Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145401.roa
File:                     AS145401.roa (raw, json)
Hash identifier:          4U9/Jififa5aOr4hYDaX9hwkv1CsF87Qp/2HBCQ71DY=
Subject key identifier:   D3:5F:0A:2D:EC:EE:22:DD:B9:9C:09:AE:07:C9:29:A6:20:75:09:DB
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       1BC6BFC592241C9B53BFCBA92E561A3CF515FB13
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145401.roa
Signing time:             Wed 04 Mar 2026 06:20:24 +0000
ROA not before:           Wed 04 Mar 2026 06:15:24 +0000
ROA not after:            Wed 03 Mar 2027 06:20:24 +0000
asID:                     145401
IP address blocks:        240a:aabf::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1b:c6:bf:c5:92:24:1c:9b:53:bf:cb:a9:2e:56:1a:3c:f5:15:fb:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:15:24 2026 GMT
            Not After : Mar  3 06:20:24 2027 GMT
        Subject: CN=D35F0A2DECEE22DDB99C09AE07C929A6207509DB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:fc:1c:2f:a4:21:b2:b5:52:14:9c:7d:2e:10:
                    86:43:26:cd:6d:15:98:d0:7a:37:91:b7:1c:e8:51:
                    fa:e6:03:c0:12:62:b6:31:af:28:6a:81:c0:37:92:
                    da:90:f4:9b:d4:2f:d1:4c:14:4d:14:a0:53:72:aa:
                    ae:ac:cf:81:fb:a5:49:fc:3c:3c:dd:0c:83:40:ba:
                    8f:84:88:f9:03:38:6f:e9:e0:42:50:d7:bb:f7:52:
                    52:69:05:e0:b8:79:2f:ad:9f:c7:d8:f4:6e:da:46:
                    57:ed:7b:54:bb:ac:72:3c:8b:1a:4a:64:36:f9:e8:
                    e2:d6:77:c8:d7:e2:e7:a7:1e:81:ec:0d:36:84:e0:
                    f2:be:f8:b4:ce:06:7c:b9:16:f0:5a:53:b9:85:a1:
                    49:6a:88:be:da:89:72:4d:03:bb:4b:dc:89:94:3b:
                    d2:77:99:26:54:f0:e6:b0:33:46:bd:17:c7:a3:d4:
                    f5:ee:f1:e1:be:09:f5:c0:68:4d:5d:26:63:bb:da:
                    1c:22:4e:c1:a8:f6:17:1e:9e:e0:c7:79:f7:e6:38:
                    18:1a:28:ec:d1:11:98:11:d9:8d:57:d6:0e:14:03:
                    f9:6f:a3:d3:c3:ec:f6:60:32:e1:56:4c:0a:37:a7:
                    90:25:9f:15:1a:3a:3f:37:5b:39:53:11:6f:57:05:
                    47:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:5F:0A:2D:EC:EE:22:DD:B9:9C:09:AE:07:C9:29:A6:20:75:09:DB
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145401.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:aabf::/32

    Signature Algorithm: sha256WithRSAEncryption
         07:20:98:be:20:21:bc:a3:e3:af:ed:63:15:16:33:95:86:58:
         b5:87:19:e7:67:8e:10:38:52:71:e8:ae:0e:72:bf:a7:db:18:
         09:ed:e6:80:a4:e2:3d:0b:9f:b9:38:81:d5:65:43:58:d7:f5:
         83:84:5d:00:cf:5d:bc:df:32:ea:6d:dd:fb:e4:dc:3c:6b:5b:
         be:88:d0:7b:6b:ad:58:05:37:01:fd:d3:b0:5f:dc:5a:e1:f6:
         1a:a8:ff:71:d2:43:38:e4:49:cc:d9:28:32:0a:2b:8c:4f:b3:
         fb:71:d6:67:7f:c1:05:14:a6:5d:c7:ef:87:ef:ab:12:3d:18:
         09:c4:07:59:d2:0e:77:da:90:30:aa:cf:1b:73:43:5b:fe:36:
         41:24:5f:e6:c2:0e:f8:21:6f:92:f3:52:ce:09:c1:92:f0:26:
         82:19:44:da:50:5b:ce:70:76:db:f9:98:b2:c2:15:29:ec:75:
         dd:62:e6:8d:a1:77:85:d2:3b:25:ae:da:69:eb:43:a5:67:16:
         26:12:e1:83:78:99:d5:23:8e:d5:ba:d8:45:43:e9:1b:f4:e3:
         5a:af:86:48:af:d0:97:0b:60:2c:7d:1c:4d:f4:97:f2:4f:85:
         b9:b8:18:a1:1f:33:cb:a2:80:cf:04:19:a5:91:fe:a7:3f:3c:
         d9:44:c0:64
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUG8a/xZIkHJtTv8upLlYaPPUV+xMwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTUyNFoX
DTI3MDMwMzA2MjAyNFowMzExMC8GA1UEAxMoRDM1RjBBMkRFQ0VFMjJEREI5OUMw
OUFFMDdDOTI5QTYyMDc1MDlEQjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALT8HC+kIbK1UhScfS4QhkMmzW0VmNB6N5G3HOhR+uYDwBJitjGvKGqBwDeS
2pD0m9Qv0UwUTRSgU3KqrqzPgfulSfw8PN0Mg0C6j4SI+QM4b+ngQlDXu/dSUmkF
4Lh5L62fx9j0btpGV+17VLuscjyLGkpkNvno4tZ3yNfi56cegewNNoTg8r74tM4G
fLkW8FpTuYWhSWqIvtqJck0Du0vciZQ70neZJlTw5rAzRr0Xx6PU9e7x4b4J9cBo
TV0mY7vaHCJOwaj2Fx6e4Md59+Y4GBoo7NERmBHZjVfWDhQD+W+j08Ps9mAy4VZM
CjenkCWfFRo6PzdbOVMRb1cFRxcCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBTTXwot
7O4i3bmcCa4HySmmIHUJ2zAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTQwMS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
qr8wDQYJKoZIhvcNAQELBQADggEBAAcgmL4gIbyj46/tYxUWM5WGWLWHGednjhA4
UnHorg5yv6fbGAnt5oCk4j0Ln7k4gdVlQ1jX9YOEXQDPXbzfMupt3fvk3DxrW76I
0HtrrVgFNwH907Bf3Frh9hqo/3HSQzjkSczZKDIKK4xPs/tx1md/wQUUpl3H74fv
qxI9GAnEB1nSDnfakDCqzxtzQ1v+NkEkX+bCDvghb5LzUs4JwZLwJoIZRNpQW85w
dtv5mLLCFSnsdd1i5o2hd4XSOyWu2mnrQ6VnFiYS4YN4mdUjjtW62EVD6Rv041qv
hkiv0JcLYCx9HE30l/JPhbm4GKEfM8uigM8EGaWR/qc/PNlEwGQ=
-----END CERTIFICATE-----