Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145396.roa
File:                     AS145396.roa (raw, json)
Hash identifier:          NFPOM4ApdbB4LAamltA/gKzoGdkNuzJ5Dtq1ns6fMOc=
Subject key identifier:   25:4A:D7:C3:4B:41:3A:30:BD:1E:74:0D:2E:72:4D:BC:90:D3:1F:4B
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       1B1D4CC0D090BEF53F1C33F28F805D9724A838B7
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145396.roa
Signing time:             Wed 04 Mar 2026 06:19:29 +0000
ROA not before:           Wed 04 Mar 2026 06:14:29 +0000
ROA not after:            Wed 03 Mar 2027 06:19:29 +0000
asID:                     145396
IP address blocks:        240a:aaba::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1b:1d:4c:c0:d0:90:be:f5:3f:1c:33:f2:8f:80:5d:97:24:a8:38:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:14:29 2026 GMT
            Not After : Mar  3 06:19:29 2027 GMT
        Subject: CN=254AD7C34B413A30BD1E740D2E724DBC90D31F4B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:1f:fb:a5:09:c7:49:21:6a:30:4d:30:6a:23:
                    90:9b:e3:c0:10:ae:41:9d:24:80:a6:1a:07:a5:ca:
                    ac:3d:98:ba:7b:2f:ae:1e:f0:85:ee:8b:41:43:00:
                    c0:86:3a:49:02:88:7e:ae:66:c7:46:00:5c:b1:dc:
                    48:cd:b9:b0:a5:4c:5a:b5:14:f6:9b:9a:de:e4:86:
                    df:77:6c:99:8f:22:46:70:48:2a:74:d8:5e:f5:dc:
                    a2:62:44:53:08:c9:1c:68:25:4a:8e:c8:a9:a9:11:
                    1e:c8:25:aa:58:b7:ff:cc:60:0c:75:a4:8c:4b:39:
                    5e:a8:bf:54:a9:12:65:b3:0e:d2:c9:14:b9:ac:28:
                    7d:d0:ad:54:e1:9c:01:25:f0:f2:54:8a:c5:c0:9b:
                    18:ad:d2:69:6c:a1:35:42:02:23:b6:de:31:52:61:
                    69:0d:5e:c9:14:36:89:df:64:f3:fc:be:53:ff:d0:
                    27:a5:54:23:69:a1:ef:65:e7:78:ec:8c:17:eb:48:
                    af:f5:b5:b1:39:ad:01:8d:e8:08:ac:2e:d0:34:7b:
                    d4:8a:6d:9c:cf:83:c9:da:70:1d:00:39:7a:86:70:
                    4b:a5:47:95:40:ef:4e:5b:f2:ff:02:c9:cc:5e:15:
                    9e:8c:aa:14:3f:dc:2a:a5:5d:a4:3e:f0:a2:27:c1:
                    e4:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:4A:D7:C3:4B:41:3A:30:BD:1E:74:0D:2E:72:4D:BC:90:D3:1F:4B
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145396.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:aaba::/32

    Signature Algorithm: sha256WithRSAEncryption
         66:8c:71:e6:2e:1f:dd:94:ab:d9:17:9c:45:64:af:8c:b6:05:
         ac:f5:9f:60:e3:00:fb:ce:cb:9c:4f:57:62:73:c4:36:43:f2:
         84:bd:b1:85:cc:8b:1b:c9:02:ab:ac:14:af:c5:19:51:6b:00:
         18:12:9d:57:38:b4:18:ae:5b:94:e7:6c:77:2e:ee:4b:ec:82:
         0f:99:cb:1f:6b:e9:57:06:4f:df:10:f1:4d:5b:5c:17:99:7e:
         61:53:d0:9c:3c:8b:7e:82:c7:95:22:49:60:f5:a7:e4:59:a0:
         29:2b:a4:7e:8a:31:cc:8c:d7:90:90:c1:04:18:83:a1:12:f8:
         42:25:e8:18:70:5d:af:d0:3e:62:67:1a:a8:0f:10:99:ee:dc:
         44:d3:50:06:12:64:30:34:d3:4c:dd:a6:be:04:33:29:71:cd:
         d6:23:91:5f:27:9f:66:16:bb:d7:9e:a9:ff:79:e7:f9:57:3f:
         ee:11:94:5f:12:85:d3:0f:d6:bc:77:92:b7:43:d4:79:da:9a:
         63:ff:32:c8:7a:a6:e3:45:8a:30:7c:f1:73:7d:1e:20:b9:79:
         2a:19:ab:e2:28:40:15:5b:c6:11:36:f0:99:1e:39:45:71:97:
         ae:c0:4d:2e:f9:24:fe:c9:a6:c1:29:1a:f1:80:81:1a:47:86:
         0d:71:f6:78
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUGx1MwNCQvvU/HDPyj4BdlySoOLcwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTQyOVoX
DTI3MDMwMzA2MTkyOVowMzExMC8GA1UEAxMoMjU0QUQ3QzM0QjQxM0EzMEJEMUU3
NDBEMkU3MjREQkM5MEQzMUY0QjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAO8f+6UJx0khajBNMGojkJvjwBCuQZ0kgKYaB6XKrD2Yunsvrh7whe6LQUMA
wIY6SQKIfq5mx0YAXLHcSM25sKVMWrUU9pua3uSG33dsmY8iRnBIKnTYXvXcomJE
UwjJHGglSo7IqakRHsglqli3/8xgDHWkjEs5Xqi/VKkSZbMO0skUuawofdCtVOGc
ASXw8lSKxcCbGK3SaWyhNUICI7beMVJhaQ1eyRQ2id9k8/y+U//QJ6VUI2mh72Xn
eOyMF+tIr/W1sTmtAY3oCKwu0DR71IptnM+DydpwHQA5eoZwS6VHlUDvTlvy/wLJ
zF4VnoyqFD/cKqVdpD7woifB5LECAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQlStfD
S0E6ML0edA0uck28kNMfSzAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTM5Ni5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
qrowDQYJKoZIhvcNAQELBQADggEBAGaMceYuH92Uq9kXnEVkr4y2Baz1n2DjAPvO
y5xPV2JzxDZD8oS9sYXMixvJAqusFK/FGVFrABgSnVc4tBiuW5TnbHcu7kvsgg+Z
yx9r6VcGT98Q8U1bXBeZfmFT0Jw8i36Cx5UiSWD1p+RZoCkrpH6KMcyM15CQwQQY
g6ES+EIl6BhwXa/QPmJnGqgPEJnu3ETTUAYSZDA000zdpr4EMylxzdYjkV8nn2YW
u9eeqf955/lXP+4RlF8ShdMP1rx3krdD1HnammP/Msh6puNFijB88XN9HiC5eSoZ
q+IoQBVbxhE28JkeOUVxl67ATS75JP7JpsEpGvGAgRpHhg1x9ng=
-----END CERTIFICATE-----