Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145502.roa
File:                     AS145502.roa (raw, json)
Hash identifier:          VIpa/tBZ8uyIF4/qOhlQWhOyQZPYoGSJOqux5XEzzHQ=
Subject key identifier:   12:B7:42:CF:C3:84:68:9F:E3:34:8A:89:F6:1A:5B:2F:23:0D:C3:E2
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       198690A8E8111D46223ADC1074EB2F5ACDEC2165
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145502.roa
Signing time:             Wed 04 Mar 2026 06:19:55 +0000
ROA not before:           Wed 04 Mar 2026 06:14:55 +0000
ROA not after:            Wed 03 Mar 2027 06:19:55 +0000
asID:                     145502
IP address blocks:        240a:ab24::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            19:86:90:a8:e8:11:1d:46:22:3a:dc:10:74:eb:2f:5a:cd:ec:21:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:14:55 2026 GMT
            Not After : Mar  3 06:19:55 2027 GMT
        Subject: CN=12B742CFC384689FE3348A89F61A5B2F230DC3E2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:cd:90:c7:f1:b2:90:21:66:99:5e:af:44:16:
                    ec:30:ce:45:31:87:70:87:67:28:c7:1f:66:d3:8a:
                    b8:54:9b:c2:8f:24:26:50:61:86:2d:1b:dd:de:b1:
                    7c:91:40:e8:97:d7:4b:fd:e2:00:6f:af:ff:2c:19:
                    06:15:a6:fc:e6:90:bc:10:d7:19:f3:e1:3f:e8:3d:
                    a8:13:b5:4e:e8:08:30:55:46:a2:5d:9a:0f:8d:d2:
                    26:a3:64:8a:4e:e0:a5:43:b4:04:4f:d0:c1:fd:66:
                    42:49:b6:e7:46:f1:45:5e:ad:e2:d9:e8:25:49:40:
                    ad:ec:20:c6:76:9d:c0:8a:85:c0:c8:1a:39:cc:4b:
                    ab:af:69:99:c8:6b:30:ea:d1:fc:f8:12:83:16:8b:
                    dc:39:cc:48:8a:e9:3b:3b:c5:f7:7e:c0:e3:f3:2b:
                    2a:29:d2:bf:d4:db:f2:18:0c:5a:0c:ae:53:81:5d:
                    a1:82:28:39:74:e7:88:34:ec:63:6b:17:63:7f:8f:
                    74:91:a0:0e:08:7c:9e:47:58:8c:7a:a3:ac:ad:14:
                    c1:ed:0a:45:97:10:16:0d:54:40:f3:2b:8e:3c:d0:
                    05:a2:c0:a5:e0:53:2e:82:da:19:26:aa:f3:9f:dd:
                    e8:d2:59:b0:e0:08:47:2c:5b:3d:d9:6f:ba:1c:07:
                    61:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:B7:42:CF:C3:84:68:9F:E3:34:8A:89:F6:1A:5B:2F:23:0D:C3:E2
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145502.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:ab24::/32

    Signature Algorithm: sha256WithRSAEncryption
         31:26:a7:36:a7:62:03:83:9c:ec:62:d9:67:2a:5e:31:1a:cc:
         82:fa:f4:45:89:18:69:97:ea:c6:73:2b:c0:7b:e0:5c:55:e4:
         ab:f6:d2:a8:cd:99:a7:ea:c5:43:a1:a5:d7:38:fe:ef:06:f9:
         87:2d:7c:53:01:93:d5:6a:82:48:20:32:4d:a2:5d:3f:c1:6c:
         86:9a:f0:da:54:fe:b1:d0:e1:32:e0:39:b9:c4:d5:78:c2:a9:
         fb:3e:4d:86:fa:49:47:cf:f6:8d:cd:7d:83:43:68:96:c8:10:
         89:2a:ef:cc:c9:b3:41:1c:13:96:f1:22:22:60:2a:77:d0:7f:
         ae:29:70:20:1b:ad:bd:0a:e1:b6:48:6b:ec:a3:cd:07:02:66:
         a8:55:f7:e9:34:c7:e5:84:55:6f:70:57:c1:7b:54:17:ff:be:
         0d:49:5e:f8:ed:de:f2:05:91:78:fb:ae:60:32:87:7f:c0:27:
         73:57:0c:7f:0d:12:3d:ab:32:31:6d:28:fc:60:b4:df:2c:1b:
         6c:fa:1e:e2:d3:aa:f6:7e:c0:cb:39:73:e4:88:67:6f:12:a7:
         9d:e2:fd:79:93:88:1f:88:ba:b9:05:f8:d0:c1:95:09:6b:3a:
         29:64:ac:d6:b3:4e:62:2d:b3:d9:65:8e:a6:39:66:69:b4:92:
         b1:33:6b:d9
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUGYaQqOgRHUYiOtwQdOsvWs3sIWUwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTQ1NVoX
DTI3MDMwMzA2MTk1NVowMzExMC8GA1UEAxMoMTJCNzQyQ0ZDMzg0Njg5RkUzMzQ4
QTg5RjYxQTVCMkYyMzBEQzNFMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANnNkMfxspAhZpler0QW7DDORTGHcIdnKMcfZtOKuFSbwo8kJlBhhi0b3d6x
fJFA6JfXS/3iAG+v/ywZBhWm/OaQvBDXGfPhP+g9qBO1TugIMFVGol2aD43SJqNk
ik7gpUO0BE/Qwf1mQkm250bxRV6t4tnoJUlArewgxnadwIqFwMgaOcxLq69pmchr
MOrR/PgSgxaL3DnMSIrpOzvF937A4/MrKinSv9Tb8hgMWgyuU4FdoYIoOXTniDTs
Y2sXY3+PdJGgDgh8nkdYjHqjrK0Uwe0KRZcQFg1UQPMrjjzQBaLApeBTLoLaGSaq
85/d6NJZsOAIRyxbPdlvuhwHYXECAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQSt0LP
w4Ron+M0ion2GlsvIw3D4jAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTUwMi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
qyQwDQYJKoZIhvcNAQELBQADggEBADEmpzanYgODnOxi2WcqXjEazIL69EWJGGmX
6sZzK8B74FxV5Kv20qjNmafqxUOhpdc4/u8G+YctfFMBk9VqgkggMk2iXT/BbIaa
8NpU/rHQ4TLgObnE1XjCqfs+TYb6SUfP9o3NfYNDaJbIEIkq78zJs0EcE5bxIiJg
KnfQf64pcCAbrb0K4bZIa+yjzQcCZqhV9+k0x+WEVW9wV8F7VBf/vg1JXvjt3vIF
kXj7rmAyh3/AJ3NXDH8NEj2rMjFtKPxgtN8sG2z6HuLTqvZ+wMs5c+SIZ28Sp53i
/XmTiB+IurkF+NDBlQlrOilkrNazTmIts9lljqY5Zmm0krEza9k=
-----END CERTIFICATE-----