Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145484.roa
File:                     AS145484.roa (raw, json)
Hash identifier:          MYK4+FkLKBJyhVuCNnK2SW56RmClPQ6pDpwYh4VTzXc=
Subject key identifier:   F1:2A:80:0E:AA:64:1E:D0:34:BF:04:B4:EF:1D:24:85:5B:C8:74:0E
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       18F7A4BF7F20A37B61746A6654C9BCC4EEABE935
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145484.roa
Signing time:             Wed 04 Mar 2026 06:21:48 +0000
ROA not before:           Wed 04 Mar 2026 06:16:48 +0000
ROA not after:            Wed 03 Mar 2027 06:21:48 +0000
asID:                     145484
IP address blocks:        240a:ab12::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:f7:a4:bf:7f:20:a3:7b:61:74:6a:66:54:c9:bc:c4:ee:ab:e9:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:16:48 2026 GMT
            Not After : Mar  3 06:21:48 2027 GMT
        Subject: CN=F12A800EAA641ED034BF04B4EF1D24855BC8740E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:34:e9:17:9b:5b:ff:51:b5:69:8e:39:f6:7f:
                    a9:03:45:34:ac:09:a6:86:58:8e:73:bf:70:79:11:
                    64:8d:e6:21:22:4d:81:28:50:66:1e:66:24:f6:b3:
                    66:25:2d:b7:9f:0f:d1:6e:f4:50:41:c0:c0:61:7c:
                    fc:40:83:28:69:4f:fe:3b:32:01:25:e6:46:cf:dc:
                    d1:99:84:dc:a2:93:5a:7f:03:e8:eb:77:a1:4a:dd:
                    d1:ed:9b:d3:9f:4d:02:d8:12:dc:29:6a:e6:56:98:
                    af:5a:78:88:33:40:73:89:02:1d:e4:3e:04:f1:6e:
                    34:52:ce:35:d3:ea:f8:d8:14:11:2b:6b:4f:9a:2b:
                    fc:99:9c:bf:ed:45:04:76:2a:96:3d:eb:4b:43:93:
                    c7:d1:bf:e8:4b:11:e3:9c:3e:88:f4:4f:8c:26:c0:
                    06:e1:d0:0b:5c:50:49:89:07:38:28:ae:d8:8a:60:
                    61:3f:58:0c:02:0a:71:f9:8a:8f:92:7d:84:da:28:
                    5a:9b:a3:90:3c:bf:f1:a9:9e:0d:ce:ec:17:43:a4:
                    07:70:ff:a0:dd:f7:19:25:15:3f:03:62:86:c4:bf:
                    92:fc:b5:72:df:65:38:01:e7:31:62:34:3c:d0:e1:
                    5b:2e:06:30:d9:e3:e6:4e:e5:f2:f2:9e:04:6a:0a:
                    a3:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:2A:80:0E:AA:64:1E:D0:34:BF:04:B4:EF:1D:24:85:5B:C8:74:0E
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145484.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:ab12::/32

    Signature Algorithm: sha256WithRSAEncryption
         0a:fb:1b:9f:c4:50:29:69:09:db:45:ea:f3:11:89:5b:cc:4d:
         4b:9e:04:bc:99:95:32:34:31:91:92:99:64:9d:21:cd:ad:22:
         45:c1:62:d2:8b:ea:c5:cd:39:c0:3d:93:4b:fe:ed:2a:75:29:
         bd:00:61:7f:40:a9:12:0d:ec:3e:86:68:82:f9:be:c0:15:1e:
         af:f5:3b:71:8b:54:6f:6e:67:6e:fb:98:72:df:98:67:70:db:
         8b:42:d0:c1:2a:66:36:06:a4:b9:4e:43:b0:b3:1d:f7:aa:de:
         e4:a3:98:63:c7:6b:25:c4:c8:2f:79:23:05:1a:3a:f1:e3:b0:
         b2:56:ef:95:13:1a:03:4e:ef:0f:50:74:78:4e:ba:ad:34:4e:
         67:cb:8c:79:0c:64:65:20:60:8d:a3:22:de:1d:c4:78:70:f8:
         40:8a:9f:11:db:15:02:2e:28:7d:0b:9b:38:76:95:dd:76:fb:
         84:47:cc:33:89:92:0e:f0:52:ca:67:48:93:e1:a6:c1:f1:73:
         19:f9:47:12:00:2f:3c:eb:dd:63:be:cb:2f:f1:22:f4:27:40:
         b7:a0:f4:9e:63:0c:18:2a:fe:16:f3:86:d3:8b:ed:44:57:c3:
         a8:c1:9b:f9:a2:e3:35:3d:59:ec:8c:c0:8a:b2:a7:04:78:84:
         fd:64:84:9d
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUGPekv38go3thdGpmVMm8xO6r6TUwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTY0OFoX
DTI3MDMwMzA2MjE0OFowMzExMC8GA1UEAxMoRjEyQTgwMEVBQTY0MUVEMDM0QkYw
NEI0RUYxRDI0ODU1QkM4NzQwRTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAME06RebW/9RtWmOOfZ/qQNFNKwJpoZYjnO/cHkRZI3mISJNgShQZh5mJPaz
ZiUtt58P0W70UEHAwGF8/ECDKGlP/jsyASXmRs/c0ZmE3KKTWn8D6Ot3oUrd0e2b
059NAtgS3Clq5laYr1p4iDNAc4kCHeQ+BPFuNFLONdPq+NgUEStrT5or/Jmcv+1F
BHYqlj3rS0OTx9G/6EsR45w+iPRPjCbABuHQC1xQSYkHOCiu2IpgYT9YDAIKcfmK
j5J9hNooWpujkDy/8ameDc7sF0OkB3D/oN33GSUVPwNihsS/kvy1ct9lOAHnMWI0
PNDhWy4GMNnj5k7l8vKeBGoKo7cCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBTxKoAO
qmQe0DS/BLTvHSSFW8h0DjAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTQ4NC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
qxIwDQYJKoZIhvcNAQELBQADggEBAAr7G5/EUClpCdtF6vMRiVvMTUueBLyZlTI0
MZGSmWSdIc2tIkXBYtKL6sXNOcA9k0v+7Sp1Kb0AYX9AqRIN7D6GaIL5vsAVHq/1
O3GLVG9uZ277mHLfmGdw24tC0MEqZjYGpLlOQ7CzHfeq3uSjmGPHayXEyC95IwUa
OvHjsLJW75UTGgNO7w9QdHhOuq00TmfLjHkMZGUgYI2jIt4dxHhw+ECKnxHbFQIu
KH0Lmzh2ld12+4RHzDOJkg7wUspnSJPhpsHxcxn5RxIALzzr3WO+yy/xIvQnQLeg
9J5jDBgq/hbzhtOL7URXw6jBm/mi4zU9WeyMwIqypwR4hP1khJ0=
-----END CERTIFICATE-----