Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145357.roa
File:                     AS145357.roa (raw, json)
Hash identifier:          jIhKtVrrdmFAD5MmWai4+RGRTgGzqPMdVgRA5utsjfA=
Subject key identifier:   F6:5D:7F:E3:45:12:07:A1:02:B2:C9:42:89:B3:23:F2:D1:03:3D:90
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       7390BCDCB0A8101A30AF4B28130896367F5C0801
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145357.roa
Signing time:             Wed 04 Mar 2026 06:22:11 +0000
ROA not before:           Wed 04 Mar 2026 06:17:11 +0000
ROA not after:            Wed 03 Mar 2027 06:22:11 +0000
asID:                     145357
IP address blocks:        240a:aa93::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            73:90:bc:dc:b0:a8:10:1a:30:af:4b:28:13:08:96:36:7f:5c:08:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:17:11 2026 GMT
            Not After : Mar  3 06:22:11 2027 GMT
        Subject: CN=F65D7FE3451207A102B2C94289B323F2D1033D90
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:51:7c:41:de:3f:e1:2f:8c:32:4b:23:1b:4d:
                    3a:21:4c:05:21:28:dc:8a:7c:05:94:ba:02:cf:2a:
                    54:1e:ad:cd:7f:5a:ab:fb:1f:bd:ba:4b:33:75:5f:
                    62:f4:9d:67:ad:45:19:e8:fd:b5:2e:48:bd:56:60:
                    30:d1:15:5b:f8:a7:20:9b:78:79:e4:e6:1e:fc:b0:
                    e1:a0:e6:32:29:c1:f5:3d:f6:57:b1:44:1b:1e:99:
                    c8:8b:ed:9e:46:c7:c1:1a:80:da:72:99:e7:69:75:
                    e5:1e:90:11:75:37:fa:db:95:bf:f4:52:90:16:f8:
                    83:84:37:c5:57:0e:b7:58:bd:01:ab:bc:82:0d:43:
                    c5:cd:ac:32:6c:d9:9a:11:77:bc:ad:44:a6:47:97:
                    9f:83:48:e7:4a:17:09:e8:8e:49:65:73:54:05:85:
                    e5:78:6c:77:c1:cc:de:02:de:b1:6e:91:36:30:2c:
                    f3:c5:d1:5a:60:f3:b1:27:b1:99:6d:62:92:a1:90:
                    d6:1c:fc:3b:92:6f:b9:bc:a0:76:04:29:df:6f:6f:
                    92:2a:d5:f6:cf:4a:f8:ca:04:d5:c1:15:24:2f:73:
                    e9:45:41:a3:3c:e5:86:7a:4b:92:43:78:db:7a:2c:
                    3e:a2:b9:80:56:8b:b3:e3:e0:17:9c:64:7b:3f:2a:
                    c9:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:5D:7F:E3:45:12:07:A1:02:B2:C9:42:89:B3:23:F2:D1:03:3D:90
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145357.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:aa93::/32

    Signature Algorithm: sha256WithRSAEncryption
         11:68:89:6e:d9:be:fe:97:81:1a:ad:e1:dd:9e:57:0e:84:e2:
         9e:c8:7b:ba:ee:c6:f3:01:1e:5e:69:83:d4:23:83:fe:ee:23:
         b3:3b:2b:ac:00:b7:5a:c1:67:a2:8a:22:1f:dc:41:e7:5c:0b:
         fa:ea:6d:68:7b:42:21:a2:5b:00:0a:3a:00:17:25:0e:50:df:
         29:26:1b:4a:a1:f9:fb:f6:4e:f2:71:45:3b:70:31:f8:dc:02:
         67:ed:44:52:87:0f:76:da:20:25:d5:ac:55:05:47:c5:67:c4:
         00:79:99:a4:58:d6:2f:64:d5:a5:41:96:07:63:47:ce:02:ba:
         36:20:5f:4a:bc:4a:e4:c4:91:5d:e9:ad:94:56:52:d1:17:c4:
         b0:88:fe:2b:c7:0b:bd:b2:12:8f:53:a2:c4:91:96:58:c9:75:
         09:9f:06:5e:b6:87:94:00:0c:ed:c5:ae:22:7c:59:b2:e6:9e:
         a3:7d:aa:55:e3:04:4e:16:9f:92:a3:20:d4:e0:db:88:06:c6:
         04:75:14:c3:08:e4:da:5b:41:c3:66:1b:1c:06:8a:34:26:35:
         d1:0f:cf:29:58:f3:4c:31:c4:51:0b:2d:7b:64:d8:73:ce:29:
         b3:2a:c4:76:78:a6:5f:a9:4c:17:6f:f5:ff:d0:25:a9:87:05:
         de:3a:ff:8c
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUc5C83LCoEBowr0soEwiWNn9cCAEwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTcxMVoX
DTI3MDMwMzA2MjIxMVowMzExMC8GA1UEAxMoRjY1RDdGRTM0NTEyMDdBMTAyQjJD
OTQyODlCMzIzRjJEMTAzM0Q5MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAIhRfEHeP+EvjDJLIxtNOiFMBSEo3Ip8BZS6As8qVB6tzX9aq/sfvbpLM3Vf
YvSdZ61FGej9tS5IvVZgMNEVW/inIJt4eeTmHvyw4aDmMinB9T32V7FEGx6ZyIvt
nkbHwRqA2nKZ52l15R6QEXU3+tuVv/RSkBb4g4Q3xVcOt1i9Aau8gg1Dxc2sMmzZ
mhF3vK1EpkeXn4NI50oXCeiOSWVzVAWF5Xhsd8HM3gLesW6RNjAs88XRWmDzsSex
mW1ikqGQ1hz8O5JvubygdgQp329vkirV9s9K+MoE1cEVJC9z6UVBozzlhnpLkkN4
23osPqK5gFaLs+PgF5xkez8qyVkCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBT2XX/j
RRIHoQKyyUKJsyPy0QM9kDAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTM1Ny5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
qpMwDQYJKoZIhvcNAQELBQADggEBABFoiW7Zvv6XgRqt4d2eVw6E4p7Ie7ruxvMB
Hl5pg9Qjg/7uI7M7K6wAt1rBZ6KKIh/cQedcC/rqbWh7QiGiWwAKOgAXJQ5Q3ykm
G0qh+fv2TvJxRTtwMfjcAmftRFKHD3baICXVrFUFR8VnxAB5maRY1i9k1aVBlgdj
R84CujYgX0q8SuTEkV3prZRWUtEXxLCI/ivHC72yEo9TosSRlljJdQmfBl62h5QA
DO3FriJ8WbLmnqN9qlXjBE4Wn5KjINTg24gGxgR1FMMI5NpbQcNmGxwGijQmNdEP
zylY80wxxFELLXtk2HPOKbMqxHZ4pl+pTBdv9f/QJamHBd46/4w=
-----END CERTIFICATE-----