Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145390.roa
File:                     AS145390.roa (raw, json)
Hash identifier:          nIHPdGfCtjV8EqpBtSZzOrx4v8/IlYfAVCd0vd18ztw=
Subject key identifier:   81:A3:17:39:15:A8:67:7E:02:4C:62:51:33:8B:A5:0F:1A:E5:D1:11
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       4DD233F00DDC111AB5125E09689FF76A570BB4B7
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145390.roa
Signing time:             Wed 04 Mar 2026 06:19:49 +0000
ROA not before:           Wed 04 Mar 2026 06:14:49 +0000
ROA not after:            Wed 03 Mar 2027 06:19:49 +0000
asID:                     145390
IP address blocks:        240a:aab4::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:d2:33:f0:0d:dc:11:1a:b5:12:5e:09:68:9f:f7:6a:57:0b:b4:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:14:49 2026 GMT
            Not After : Mar  3 06:19:49 2027 GMT
        Subject: CN=81A3173915A8677E024C6251338BA50F1AE5D111
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:ed:b1:61:96:cb:25:05:b4:40:fa:3d:be:3e:
                    95:81:fb:36:8a:41:2f:43:e1:1a:99:f1:c5:87:63:
                    a4:f6:45:73:ba:3a:12:2c:bf:fe:63:75:80:cd:0e:
                    c1:ce:61:98:17:54:fb:7d:54:15:49:8e:cd:a3:25:
                    3e:c0:80:cd:87:6f:a3:7b:51:4c:5e:26:d5:12:52:
                    19:17:2f:0c:f3:42:c3:6f:55:3d:3a:74:f1:cb:8f:
                    7d:d3:d4:ed:f4:b9:10:70:7f:8d:2f:de:56:1a:82:
                    87:7f:ef:88:7b:39:3d:54:6c:04:a7:ea:75:a3:8c:
                    5a:fa:8a:2f:24:ab:38:37:bc:ea:cc:a0:50:21:0f:
                    8c:fb:f8:0a:c8:18:12:39:fc:e6:4d:07:40:0c:a0:
                    01:b1:dc:5a:f0:ac:54:ea:dc:d4:58:30:4e:c4:83:
                    b6:bf:2a:5f:58:f1:ab:1c:40:0a:57:6e:98:3c:43:
                    8a:5b:19:3b:d5:56:8b:e3:9a:1a:32:f3:d3:e9:54:
                    8f:3f:c8:21:80:29:c6:a1:e1:be:b5:d2:93:a9:e8:
                    a1:47:b6:9b:16:06:6b:c4:10:d9:09:d0:e9:cb:ea:
                    96:7c:c4:58:cb:e0:f3:55:26:3e:3e:31:29:24:0e:
                    e5:4e:a7:51:07:ff:1e:f9:03:9a:04:74:58:d3:cc:
                    d3:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:A3:17:39:15:A8:67:7E:02:4C:62:51:33:8B:A5:0F:1A:E5:D1:11
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145390.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:aab4::/32

    Signature Algorithm: sha256WithRSAEncryption
         b6:d0:cc:34:98:1f:ee:33:6b:05:84:9c:70:9b:29:d4:08:42:
         be:98:f3:a2:43:c4:35:a0:0c:48:e7:90:e8:fe:80:08:cb:a2:
         90:9e:f1:34:f0:26:4c:e1:c4:d4:f9:57:81:91:91:46:07:73:
         73:7f:33:d1:98:29:34:2b:da:6e:d3:ce:14:dc:0e:60:a6:52:
         f9:96:ef:4d:e7:ba:f5:4e:ed:cf:d5:9a:4e:f5:b1:f7:f2:92:
         16:d8:7c:ba:6e:08:f8:1a:64:c8:70:69:ef:31:9e:27:2a:b8:
         7e:cc:59:7a:f1:45:99:83:b6:05:66:aa:1c:6f:80:29:8b:f0:
         31:e5:03:95:e3:32:3b:af:2a:40:de:2d:e1:4f:ba:cd:7c:67:
         e4:98:30:63:1a:87:bf:72:05:6e:bb:40:bc:7c:ae:ae:91:21:
         07:22:25:09:30:24:73:d6:d9:53:e7:be:9d:68:e6:8c:ea:9e:
         52:59:41:38:80:c4:35:e9:d6:27:0b:22:68:1a:5f:98:7e:64:
         0c:3e:43:ea:14:30:ea:f4:1e:05:98:6c:af:dd:69:07:e8:78:
         35:68:14:59:52:b3:37:e9:03:08:20:78:69:d6:22:ff:06:ae:
         ce:24:f3:25:35:60:55:14:a2:95:3e:12:06:d8:b5:47:04:a7:
         59:c9:2d:36
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUTdIz8A3cERq1El4JaJ/3alcLtLcwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTQ0OVoX
DTI3MDMwMzA2MTk0OVowMzExMC8GA1UEAxMoODFBMzE3MzkxNUE4Njc3RTAyNEM2
MjUxMzM4QkE1MEYxQUU1RDExMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMHtsWGWyyUFtED6Pb4+lYH7NopBL0PhGpnxxYdjpPZFc7o6Eiy//mN1gM0O
wc5hmBdU+31UFUmOzaMlPsCAzYdvo3tRTF4m1RJSGRcvDPNCw29VPTp08cuPfdPU
7fS5EHB/jS/eVhqCh3/viHs5PVRsBKfqdaOMWvqKLySrODe86sygUCEPjPv4CsgY
Ejn85k0HQAygAbHcWvCsVOrc1FgwTsSDtr8qX1jxqxxACldumDxDilsZO9VWi+Oa
GjLz0+lUjz/IIYApxqHhvrXSk6nooUe2mxYGa8QQ2QnQ6cvqlnzEWMvg81UmPj4x
KSQO5U6nUQf/HvkDmgR0WNPM09UCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBSBoxc5
FahnfgJMYlEzi6UPGuXRETAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTM5MC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
qrQwDQYJKoZIhvcNAQELBQADggEBALbQzDSYH+4zawWEnHCbKdQIQr6Y86JDxDWg
DEjnkOj+gAjLopCe8TTwJkzhxNT5V4GRkUYHc3N/M9GYKTQr2m7TzhTcDmCmUvmW
703nuvVO7c/Vmk71sffykhbYfLpuCPgaZMhwae8xnicquH7MWXrxRZmDtgVmqhxv
gCmL8DHlA5XjMjuvKkDeLeFPus18Z+SYMGMah79yBW67QLx8rq6RIQciJQkwJHPW
2VPnvp1o5ozqnlJZQTiAxDXp1icLImgaX5h+ZAw+Q+oUMOr0HgWYbK/daQfoeDVo
FFlSszfpAwggeGnWIv8Grs4k8yU1YFUUopU+EgbYtUcEp1nJLTY=
-----END CERTIFICATE-----