Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145374.roa
File:                     AS145374.roa (raw, json)
Hash identifier:          OPCoOc+Dn/ZYCGJ4IuP/bfCfP7eqBT2OZnbadLPzOhY=
Subject key identifier:   15:33:4F:20:A1:77:29:FA:AD:22:40:4E:CC:F4:89:3E:4B:54:A7:CD
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       021D366CDF4522BB4AC0147E3FAE1BBA0A26EF7B
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145374.roa
Signing time:             Wed 04 Mar 2026 06:22:15 +0000
ROA not before:           Wed 04 Mar 2026 06:17:15 +0000
ROA not after:            Wed 03 Mar 2027 06:22:15 +0000
asID:                     145374
IP address blocks:        240a:aaa4::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:1d:36:6c:df:45:22:bb:4a:c0:14:7e:3f:ae:1b:ba:0a:26:ef:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:17:15 2026 GMT
            Not After : Mar  3 06:22:15 2027 GMT
        Subject: CN=15334F20A17729FAAD22404ECCF4893E4B54A7CD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:c0:73:15:8e:28:13:65:73:8c:8b:5f:f7:0f:
                    51:42:df:4b:ec:8d:c0:8f:b1:f6:cf:b7:9f:e6:78:
                    60:15:8d:f1:4e:f2:42:72:d5:de:fa:2f:9e:4d:17:
                    72:d2:e9:f7:ef:9f:d9:0a:22:b1:06:c1:1b:28:d2:
                    fe:b1:0a:89:44:37:df:f6:0f:9b:6c:36:c5:4f:a7:
                    67:e0:70:c8:c7:21:ee:9f:10:dd:8b:74:3f:c9:6c:
                    dc:75:1a:ee:81:74:1e:13:2a:eb:cc:e4:17:e2:24:
                    98:d0:b8:9a:cf:8e:b0:bd:e8:c2:d9:69:92:65:8d:
                    12:86:84:2a:84:f8:1b:19:3f:c6:b3:26:de:05:70:
                    fa:dd:ae:c9:0b:82:e1:7b:0f:1e:5d:9b:ba:32:7c:
                    ad:d1:e2:6e:b8:42:1f:74:f7:fe:c2:a7:a0:a0:fe:
                    b4:5b:4c:48:e3:55:7e:fd:a7:d6:03:f8:50:6b:9e:
                    bf:31:8c:20:97:b5:30:6d:df:9c:8b:89:14:5e:21:
                    14:37:ed:bb:57:eb:c3:75:2e:0c:70:88:46:0b:04:
                    30:60:8f:ad:6a:cf:53:50:65:0a:c4:f3:54:4e:ed:
                    b6:e0:ad:f1:17:1b:09:56:7f:c6:53:87:b7:1d:e2:
                    dc:3f:45:85:b9:15:e5:3d:99:a3:df:93:09:f3:3c:
                    57:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:33:4F:20:A1:77:29:FA:AD:22:40:4E:CC:F4:89:3E:4B:54:A7:CD
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145374.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:aaa4::/32

    Signature Algorithm: sha256WithRSAEncryption
         31:cc:4f:fa:04:49:73:a2:2c:56:c6:6e:dd:93:51:cc:59:db:
         8e:8e:53:a3:c5:b5:05:c8:b6:d6:68:2c:57:01:2e:1f:ad:da:
         c8:ad:60:60:e4:27:be:ba:55:51:c0:fc:f8:44:5b:8f:60:f4:
         37:ac:88:00:0c:08:54:70:27:55:80:42:6e:0a:14:94:b0:08:
         91:2c:de:f2:4d:77:3b:1e:0e:90:f8:59:fe:90:42:3a:6f:6f:
         19:3e:0e:20:16:0b:fc:87:fb:37:56:f3:dc:68:29:8a:63:84:
         88:ce:ba:ec:36:cf:b7:a1:de:ec:ce:82:37:0b:75:2d:af:85:
         51:73:99:91:85:ad:23:bd:3c:67:c7:9b:0c:f8:ee:f3:2a:f6:
         48:ad:67:a0:b0:09:88:77:4b:fb:0c:df:c3:b6:32:0b:29:5a:
         ce:4a:8c:ef:a2:37:4b:20:60:46:4e:7b:8d:80:b6:bb:83:ca:
         69:2f:d0:82:67:de:bb:f4:a4:2a:8f:a0:64:cd:47:22:c2:18:
         36:1a:fb:06:f2:4e:4f:30:97:b6:92:37:be:f5:95:5e:eb:0c:
         87:24:cb:d6:b3:0d:f2:2f:e5:a9:fc:3b:27:a9:f2:8b:3c:b5:
         87:9f:f8:20:95:64:bb:e8:73:c1:ef:3d:79:69:42:34:6e:de:
         0c:dc:dd:72
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUAh02bN9FIrtKwBR+P64bugom73swDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTcxNVoX
DTI3MDMwMzA2MjIxNVowMzExMC8GA1UEAxMoMTUzMzRGMjBBMTc3MjlGQUFEMjI0
MDRFQ0NGNDg5M0U0QjU0QTdDRDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANjAcxWOKBNlc4yLX/cPUULfS+yNwI+x9s+3n+Z4YBWN8U7yQnLV3vovnk0X
ctLp9++f2QoisQbBGyjS/rEKiUQ33/YPm2w2xU+nZ+BwyMch7p8Q3Yt0P8ls3HUa
7oF0HhMq68zkF+IkmNC4ms+OsL3owtlpkmWNEoaEKoT4Gxk/xrMm3gVw+t2uyQuC
4XsPHl2bujJ8rdHibrhCH3T3/sKnoKD+tFtMSONVfv2n1gP4UGuevzGMIJe1MG3f
nIuJFF4hFDftu1frw3UuDHCIRgsEMGCPrWrPU1BlCsTzVE7ttuCt8RcbCVZ/xlOH
tx3i3D9FhbkV5T2Zo9+TCfM8Vw0CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQVM08g
oXcp+q0iQE7M9Ik+S1SnzTAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTM3NC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
qqQwDQYJKoZIhvcNAQELBQADggEBADHMT/oESXOiLFbGbt2TUcxZ246OU6PFtQXI
ttZoLFcBLh+t2sitYGDkJ766VVHA/PhEW49g9DesiAAMCFRwJ1WAQm4KFJSwCJEs
3vJNdzseDpD4Wf6QQjpvbxk+DiAWC/yH+zdW89xoKYpjhIjOuuw2z7eh3uzOgjcL
dS2vhVFzmZGFrSO9PGfHmwz47vMq9kitZ6CwCYh3S/sM38O2MgspWs5KjO+iN0sg
YEZOe42AtruDymkv0IJn3rv0pCqPoGTNRyLCGDYa+wbyTk8wl7aSN771lV7rDIck
y9azDfIv5an8Oyep8os8tYef+CCVZLvoc8HvPXlpQjRu3gzc3XI=
-----END CERTIFICATE-----