48:dc:4e:a9:5b:
         8c:79:d9:4a:49:7f:c6:66:c8:27:49:9b:41:ab:cf:f8:96:6c:
         f7:63:96:3c:ae:5b:96:c8:31:41:dc:4b:70:0a:9f:a8:66:cf:
         0c:1e:56:c1:ff:b4:72:54:bb:aa:6d:d7:cc:f5:74:ba:b0:70:
         59:61:ba:24
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUIPhmnQeDkdK5jHENQdyLwtgSo8gwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTcxOFoX
DTI3MDMwMzA2MjIxOFowMzExMC8GA1UEAxMoMkZFMzdEQzdEMDZBMTA0Q0YxRThC
Rjc4NzgzQzQwRTBCQ0Q1NTZGNTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAI/fSdrruTt4Pyo34tKkwNhG3aAmfKnZAyfAK/4IuACP3iFib4tmfQiDflt/
46l04pQkna71drCSkTbPazCJ8wag0nnS5d9E42SdqHaGIvWDky3yf4h1/HP14coC
pHy47qPMxyeANMoU/dYhcPayLULySD5KgtEfnLjQaFX+nMhPUehgjMOzDkYtPBcU
r28HV10NRvBiUfoU9D6Lz8u1EHxMpqCL6QQZt1jcIV4dy8cOhABV0xlTSJCbRCfI
asKtM0TOryIt0Aa203kVEJl5a16r9HkCC4C4xyB6v60vyxK8+MYCUNMdIH/o/PEY
mNL60edTiyPqKmq+7mTuddmVDK8CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQv433H
0GoQTPHov3h4PEDgvNVW9TAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTMzMS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
qnkwDQYJKoZIhvcNAQELBQADggEBAJMEZiJvJuI0cu3/mHr2xWsa41BwdEUT5HN8
qios6P/ulsl5QvFzbld9/ii+SrBymG1shLcLfHaicVs+m+afTf1UGhqw0AOa/Oqm
hh+XlWylHnhFvEesW4TmGV8VS7wHPgYdfgVjgtZq5hvkApa+j0XXCL7Shmq3B/iy
2+VUzNDIVQEvuUqytfRovOnG8h8CQmLHlEJomNPtCeu9EWITANq4OClHUjXlnUt5
Ox5/s8t9IaFxJgPejcFqwlIVDlHmnsNI3E6pW4x52UpJf8ZmyCdJm0Grz/iWbPdj
ljyuW5bIMUHcS3AKn6hmzwweVsH/tHJUu6pt18z1dLqwcFlhuiQ=
-----END CERTIFICATE-----