Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145372.roa
File:                     AS145372.roa (raw, json)
Hash identifier:          cHKLMcXM/zx3oY71f0afSeaGYSPX0z8qeY0D1L8uOU4=
Subject key identifier:   44:33:62:16:A1:09:B8:2B:5F:A3:EA:69:F6:00:69:49:5D:81:4C:FE
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       4004D0056A27E801B977098FFB12DFE4397D7E67
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145372.roa
Signing time:             Wed 04 Mar 2026 06:21:05 +0000
ROA not before:           Wed 04 Mar 2026 06:16:05 +0000
ROA not after:            Wed 03 Mar 2027 06:21:05 +0000
asID:                     145372
IP address blocks:        240a:aaa2::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:04:d0:05:6a:27:e8:01:b9:77:09:8f:fb:12:df:e4:39:7d:7e:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:16:05 2026 GMT
            Not After : Mar  3 06:21:05 2027 GMT
        Subject: CN=44336216A109B82B5FA3EA69F60069495D814CFE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:0f:d3:15:cb:bb:c9:0f:16:60:19:08:3d:13:
                    4f:09:fe:4e:80:0c:bc:df:6e:e3:91:20:71:a6:81:
                    5b:9a:c4:f9:35:fc:2f:4b:3a:9e:3e:dd:06:eb:48:
                    20:50:0f:f9:32:41:12:e2:fe:df:4b:e5:3c:f8:f4:
                    5f:18:e6:05:31:9a:c3:ed:b8:8e:00:15:05:23:51:
                    e0:8f:95:97:a0:e0:24:a3:38:38:8c:99:fd:f0:32:
                    c1:62:fe:97:33:cb:0f:18:7f:4a:4f:e0:84:7d:0f:
                    7a:9f:5e:54:14:e6:ca:a0:b3:69:04:6d:2a:44:be:
                    6e:c2:ee:fb:06:73:33:da:4a:eb:09:44:5f:5f:26:
                    14:18:19:97:c0:46:c8:81:c9:78:41:f0:7a:84:77:
                    ea:e6:cc:29:6b:8c:77:41:da:4f:cd:61:5b:5b:9c:
                    97:df:ec:c9:ae:9c:e6:55:06:09:ce:a8:35:a8:5e:
                    2f:b9:68:d8:78:d1:a9:94:ba:ce:18:f9:b0:85:14:
                    2e:4e:2f:97:9e:cd:1c:1c:e3:c8:22:77:ec:ba:85:
                    d1:a0:de:2e:e3:fa:2f:8d:f0:ec:01:fd:ec:f6:be:
                    41:00:68:35:86:ba:d3:e9:0a:5a:bf:8b:40:d2:fa:
                    ac:e9:2c:ba:f6:bf:a4:51:6f:4e:14:cd:5a:36:b4:
                    95:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:33:62:16:A1:09:B8:2B:5F:A3:EA:69:F6:00:69:49:5D:81:4C:FE
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145372.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:aaa2::/32

    Signature Algorithm: sha256WithRSAEncryption
         5b:37:f4:34:24:94:d3:72:b0:78:fe:4d:2d:93:5a:f6:31:0c:
         ee:fb:1b:18:c1:d6:f6:f6:7f:52:81:1b:5f:25:f9:2c:b7:07:
         e8:57:14:48:95:cc:74:7e:8d:c1:9a:9d:1f:05:85:22:97:a1:
         88:0b:27:cd:c3:6f:92:09:79:0b:40:1c:bc:9e:1c:06:4f:7a:
         89:ba:2c:9d:0b:93:74:24:e0:6b:21:74:99:72:09:f5:5b:29:
         06:16:80:4d:07:8d:56:1f:82:07:c2:10:c0:34:c6:0c:8b:03:
         b3:f3:0b:14:07:14:64:3e:8a:80:a8:32:b6:3f:46:c0:9b:ff:
         4c:5a:7c:f3:c8:0f:5a:fe:3a:ec:fc:02:4c:2a:ed:50:30:b7:
         16:4a:21:6c:9b:75:5b:4e:4f:ca:1b:8e:7a:c2:3c:2a:0f:36:
         e7:a8:dd:f8:05:1e:05:fa:25:e4:19:05:f3:7c:d2:ae:d8:1b:
         97:cb:d2:d0:ca:d4:be:de:72:75:97:22:ae:95:a4:8b:90:a1:
         a0:8b:1d:22:6e:2b:61:a5:42:7d:df:62:65:c5:c9:27:fd:af:
         74:3d:73:b3:b0:60:c4:2a:fb:84:e3:e6:08:ed:54:e5:ae:a9:
         a9:ce:1f:bd:76:1a:cc:f0:73:d9:d1:82:53:2c:8e:fa:37:39:
         7a:7a:46:20
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUQATQBWon6AG5dwmP+xLf5Dl9fmcwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTYwNVoX
DTI3MDMwMzA2MjEwNVowMzExMC8GA1UEAxMoNDQzMzYyMTZBMTA5QjgyQjVGQTNF
QTY5RjYwMDY5NDk1RDgxNENGRTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOwP0xXLu8kPFmAZCD0TTwn+ToAMvN9u45EgcaaBW5rE+TX8L0s6nj7dButI
IFAP+TJBEuL+30vlPPj0XxjmBTGaw+24jgAVBSNR4I+Vl6DgJKM4OIyZ/fAywWL+
lzPLDxh/Sk/ghH0Pep9eVBTmyqCzaQRtKkS+bsLu+wZzM9pK6wlEX18mFBgZl8BG
yIHJeEHweoR36ubMKWuMd0HaT81hW1ucl9/sya6c5lUGCc6oNaheL7lo2HjRqZS6
zhj5sIUULk4vl57NHBzjyCJ37LqF0aDeLuP6L43w7AH97Pa+QQBoNYa60+kKWr+L
QNL6rOksuva/pFFvThTNWja0lV8CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBREM2IW
oQm4K1+j6mn2AGlJXYFM/jAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTM3Mi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
qqIwDQYJKoZIhvcNAQELBQADggEBAFs39DQklNNysHj+TS2TWvYxDO77GxjB1vb2
f1KBG18l+Sy3B+hXFEiVzHR+jcGanR8FhSKXoYgLJ83Db5IJeQtAHLyeHAZPeom6
LJ0Lk3Qk4GshdJlyCfVbKQYWgE0HjVYfggfCEMA0xgyLA7PzCxQHFGQ+ioCoMrY/
RsCb/0xafPPID1r+Ouz8Akwq7VAwtxZKIWybdVtOT8objnrCPCoPNueo3fgFHgX6
JeQZBfN80q7YG5fL0tDK1L7ecnWXIq6VpIuQoaCLHSJuK2GlQn3fYmXFySf9r3Q9
c7OwYMQq+4Tj5gjtVOWuqanOH712Gszwc9nRglMsjvo3OXp6RiA=
-----END CERTIFICATE-----