Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145378.roa
File:                     AS145378.roa (raw, json)
Hash identifier:          F4Z5kv+SQ4Xn5rWmgLfqkFEzbfBbCB4EtU0Pv+i8pTU=
Subject key identifier:   FA:21:41:A8:40:FF:FD:95:FC:3C:FF:92:A0:35:F8:5D:DD:05:EC:50
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       652259BEA4ACCC34B2424017AA0DD78E5EF453ED
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145378.roa
Signing time:             Wed 04 Mar 2026 06:21:17 +0000
ROA not before:           Wed 04 Mar 2026 06:16:17 +0000
ROA not after:            Wed 03 Mar 2027 06:21:17 +0000
asID:                     145378
IP address blocks:        240a:aaa8::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            65:22:59:be:a4:ac:cc:34:b2:42:40:17:aa:0d:d7:8e:5e:f4:53:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:16:17 2026 GMT
            Not After : Mar  3 06:21:17 2027 GMT
        Subject: CN=FA2141A840FFFD95FC3CFF92A035F85DDD05EC50
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:fa:bd:1e:79:db:5f:e0:46:a7:91:ff:70:91:
                    53:f4:8d:a4:e8:89:9b:86:12:19:37:f0:23:e2:dd:
                    52:1d:10:00:8f:ac:89:86:96:33:59:31:8f:bc:ad:
                    eb:d5:4a:4a:dd:8d:3d:00:fd:77:05:38:7f:59:f7:
                    e3:27:2e:92:4d:3a:94:66:fb:9c:7c:5e:84:a1:12:
                    81:ae:8f:ee:48:e9:d3:8f:9b:a5:4d:68:a7:70:4d:
                    66:f2:15:0e:68:38:b3:3b:a6:7f:00:bf:f8:91:27:
                    42:66:a9:d6:ab:f9:51:04:a6:f5:48:8d:78:12:44:
                    fa:37:da:a1:23:81:f9:ed:b6:fc:82:02:61:8a:48:
                    85:4d:e1:3e:fc:d4:34:b4:d1:69:2a:4a:b3:53:fa:
                    ef:1e:ea:da:38:da:bb:60:b1:1a:1c:e0:03:4f:0d:
                    0c:f8:ba:5a:73:c7:20:3f:72:6d:04:e9:50:f3:32:
                    d3:45:85:6a:f0:02:89:dc:5b:ac:c4:c9:d2:cb:68:
                    e4:ae:94:d9:ac:ed:e6:27:75:d0:fa:83:b3:6c:df:
                    09:d3:04:ff:94:35:6f:9b:c4:bd:ba:61:24:cb:1b:
                    9d:e6:eb:34:4b:3a:60:1d:f8:b2:66:6b:73:73:b9:
                    3c:cb:91:c1:b4:33:4a:b6:25:e2:bc:ee:d5:90:91:
                    b3:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:21:41:A8:40:FF:FD:95:FC:3C:FF:92:A0:35:F8:5D:DD:05:EC:50
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145378.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:aaa8::/32

    Signature Algorithm: sha256WithRSAEncryption
         42:82:c7:17:c4:28:5d:fe:b8:51:5a:ca:21:1a:3d:f3:83:77:
         4d:8a:4f:72:27:8a:ff:4e:f6:3f:a7:c5:49:a2:a0:87:94:ba:
         2e:c8:4a:47:21:2e:65:95:cc:a0:7e:b5:2b:9c:4f:a7:9e:c5:
         72:03:58:75:27:95:1a:b1:99:d8:cd:b7:f5:c9:82:c2:e8:21:
         b8:81:36:ed:58:8f:66:5d:64:d7:9a:87:22:26:3e:69:48:d5:
         ad:a5:38:d2:ff:81:13:6c:57:18:ea:ae:61:43:e9:fb:7e:18:
         e0:ab:00:81:77:3b:b7:40:aa:ce:3a:b7:33:e9:24:19:b1:b8:
         66:06:ec:07:5f:c0:1a:21:57:ec:d0:6c:2f:74:29:7d:93:d6:
         00:91:ec:c3:10:a7:39:b3:9d:52:11:1f:39:f7:5b:9a:1b:8c:
         d9:62:2c:9e:55:ff:6d:7d:2b:02:f8:29:17:d5:8f:6e:0d:42:
         63:01:34:9f:68:ff:0d:46:31:36:92:0b:cc:ea:8e:0f:be:ae:
         d7:b3:fa:d2:ea:1b:db:1b:74:cd:61:35:8f:a0:9d:9b:ed:14:
         57:fd:5c:b7:1a:d8:7a:12:02:d6:87:e1:04:93:c2:50:0e:2f:
         65:29:bc:68:6a:de:cb:a8:d4:5e:53:96:0f:32:e1:af:14:a1:
         84:ae:cc:58
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUZSJZvqSszDSyQkAXqg3Xjl70U+0wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTYxN1oX
DTI3MDMwMzA2MjExN1owMzExMC8GA1UEAxMoRkEyMTQxQTg0MEZGRkQ5NUZDM0NG
RjkyQTAzNUY4NURERDA1RUM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANf6vR5521/gRqeR/3CRU/SNpOiJm4YSGTfwI+LdUh0QAI+siYaWM1kxj7yt
69VKSt2NPQD9dwU4f1n34ycukk06lGb7nHxehKESga6P7kjp04+bpU1op3BNZvIV
Dmg4szumfwC/+JEnQmap1qv5UQSm9UiNeBJE+jfaoSOB+e22/IICYYpIhU3hPvzU
NLTRaSpKs1P67x7q2jjau2CxGhzgA08NDPi6WnPHID9ybQTpUPMy00WFavACidxb
rMTJ0sto5K6U2azt5id10PqDs2zfCdME/5Q1b5vEvbphJMsbnebrNEs6YB34smZr
c3O5PMuRwbQzSrYl4rzu1ZCRs6MCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBT6IUGo
QP/9lfw8/5KgNfhd3QXsUDAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTM3OC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
qqgwDQYJKoZIhvcNAQELBQADggEBAEKCxxfEKF3+uFFayiEaPfODd02KT3Iniv9O
9j+nxUmioIeUui7ISkchLmWVzKB+tSucT6eexXIDWHUnlRqxmdjNt/XJgsLoIbiB
Nu1Yj2ZdZNeahyImPmlI1a2lONL/gRNsVxjqrmFD6ft+GOCrAIF3O7dAqs46tzPp
JBmxuGYG7AdfwBohV+zQbC90KX2T1gCR7MMQpzmznVIRHzn3W5objNliLJ5V/219
KwL4KRfVj24NQmMBNJ9o/w1GMTaSC8zqjg++rtez+tLqG9sbdM1hNY+gnZvtFFf9
XLca2HoSAtaH4QSTwlAOL2UpvGhq3suo1F5Tlg8y4a8UoYSuzFg=
-----END CERTIFICATE-----