Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145388.roa
File:                     AS145388.roa (raw, json)
Hash identifier:          5ZDSQmp8OlPFJfUJl9WbUtl0oeWe1Bco01wrzz8pZuE=
Subject key identifier:   39:27:3A:36:71:3D:86:5F:F0:5B:1D:0B:08:02:02:F9:16:FD:F6:32
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       32B8D13123D68CC03A4F4D5AD740D12202BE62C9
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145388.roa
Signing time:             Wed 04 Mar 2026 06:20:44 +0000
ROA not before:           Wed 04 Mar 2026 06:15:44 +0000
ROA not after:            Wed 03 Mar 2027 06:20:44 +0000
asID:                     145388
IP address blocks:        240a:aab2::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:b8:d1:31:23:d6:8c:c0:3a:4f:4d:5a:d7:40:d1:22:02:be:62:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:15:44 2026 GMT
            Not After : Mar  3 06:20:44 2027 GMT
        Subject: CN=39273A36713D865FF05B1D0B080202F916FDF632
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:65:f7:32:e7:62:13:05:65:0d:96:8c:8c:4d:
                    91:c4:d9:e2:f5:68:64:9b:f1:68:0f:1f:c0:0e:07:
                    40:e6:19:58:4e:05:51:22:f0:03:32:74:c5:18:f0:
                    27:9b:ed:69:f3:6b:cc:b0:97:8d:0b:79:6d:ea:28:
                    54:8e:42:06:d2:f4:a6:44:df:6b:bb:c0:cd:d4:4d:
                    24:1d:82:e1:49:51:7e:65:49:97:32:9e:1b:f8:8d:
                    46:07:e9:cc:2c:83:d7:c7:a6:c1:d4:23:6a:c9:ca:
                    54:9a:17:27:6e:9c:b9:54:6f:e3:cd:37:74:a9:8f:
                    8e:96:ec:90:df:52:22:a1:b7:88:bf:b5:3b:e7:c2:
                    87:6b:99:1f:b1:47:d7:b2:d0:9c:33:3d:8a:c9:e1:
                    90:ab:18:a3:a6:ba:8f:75:54:5e:c2:79:24:61:56:
                    85:79:ab:04:c6:c2:57:a5:43:f4:e7:60:eb:61:0f:
                    13:81:e2:06:10:18:41:8b:e0:16:ed:da:2a:da:e3:
                    90:a6:d2:93:cf:13:4e:d8:16:49:73:3c:c2:2d:2e:
                    26:83:a5:dd:11:54:3f:b5:58:b6:c4:3a:71:59:41:
                    18:51:d8:a2:ff:5a:43:7e:37:3d:d7:44:a7:2f:77:
                    51:4f:8c:6d:2d:f9:43:1a:17:b4:3c:5f:0c:ad:b8:
                    2c:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:27:3A:36:71:3D:86:5F:F0:5B:1D:0B:08:02:02:F9:16:FD:F6:32
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145388.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:aab2::/32

    Signature Algorithm: sha256WithRSAEncryption
         8a:57:8c:10:00:20:62:68:48:c9:a0:13:0e:81:17:a9:6c:70:
         8c:b9:91:31:68:23:ed:8e:fd:68:45:97:da:96:f2:d3:98:61:
         52:d5:6b:4e:14:35:0d:73:f5:1b:03:c1:49:66:9f:46:05:c2:
         d6:22:0e:61:3b:e4:b0:c9:89:36:72:14:da:48:45:09:6e:ec:
         84:a4:c3:a6:82:e5:0d:dd:2b:99:50:f4:14:82:b6:d6:37:53:
         29:45:1f:9e:41:92:19:96:85:ed:8c:51:6f:0e:6e:35:ee:f0:
         d7:27:8f:a6:b5:40:43:f3:d7:1c:a6:19:dd:5b:34:9a:42:62:
         4d:76:82:7a:af:79:d7:3e:22:01:af:78:3f:d5:76:98:01:5e:
         8a:d6:25:3e:94:83:e0:1e:66:10:8c:c3:a8:80:49:15:7c:5d:
         ab:2a:9a:5b:af:8d:f5:cf:8d:b8:86:29:d2:47:cd:27:3a:e3:
         e5:a2:fb:67:4b:22:8b:15:c2:d7:e3:9a:7c:33:12:d5:d7:bd:
         74:b1:f7:2d:88:cc:c8:b8:98:a8:8f:a2:92:da:d5:16:7d:b0:
         f1:be:3c:00:0d:89:28:c4:8b:4c:78:93:8a:e8:ba:f3:fb:2e:
         78:cb:ae:34:7f:1a:b9:57:ca:6d:06:1b:38:44:de:ee:ce:de:
         de:41:37:ef
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUMrjRMSPWjMA6T01a10DRIgK+YskwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTU0NFoX
DTI3MDMwMzA2MjA0NFowMzExMC8GA1UEAxMoMzkyNzNBMzY3MTNEODY1RkYwNUIx
RDBCMDgwMjAyRjkxNkZERjYzMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK9l9zLnYhMFZQ2WjIxNkcTZ4vVoZJvxaA8fwA4HQOYZWE4FUSLwAzJ0xRjw
J5vtafNrzLCXjQt5beooVI5CBtL0pkTfa7vAzdRNJB2C4UlRfmVJlzKeG/iNRgfp
zCyD18emwdQjasnKVJoXJ26cuVRv4803dKmPjpbskN9SIqG3iL+1O+fCh2uZH7FH
17LQnDM9isnhkKsYo6a6j3VUXsJ5JGFWhXmrBMbCV6VD9Odg62EPE4HiBhAYQYvg
Fu3aKtrjkKbSk88TTtgWSXM8wi0uJoOl3RFUP7VYtsQ6cVlBGFHYov9aQ343PddE
py93UU+MbS35QxoXtDxfDK24LNECAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQ5Jzo2
cT2GX/BbHQsIAgL5Fv32MjAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTM4OC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
qrIwDQYJKoZIhvcNAQELBQADggEBAIpXjBAAIGJoSMmgEw6BF6lscIy5kTFoI+2O
/WhFl9qW8tOYYVLVa04UNQ1z9RsDwUlmn0YFwtYiDmE75LDJiTZyFNpIRQlu7ISk
w6aC5Q3dK5lQ9BSCttY3UylFH55BkhmWhe2MUW8ObjXu8Ncnj6a1QEPz1xymGd1b
NJpCYk12gnqvedc+IgGveD/VdpgBXorWJT6Ug+AeZhCMw6iASRV8XasqmluvjfXP
jbiGKdJHzSc64+Wi+2dLIosVwtfjmnwzEtXXvXSx9y2IzMi4mKiPopLa1RZ9sPG+
PAANiSjEi0x4k4rouvP7LnjLrjR/GrlXym0GGzhE3u7O3t5BN+8=
-----END CERTIFICATE-----