Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145431.roa
File:                     AS145431.roa (raw, json)
Hash identifier:          aHsjeS+li/sFCusxXqxfi1ZIwEeQB85VSu1Ov9rfRxM=
Subject key identifier:   08:C8:4B:12:81:0A:5D:A5:32:E0:5D:54:69:C7:72:4C:DE:08:FA:BF
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       6A350F2134EE42F326ED3D0F1ADBF12C77695BD2
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145431.roa
Signing time:             Wed 04 Mar 2026 06:19:33 +0000
ROA not before:           Wed 04 Mar 2026 06:14:33 +0000
ROA not after:            Wed 03 Mar 2027 06:19:33 +0000
asID:                     145431
IP address blocks:        240a:aadd::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6a:35:0f:21:34:ee:42:f3:26:ed:3d:0f:1a:db:f1:2c:77:69:5b:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:14:33 2026 GMT
            Not After : Mar  3 06:19:33 2027 GMT
        Subject: CN=08C84B12810A5DA532E05D5469C7724CDE08FABF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:33:36:14:e3:65:3a:47:21:61:ee:18:27:48:
                    94:5f:65:e3:04:b8:ed:78:19:33:14:c2:0d:b5:6e:
                    d6:bd:94:b2:1d:54:70:2e:a3:85:8e:66:73:eb:a1:
                    41:f1:cc:bf:51:66:23:10:65:48:d4:ba:87:60:6d:
                    36:04:51:d8:c2:c7:92:21:5a:d8:2f:36:9d:3d:18:
                    79:66:2f:34:5a:82:e0:d6:14:25:9c:7d:ea:87:a8:
                    49:aa:3a:07:a3:30:3f:f4:32:8e:84:41:ba:56:33:
                    a1:f4:08:d0:d3:d3:14:72:0d:a2:00:68:b5:0d:a6:
                    00:ab:75:e1:68:45:b2:ce:08:74:f1:4b:a7:79:a6:
                    b7:0c:e2:51:0b:19:79:eb:e2:85:71:cd:8c:5d:9f:
                    31:9a:06:82:96:15:f9:ee:66:3a:f0:76:b4:d6:e9:
                    5d:86:d6:e4:47:53:5b:49:1d:fa:0f:e8:9d:86:a9:
                    6b:70:66:47:d7:b5:6f:1d:20:b8:86:c9:dd:ea:31:
                    e8:ba:51:ba:60:18:e0:bc:00:fd:eb:3e:1f:be:97:
                    c0:bf:4c:a7:ee:2a:12:f5:84:de:47:31:53:ea:14:
                    8b:af:30:55:f8:71:c1:77:d0:dc:60:4d:e0:ae:21:
                    0d:df:8e:dc:13:e0:ce:29:9d:30:70:39:62:16:b4:
                    f4:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:C8:4B:12:81:0A:5D:A5:32:E0:5D:54:69:C7:72:4C:DE:08:FA:BF
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145431.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:aadd::/32

    Signature Algorithm: sha256WithRSAEncryption
         90:48:b9:63:26:b0:d6:d3:45:3d:a4:da:c0:c6:77:d6:5b:72:
         2b:34:58:d4:22:be:cd:39:3a:99:dd:e2:93:25:8d:e7:9b:67:
         75:4d:74:cc:04:dd:1a:94:d7:3b:1d:d3:2b:ec:44:fa:0f:ed:
         cf:61:32:1f:23:a9:8f:e3:d3:91:44:e2:c4:ff:33:b4:4b:83:
         42:6d:a7:95:14:9e:18:10:fe:ae:b4:24:4a:ed:3a:f9:94:d6:
         e2:5c:0b:5c:9a:73:01:0f:9b:a4:cd:dc:31:b7:70:77:a6:0d:
         ed:3f:92:9d:a4:31:d4:8e:ac:c3:59:4d:20:5b:30:0a:de:67:
         b4:58:31:cb:8f:9b:57:36:be:d5:61:f3:7d:6a:8f:d6:b9:79:
         df:4a:fd:8f:ce:65:08:06:3b:76:a5:d7:35:d0:8d:d2:34:aa:
         04:5a:07:7d:9a:ba:72:75:a5:56:bd:5e:fb:3e:2d:73:1b:68:
         ad:6c:c1:85:10:30:f9:75:08:55:ff:f1:cb:46:55:96:20:fc:
         46:91:b1:96:db:8c:f4:80:7b:a2:d6:1b:dd:cd:a3:b6:d9:1d:
         db:f7:52:30:01:bd:2e:07:18:8b:88:c3:55:21:08:fd:5b:b4:
         db:f5:82:14:4d:f8:93:5c:d6:51:8d:a3:23:28:f6:75:68:c5:
         5a:a1:01:14
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUajUPITTuQvMm7T0PGtvxLHdpW9IwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTQzM1oX
DTI3MDMwMzA2MTkzM1owMzExMC8GA1UEAxMoMDhDODRCMTI4MTBBNURBNTMyRTA1
RDU0NjlDNzcyNENERTA4RkFCRjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJ0zNhTjZTpHIWHuGCdIlF9l4wS47XgZMxTCDbVu1r2Ush1UcC6jhY5mc+uh
QfHMv1FmIxBlSNS6h2BtNgRR2MLHkiFa2C82nT0YeWYvNFqC4NYUJZx96oeoSao6
B6MwP/QyjoRBulYzofQI0NPTFHINogBotQ2mAKt14WhFss4IdPFLp3mmtwziUQsZ
eevihXHNjF2fMZoGgpYV+e5mOvB2tNbpXYbW5EdTW0kd+g/onYapa3BmR9e1bx0g
uIbJ3eox6LpRumAY4LwA/es+H76XwL9Mp+4qEvWE3kcxU+oUi68wVfhxwXfQ3GBN
4K4hDd+O3BPgzimdMHA5Yha09NUCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQIyEsS
gQpdpTLgXVRpx3JM3gj6vzAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTQzMS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
qt0wDQYJKoZIhvcNAQELBQADggEBAJBIuWMmsNbTRT2k2sDGd9Zbcis0WNQivs05
Opnd4pMljeebZ3VNdMwE3RqU1zsd0yvsRPoP7c9hMh8jqY/j05FE4sT/M7RLg0Jt
p5UUnhgQ/q60JErtOvmU1uJcC1yacwEPm6TN3DG3cHemDe0/kp2kMdSOrMNZTSBb
MAreZ7RYMcuPm1c2vtVh831qj9a5ed9K/Y/OZQgGO3al1zXQjdI0qgRaB32aunJ1
pVa9Xvs+LXMbaK1swYUQMPl1CFX/8ctGVZYg/EaRsZbbjPSAe6LWG93No7bZHdv3
UjABvS4HGIuIw1UhCP1btNv1ghRN+JNc1lGNoyMo9nVoxVqhARQ=
-----END CERTIFICATE-----