Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145349.roa
File:                     AS145349.roa (raw, json)
Hash identifier:          vjyddmDA3HQKXeLkCK+wAVF0OE8MZpJ5B26BakYmd0g=
Subject key identifier:   27:37:BA:EC:C2:6F:F9:C9:BA:56:F1:8F:88:23:43:C5:35:FC:46:C8
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       164703AC2883AC8165FEE8AAF65EFF9A4D514266
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145349.roa
Signing time:             Wed 04 Mar 2026 06:19:22 +0000
ROA not before:           Wed 04 Mar 2026 06:14:22 +0000
ROA not after:            Wed 03 Mar 2027 06:19:22 +0000
asID:                     145349
IP address blocks:        240a:aa8b::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            16:47:03:ac:28:83:ac:81:65:fe:e8:aa:f6:5e:ff:9a:4d:51:42:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:14:22 2026 GMT
            Not After : Mar  3 06:19:22 2027 GMT
        Subject: CN=2737BAECC26FF9C9BA56F18F882343C535FC46C8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:84:42:c2:eb:e2:38:4b:94:10:b9:67:42:8c:
                    ba:6e:da:c8:94:4c:c1:1e:79:ea:9a:51:7f:2f:01:
                    c0:8d:33:db:97:5c:32:99:47:64:57:b2:cc:4d:c3:
                    f5:c6:ad:fd:87:49:b1:8f:a5:f3:2a:3d:64:22:e2:
                    35:c3:82:ac:8c:b8:7a:b6:30:8e:f9:f1:f4:42:24:
                    87:fc:20:7e:d8:02:96:5b:2d:0f:6b:9a:02:4c:7f:
                    d6:b3:99:1c:66:e8:d7:44:2b:f8:6e:92:fb:08:8d:
                    49:1e:a1:bc:da:f6:f2:32:63:62:4f:44:6c:1f:e5:
                    4f:34:8b:97:34:00:3a:3b:1b:64:99:42:df:58:b7:
                    08:ac:bc:aa:f0:23:db:6d:90:71:83:85:62:ff:24:
                    95:bc:73:a6:cb:17:31:e2:8c:58:fc:a2:3c:f7:98:
                    bc:ca:17:7b:be:e1:ad:de:bc:6f:b3:cc:95:f3:48:
                    5f:8a:f1:66:49:1e:93:d5:c0:f1:b7:6c:88:60:c4:
                    2d:cb:58:b1:0f:93:65:8a:d2:ee:01:3d:7f:b3:8c:
                    49:da:cc:f5:79:76:18:50:46:f6:75:7e:19:32:54:
                    31:d1:2d:1f:40:ce:d6:f4:85:a1:79:c7:ab:53:64:
                    a3:3f:3d:22:35:4b:c0:a8:f6:96:6f:a1:31:db:3d:
                    5f:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:37:BA:EC:C2:6F:F9:C9:BA:56:F1:8F:88:23:43:C5:35:FC:46:C8
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145349.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:aa8b::/32

    Signature Algorithm: sha256WithRSAEncryption
         2f:91:0c:5b:19:36:d5:5e:ea:81:5a:5d:7d:77:95:7f:ec:d8:
         56:96:b2:0e:26:46:d2:6a:a9:4e:30:ee:4d:aa:3e:97:01:e0:
         58:f3:d3:2b:f6:9a:dc:f1:ad:a1:51:43:3a:4d:24:17:9d:4e:
         96:3a:3f:64:60:6b:9b:ba:a2:af:06:07:0b:f2:af:c1:8d:7e:
         92:7c:0a:6f:b6:52:4c:26:9c:5e:1b:aa:b1:af:c7:3a:fc:b1:
         22:77:53:42:42:9b:0c:62:e4:5d:3e:6e:b7:5a:11:13:60:0f:
         6c:fd:9a:39:14:a0:65:2e:df:0c:6c:e9:5d:06:1f:8b:fb:27:
         35:c0:e5:e7:33:53:2b:9f:2f:b2:d4:18:bc:5c:3d:cb:4d:b2:
         13:2a:c1:93:34:e5:8f:20:31:a3:ec:66:7a:bf:f2:f6:a4:87:
         ff:ec:47:c2:91:fc:a5:99:5a:c1:a7:fd:08:97:bc:f2:08:24:
         3d:16:d6:a7:2a:38:d9:42:3d:f8:30:0d:bf:4e:b2:4f:f5:49:
         8c:be:b8:4b:49:12:4a:f7:f6:6a:af:3f:ad:43:e4:c0:49:12:
         19:b0:47:6e:28:6d:1d:c5:d2:75:7f:c3:7c:29:2a:9e:a6:3e:
         23:2b:ba:b1:c8:78:0f:9b:87:01:bb:f6:73:dc:fc:a6:ad:28:
         d1:de:85:ca
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUFkcDrCiDrIFl/uiq9l7/mk1RQmYwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTQyMloX
DTI3MDMwMzA2MTkyMlowMzExMC8GA1UEAxMoMjczN0JBRUNDMjZGRjlDOUJBNTZG
MThGODgyMzQzQzUzNUZDNDZDODCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALGEQsLr4jhLlBC5Z0KMum7ayJRMwR556ppRfy8BwI0z25dcMplHZFeyzE3D
9cat/YdJsY+l8yo9ZCLiNcOCrIy4erYwjvnx9EIkh/wgftgCllstD2uaAkx/1rOZ
HGbo10Qr+G6S+wiNSR6hvNr28jJjYk9EbB/lTzSLlzQAOjsbZJlC31i3CKy8qvAj
222QcYOFYv8klbxzpssXMeKMWPyiPPeYvMoXe77hrd68b7PMlfNIX4rxZkkek9XA
8bdsiGDELctYsQ+TZYrS7gE9f7OMSdrM9Xl2GFBG9nV+GTJUMdEtH0DO1vSFoXnH
q1Nkoz89IjVLwKj2lm+hMds9Xy0CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQnN7rs
wm/5ybpW8Y+II0PFNfxGyDAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTM0OS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
qoswDQYJKoZIhvcNAQELBQADggEBAC+RDFsZNtVe6oFaXX13lX/s2FaWsg4mRtJq
qU4w7k2qPpcB4Fjz0yv2mtzxraFRQzpNJBedTpY6P2Rga5u6oq8GBwvyr8GNfpJ8
Cm+2UkwmnF4bqrGvxzr8sSJ3U0JCmwxi5F0+brdaERNgD2z9mjkUoGUu3wxs6V0G
H4v7JzXA5eczUyufL7LUGLxcPctNshMqwZM05Y8gMaPsZnq/8vakh//sR8KR/KWZ
WsGn/QiXvPIIJD0W1qcqONlCPfgwDb9Osk/1SYy+uEtJEkr39mqvP61D5MBJEhmw
R24obR3F0nV/w3wpKp6mPiMrurHIeA+bhwG79nPc/KatKNHehco=
-----END CERTIFICATE-----