Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145402.roa
File:                     AS145402.roa (raw, json)
Hash identifier:          T5g9l5st6CJ6j9QsKp3LHJc2jbgDjV2am+I/0h+XEOs=
Subject key identifier:   A3:03:54:CC:9D:72:0C:C4:30:B9:FC:74:AB:1A:C8:B9:AB:59:F6:ED
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       3EB355E414F16554C06828981F021E21B1CF23FC
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145402.roa
Signing time:             Wed 04 Mar 2026 06:21:22 +0000
ROA not before:           Wed 04 Mar 2026 06:16:22 +0000
ROA not after:            Wed 03 Mar 2027 06:21:22 +0000
asID:                     145402
IP address blocks:        240a:aac0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3e:b3:55:e4:14:f1:65:54:c0:68:28:98:1f:02:1e:21:b1:cf:23:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:16:22 2026 GMT
            Not After : Mar  3 06:21:22 2027 GMT
        Subject: CN=A30354CC9D720CC430B9FC74AB1AC8B9AB59F6ED
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:22:8c:e3:6e:b4:a6:e4:b3:92:3f:27:83:53:
                    cf:88:ed:1c:c1:bf:28:77:cd:a0:be:6a:d3:98:f1:
                    a4:09:42:30:a9:1c:e3:11:12:b2:de:12:09:95:4c:
                    df:cc:8d:1a:53:33:a2:d4:6a:bb:cf:2f:b7:2c:2c:
                    97:f2:2f:b3:c4:ea:fb:3b:00:0a:99:1e:ad:be:58:
                    22:7e:ae:47:96:a3:3a:79:6a:f7:32:8c:74:cf:28:
                    57:aa:86:f0:17:c3:b4:2c:96:00:d5:7c:a8:ac:b2:
                    f6:7b:1c:db:06:52:4e:cc:f8:f0:a4:50:a6:d7:06:
                    c8:e4:b6:a9:13:6d:d1:62:92:cd:89:43:e5:41:1f:
                    d4:e5:6b:37:8e:15:cf:6b:0a:45:47:7b:fe:0c:63:
                    54:6b:93:48:77:be:18:40:cc:83:5e:5f:82:af:01:
                    c1:c0:5c:d7:d9:e7:ed:ed:09:5d:e4:66:cd:40:e7:
                    50:2d:13:1f:dc:8d:1d:20:81:a3:d1:02:42:a3:bc:
                    7d:22:4d:7f:f8:3b:55:70:ab:5c:13:67:f6:85:7f:
                    3b:d5:6b:f6:5e:86:b1:d6:12:2b:dd:32:30:fa:ee:
                    9e:4d:fc:bd:7e:0d:9e:4e:b3:d3:dc:2a:1e:25:e3:
                    f4:bd:00:fe:b0:e3:d4:58:b5:c1:ee:ca:06:53:97:
                    c0:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:03:54:CC:9D:72:0C:C4:30:B9:FC:74:AB:1A:C8:B9:AB:59:F6:ED
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145402.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:aac0::/32

    Signature Algorithm: sha256WithRSAEncryption
         c5:b1:f2:27:74:88:71:3e:8c:02:d4:d6:8a:de:6e:84:46:ec:
         7b:5a:84:b5:45:66:8a:bf:30:1a:8b:2c:de:41:b4:86:b5:31:
         5a:41:2e:f7:3a:6f:c4:cf:c3:cb:ea:67:eb:51:a8:7d:44:95:
         c4:85:d3:55:d8:92:f7:43:a8:68:74:bc:58:3b:ef:2a:91:2a:
         7e:6d:3a:3a:17:b5:f2:bf:88:e9:bc:2f:71:ad:e1:5e:ce:f9:
         6a:69:cd:63:b6:ae:89:8f:90:c0:a8:f1:6a:f2:85:c3:9e:6c:
         a0:ed:a6:e5:26:dd:52:2c:8b:91:d5:10:97:73:ac:4a:f4:1c:
         79:8e:c6:a4:47:8d:3a:af:d7:23:68:7b:6d:ad:59:7c:8c:50:
         38:ff:83:94:31:63:ce:bc:78:a8:d9:3d:3f:07:d9:ed:f3:1a:
         1d:6b:b8:26:24:50:15:88:43:87:03:83:5a:23:20:be:a8:65:
         f6:da:26:39:d4:6c:6a:dc:0b:79:2c:82:62:94:4f:09:de:b1:
         04:eb:58:68:ee:85:a5:dd:23:44:65:ac:e3:98:db:94:4f:a5:
         27:63:a5:91:b3:67:5d:a8:e2:40:87:7f:1e:01:7c:14:64:77:
         22:c9:ac:91:5c:3b:fc:8d:94:a5:36:2e:ef:03:79:c6:ee:0a:
         c0:a8:53:a2
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUPrNV5BTxZVTAaCiYHwIeIbHPI/wwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTYyMloX
DTI3MDMwMzA2MjEyMlowMzExMC8GA1UEAxMoQTMwMzU0Q0M5RDcyMENDNDMwQjlG
Qzc0QUIxQUM4QjlBQjU5RjZFRDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK0ijONutKbks5I/J4NTz4jtHMG/KHfNoL5q05jxpAlCMKkc4xESst4SCZVM
38yNGlMzotRqu88vtywsl/Ivs8Tq+zsACpkerb5YIn6uR5ajOnlq9zKMdM8oV6qG
8BfDtCyWANV8qKyy9nsc2wZSTsz48KRQptcGyOS2qRNt0WKSzYlD5UEf1OVrN44V
z2sKRUd7/gxjVGuTSHe+GEDMg15fgq8BwcBc19nn7e0JXeRmzUDnUC0TH9yNHSCB
o9ECQqO8fSJNf/g7VXCrXBNn9oV/O9Vr9l6GsdYSK90yMPrunk38vX4Nnk6z09wq
HiXj9L0A/rDj1Fi1we7KBlOXwH8CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBSjA1TM
nXIMxDC5/HSrGsi5q1n27TAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTQwMi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
qsAwDQYJKoZIhvcNAQELBQADggEBAMWx8id0iHE+jALU1oreboRG7HtahLVFZoq/
MBqLLN5BtIa1MVpBLvc6b8TPw8vqZ+tRqH1ElcSF01XYkvdDqGh0vFg77yqRKn5t
OjoXtfK/iOm8L3Gt4V7O+WppzWO2romPkMCo8WryhcOebKDtpuUm3VIsi5HVEJdz
rEr0HHmOxqRHjTqv1yNoe22tWXyMUDj/g5QxY868eKjZPT8H2e3zGh1ruCYkUBWI
Q4cDg1ojIL6oZfbaJjnUbGrcC3ksgmKUTwnesQTrWGjuhaXdI0RlrOOY25RPpSdj
pZGzZ12o4kCHfx4BfBRkdyLJrJFcO/yNlKU2Lu8DecbuCsCoU6I=
-----END CERTIFICATE-----