Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145344.roa
File:                     AS145344.roa (raw, json)
Hash identifier:          HfBPjAaz6NhhVq0rGUbgq0wEdg4Z4Ut6h6D9vNK94kA=
Subject key identifier:   B0:98:E6:77:4E:DA:79:09:54:E4:96:AD:43:BA:D7:60:E5:74:8F:A2
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       5A323552134D5EF70AB2EF86E9BCB5510BE3CA41
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145344.roa
Signing time:             Wed 04 Mar 2026 06:22:25 +0000
ROA not before:           Wed 04 Mar 2026 06:17:25 +0000
ROA not after:            Wed 03 Mar 2027 06:22:25 +0000
asID:                     145344
IP address blocks:        240a:aa86::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5a:32:35:52:13:4d:5e:f7:0a:b2:ef:86:e9:bc:b5:51:0b:e3:ca:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:17:25 2026 GMT
            Not After : Mar  3 06:22:25 2027 GMT
        Subject: CN=B098E6774EDA790954E496AD43BAD760E5748FA2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:2d:5a:4c:da:d7:a8:9a:73:1e:63:90:9e:c7:
                    db:8c:6e:3c:08:b5:2c:5f:3f:35:c7:6b:aa:cb:b6:
                    d4:4c:93:1e:fd:9d:c7:9f:20:ce:8d:0a:6d:7d:db:
                    cc:e0:72:3a:54:94:4e:af:69:a0:6d:f5:1d:28:3e:
                    35:e6:3d:05:95:97:ad:1f:87:f2:40:6e:81:a4:ba:
                    10:ca:45:94:c5:d0:95:75:49:55:8e:4b:a9:68:1d:
                    1e:f6:5d:4c:8f:7b:df:48:6a:71:40:e9:4e:ba:05:
                    4a:9b:43:ee:b7:34:4d:32:35:8c:99:32:dd:c1:e0:
                    8f:d6:8d:a6:9a:b4:5b:ca:77:55:bb:0e:d0:1c:94:
                    b9:ef:cf:c9:77:e1:3f:7f:31:80:93:5a:3d:32:02:
                    b3:dd:84:67:97:08:7a:5f:d6:14:28:ac:b7:d2:64:
                    8a:fa:66:1b:a7:66:4e:26:f4:20:b5:dc:7e:5f:37:
                    a3:04:36:df:e9:cc:8e:65:ce:b6:65:5b:d1:9c:96:
                    3d:f8:7f:82:e0:9f:0a:f3:ad:8b:d0:1e:36:77:fe:
                    6e:5c:35:b4:37:ed:13:65:a3:73:cc:93:99:4f:bd:
                    58:90:06:ea:b2:f7:f8:29:ea:93:24:3d:4f:c3:a4:
                    17:62:b7:cb:1e:47:66:2d:f3:7a:45:3b:fa:4b:4a:
                    7c:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:98:E6:77:4E:DA:79:09:54:E4:96:AD:43:BA:D7:60:E5:74:8F:A2
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145344.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:aa86::/32

    Signature Algorithm: sha256WithRSAEncryption
         64:77:03:cc:2f:14:f1:93:ed:f7:c7:15:d3:e5:6e:98:1c:79:
         4e:88:e0:94:60:8e:a7:4c:fd:91:85:86:02:3f:f8:c7:86:9a:
         3e:60:57:58:0e:90:5d:e3:0f:7a:98:8c:75:af:cc:9c:1a:23:
         38:00:df:74:be:21:6d:ec:05:ee:ed:99:f2:76:38:13:50:ce:
         1e:bf:df:5e:86:b7:9d:e3:52:b9:91:b3:f0:6b:ca:66:19:ab:
         af:83:e2:a4:17:fc:83:b3:f8:4a:fc:1d:4c:10:f9:74:62:08:
         c9:ff:f6:a1:6f:0d:fc:e9:1d:da:fd:bc:87:36:ea:92:78:73:
         56:ca:bb:6b:ae:11:88:d3:b8:26:a1:bf:c4:f1:e0:3a:ea:9e:
         bc:35:41:d3:e8:87:d7:a7:3e:ac:5f:bd:ee:c9:5d:93:41:e8:
         f9:16:3d:c6:61:9d:69:be:88:8e:06:e2:b9:46:cf:65:36:a9:
         2f:86:9d:75:14:c0:30:18:6f:22:70:34:62:9d:d7:12:01:7d:
         99:75:20:30:b5:e0:97:eb:fc:19:1e:1f:21:4b:aa:4e:a2:5d:
         1b:ee:fc:27:07:cc:72:8d:36:e6:df:2a:cb:3c:ce:41:b8:3c:
         b9:c4:2c:08:78:25:79:a1:b7:21:dd:6c:55:86:49:d9:e8:0c:
         df:1e:94:c7
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUWjI1UhNNXvcKsu+G6by1UQvjykEwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTcyNVoX
DTI3MDMwMzA2MjIyNVowMzExMC8GA1UEAxMoQjA5OEU2Nzc0RURBNzkwOTU0RTQ5
NkFENDNCQUQ3NjBFNTc0OEZBMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAM4tWkza16iacx5jkJ7H24xuPAi1LF8/Ncdrqsu21EyTHv2dx58gzo0KbX3b
zOByOlSUTq9poG31HSg+NeY9BZWXrR+H8kBugaS6EMpFlMXQlXVJVY5LqWgdHvZd
TI9730hqcUDpTroFSptD7rc0TTI1jJky3cHgj9aNppq0W8p3VbsO0ByUue/PyXfh
P38xgJNaPTICs92EZ5cIel/WFCist9JkivpmG6dmTib0ILXcfl83owQ23+nMjmXO
tmVb0ZyWPfh/guCfCvOti9AeNnf+blw1tDftE2Wjc8yTmU+9WJAG6rL3+CnqkyQ9
T8OkF2K3yx5HZi3zekU7+ktKfNcCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBSwmOZ3
Ttp5CVTklq1Dutdg5XSPojAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTM0NC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
qoYwDQYJKoZIhvcNAQELBQADggEBAGR3A8wvFPGT7ffHFdPlbpgceU6I4JRgjqdM
/ZGFhgI/+MeGmj5gV1gOkF3jD3qYjHWvzJwaIzgA33S+IW3sBe7tmfJ2OBNQzh6/
316Gt53jUrmRs/BrymYZq6+D4qQX/IOz+Er8HUwQ+XRiCMn/9qFvDfzpHdr9vIc2
6pJ4c1bKu2uuEYjTuCahv8Tx4Drqnrw1QdPoh9enPqxfve7JXZNB6PkWPcZhnWm+
iI4G4rlGz2U2qS+GnXUUwDAYbyJwNGKd1xIBfZl1IDC14Jfr/BkeHyFLqk6iXRvu
/CcHzHKNNubfKss8zkG4PLnELAh4JXmhtyHdbFWGSdnoDN8elMc=
-----END CERTIFICATE-----