Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145356.roa
File:                     AS145356.roa (raw, json)
Hash identifier:          xTiPyftWY2aG7Ko+/f+2LI35TRSovWF/JJjjIIoK+/c=
Subject key identifier:   4F:CE:45:A0:3C:08:B5:E0:A3:44:A8:A4:B8:AD:91:96:F4:01:45:36
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       5E8C3AB605CB690E23D224C27B0BCA0583D2F089
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145356.roa
Signing time:             Wed 04 Mar 2026 06:21:24 +0000
ROA not before:           Wed 04 Mar 2026 06:16:24 +0000
ROA not after:            Wed 03 Mar 2027 06:21:24 +0000
asID:                     145356
IP address blocks:        240a:aa92::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5e:8c:3a:b6:05:cb:69:0e:23:d2:24:c2:7b:0b:ca:05:83:d2:f0:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:16:24 2026 GMT
            Not After : Mar  3 06:21:24 2027 GMT
        Subject: CN=4FCE45A03C08B5E0A344A8A4B8AD9196F4014536
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:41:3a:48:87:ca:79:6e:0f:ab:fa:54:31:50:
                    6c:93:03:c1:7f:d3:32:36:83:1c:6b:f8:17:ea:1d:
                    1a:f0:81:6a:95:73:12:76:81:7b:42:f6:82:77:63:
                    ca:fc:e0:68:9e:c4:05:28:d7:9b:60:60:21:8c:27:
                    f1:a7:ba:b1:34:c5:55:39:e7:76:6e:e9:b4:e1:d5:
                    c8:6b:aa:3f:a0:fb:76:1c:fe:12:b4:0f:40:f5:35:
                    02:d9:64:49:59:99:6c:d5:8d:53:95:a9:8d:32:2a:
                    f2:c4:5d:04:ad:3f:70:c5:98:e5:bc:63:81:99:53:
                    ac:a6:28:9c:b4:30:b3:2a:08:48:0c:f7:00:98:4b:
                    ee:7b:4a:e5:8c:ed:38:94:4d:24:38:58:c1:da:36:
                    a8:85:6f:e2:3e:59:b5:d9:cd:86:78:22:c3:b4:06:
                    62:40:f7:93:11:c2:35:13:a5:82:9b:58:72:25:82:
                    e7:5f:fe:e4:b3:df:0f:5f:99:74:24:d0:b2:79:04:
                    5d:4b:1d:4c:21:7a:b2:35:6c:59:42:b7:f0:26:79:
                    69:2d:78:e2:3e:ef:c1:46:4c:b4:cb:c7:c9:c8:84:
                    21:51:21:cf:6f:09:a5:be:00:c9:fc:ee:c6:13:ad:
                    ba:96:1f:f7:43:e9:bf:8d:e2:dc:d2:24:45:c1:74:
                    1a:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:CE:45:A0:3C:08:B5:E0:A3:44:A8:A4:B8:AD:91:96:F4:01:45:36
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145356.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:aa92::/32

    Signature Algorithm: sha256WithRSAEncryption
         9f:44:4d:88:6c:b8:30:cb:b6:96:04:5d:12:2b:0d:37:b3:cc:
         dc:f3:18:4a:3c:91:10:99:7c:b9:a3:dc:9a:4d:23:52:a4:2f:
         2e:3c:e1:89:30:75:cb:30:77:89:6f:73:e0:bd:99:e3:7d:15:
         3c:26:f1:e2:9f:c4:49:ad:1c:77:28:d3:f1:27:a0:0c:27:72:
         7c:23:42:0d:f2:61:bd:3a:7c:9d:4a:a6:ed:35:cb:d0:93:79:
         ad:1f:07:ab:8c:10:dc:7f:87:0e:b1:e6:40:33:0c:34:7b:22:
         f0:03:c0:9f:ef:f2:21:78:68:b7:2a:72:a6:10:be:f3:27:4e:
         59:d3:38:cc:a0:4e:e0:80:62:68:f6:ea:7d:d1:53:14:d8:d2:
         0a:7e:f5:2e:2e:00:cc:5b:e4:41:d0:04:0e:ef:ef:73:74:62:
         a1:1b:b6:6a:f4:d2:e3:b4:91:30:a3:d9:83:b0:45:c9:2b:68:
         a6:98:94:f1:86:41:d0:94:61:a7:55:55:49:14:87:08:f8:e1:
         f7:c3:96:3e:0f:80:c9:82:4d:41:ac:4f:1b:64:09:1f:8d:a6:
         1a:34:c8:7e:36:ac:36:9b:d4:58:3a:a9:c7:54:43:f6:33:14:
         9a:5a:b6:71:3a:ab:1c:83:9d:ba:50:73:48:0b:f0:5b:e9:0c:
         60:f0:da:90
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUXow6tgXLaQ4j0iTCewvKBYPS8IkwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTYyNFoX
DTI3MDMwMzA2MjEyNFowMzExMC8GA1UEAxMoNEZDRTQ1QTAzQzA4QjVFMEEzNDRB
OEE0QjhBRDkxOTZGNDAxNDUzNjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALFBOkiHynluD6v6VDFQbJMDwX/TMjaDHGv4F+odGvCBapVzEnaBe0L2gndj
yvzgaJ7EBSjXm2BgIYwn8ae6sTTFVTnndm7ptOHVyGuqP6D7dhz+ErQPQPU1Atlk
SVmZbNWNU5WpjTIq8sRdBK0/cMWY5bxjgZlTrKYonLQwsyoISAz3AJhL7ntK5Yzt
OJRNJDhYwdo2qIVv4j5ZtdnNhngiw7QGYkD3kxHCNROlgptYciWC51/+5LPfD1+Z
dCTQsnkEXUsdTCF6sjVsWUK38CZ5aS144j7vwUZMtMvHyciEIVEhz28Jpb4Ayfzu
xhOtupYf90Ppv43i3NIkRcF0GqcCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBRPzkWg
PAi14KNEqKS4rZGW9AFFNjAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTM1Ni5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
qpIwDQYJKoZIhvcNAQELBQADggEBAJ9ETYhsuDDLtpYEXRIrDTezzNzzGEo8kRCZ
fLmj3JpNI1KkLy484Ykwdcswd4lvc+C9meN9FTwm8eKfxEmtHHco0/EnoAwncnwj
Qg3yYb06fJ1Kpu01y9CTea0fB6uMENx/hw6x5kAzDDR7IvADwJ/v8iF4aLcqcqYQ
vvMnTlnTOMygTuCAYmj26n3RUxTY0gp+9S4uAMxb5EHQBA7v73N0YqEbtmr00uO0
kTCj2YOwRckraKaYlPGGQdCUYadVVUkUhwj44ffDlj4PgMmCTUGsTxtkCR+Npho0
yH42rDab1Fg6qcdUQ/YzFJpatnE6qxyDnbpQc0gL8FvpDGDw2pA=
-----END CERTIFICATE-----