Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145521.roa
File:                     AS145521.roa (raw, json)
Hash identifier:          BJGapKHGGVGZNDhs8q1fFgirbd5prQG0aLYUEUsXtxs=
Subject key identifier:   EA:01:40:E9:DC:84:73:E5:B4:45:74:97:F2:17:30:EC:BE:92:43:D1
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       7BEECFF493AF3A4798BF213C35B89EDF8FC19101
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145521.roa
Signing time:             Wed 04 Mar 2026 06:31:01 +0000
ROA not before:           Wed 04 Mar 2026 06:26:01 +0000
ROA not after:            Wed 03 Mar 2027 06:31:01 +0000
asID:                     145521
IP address blocks:        240a:ab37::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7b:ee:cf:f4:93:af:3a:47:98:bf:21:3c:35:b8:9e:df:8f:c1:91:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:26:01 2026 GMT
            Not After : Mar  3 06:31:01 2027 GMT
        Subject: CN=EA0140E9DC8473E5B4457497F21730ECBE9243D1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:74:61:05:12:98:7d:5e:50:07:ac:04:6f:80:
                    27:57:61:3c:83:c5:73:f1:19:dc:b6:c6:83:f0:61:
                    32:13:c7:4b:23:72:93:dd:4b:13:46:bc:30:d1:22:
                    48:ae:e3:e8:7a:52:a2:dd:32:6e:dc:92:b8:6e:3a:
                    ee:c4:bd:9c:36:9b:7d:f9:ba:f9:6a:11:62:0f:bc:
                    5a:07:bc:dd:dd:63:5a:b0:df:80:27:88:5e:e6:ab:
                    8c:38:38:15:85:cd:01:9e:25:d6:18:c7:33:53:d8:
                    aa:c1:68:c7:57:41:e0:52:ab:10:03:9c:1b:97:de:
                    61:f7:70:9b:a0:80:70:4a:6d:77:dc:20:29:4a:d2:
                    53:ec:e9:d1:14:5d:74:50:88:b4:f9:fa:8d:7b:f4:
                    55:fc:a7:b0:ca:97:f0:bb:41:1a:fb:ab:91:e8:d3:
                    e9:5e:88:be:b9:ff:ca:57:90:f5:00:b8:21:3b:75:
                    d6:a5:88:96:f8:f6:a4:93:c3:86:18:8f:a2:6c:20:
                    de:4a:33:cc:fe:41:02:9e:a5:d3:62:7a:8d:08:76:
                    cf:0c:a8:96:d5:f5:bb:12:ca:2a:b9:13:c5:a9:a2:
                    2d:c8:1a:a7:c0:33:a5:fb:1f:6e:8d:7a:ce:4b:d9:
                    17:e0:8e:08:1d:9f:93:13:f7:66:55:18:67:20:cb:
                    43:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:01:40:E9:DC:84:73:E5:B4:45:74:97:F2:17:30:EC:BE:92:43:D1
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145521.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:ab37::/32

    Signature Algorithm: sha256WithRSAEncryption
         76:30:c1:dd:c8:98:83:d1:16:79:e8:7f:66:a4:eb:e8:35:7b:
         18:99:b3:7f:d9:52:7d:4e:b0:6c:ec:39:e2:90:5b:a9:94:48:
         56:c3:56:04:20:50:d8:37:a5:37:10:31:d9:e8:be:c4:9c:2c:
         b3:a5:3f:05:b1:07:be:07:5b:72:ab:72:73:a8:cb:67:df:a1:
         05:f6:4a:56:56:b5:e6:e2:fa:65:fb:0c:e7:76:1f:c8:87:e4:
         b2:34:93:a4:6e:e8:61:54:c7:28:e3:77:a1:33:d6:65:91:47:
         c4:be:c0:7e:4a:4c:29:43:ca:02:aa:7c:ae:84:74:57:db:8d:
         85:ae:63:fb:25:6c:54:b0:4a:5d:54:2c:13:d6:cd:b4:a7:eb:
         9b:d1:1d:26:8d:d5:47:9e:be:06:a5:88:da:c5:0c:88:5d:4c:
         e8:13:73:f2:c7:ef:c8:a5:1a:1b:3e:42:7e:0b:68:21:79:de:
         20:d4:f0:8b:e6:a7:14:72:ab:bd:f3:9c:10:13:c2:cd:28:66:
         44:7a:44:22:1d:49:78:cc:d4:bb:50:59:5c:7a:ae:b7:92:80:
         95:24:07:b8:0a:85:45:d6:03:d4:9c:2f:d2:ea:3f:1e:37:5d:
         bd:56:75:31:88:dd:20:1d:1f:e4:45:c4:ac:ef:87:33:21:93:
         62:48:50:a4
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUe+7P9JOvOkeYvyE8Nbie34/BkQEwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MjYwMVoX
DTI3MDMwMzA2MzEwMVowMzExMC8GA1UEAxMoRUEwMTQwRTlEQzg0NzNFNUI0NDU3
NDk3RjIxNzMwRUNCRTkyNDNEMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAN50YQUSmH1eUAesBG+AJ1dhPIPFc/EZ3LbGg/BhMhPHSyNyk91LE0a8MNEi
SK7j6HpSot0ybtySuG467sS9nDabffm6+WoRYg+8Wge83d1jWrDfgCeIXuarjDg4
FYXNAZ4l1hjHM1PYqsFox1dB4FKrEAOcG5feYfdwm6CAcEptd9wgKUrSU+zp0RRd
dFCItPn6jXv0VfynsMqX8LtBGvurkejT6V6Ivrn/yleQ9QC4ITt11qWIlvj2pJPD
hhiPomwg3kozzP5BAp6l02J6jQh2zwyoltX1uxLKKrkTxamiLcgap8Azpfsfbo16
zkvZF+COCB2fkxP3ZlUYZyDLQ7cCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBTqAUDp
3IRz5bRFdJfyFzDsvpJD0TAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTUyMS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
qzcwDQYJKoZIhvcNAQELBQADggEBAHYwwd3ImIPRFnnof2ak6+g1exiZs3/ZUn1O
sGzsOeKQW6mUSFbDVgQgUNg3pTcQMdnovsScLLOlPwWxB74HW3KrcnOoy2ffoQX2
SlZWtebi+mX7DOd2H8iH5LI0k6Ru6GFUxyjjd6Ez1mWRR8S+wH5KTClDygKqfK6E
dFfbjYWuY/slbFSwSl1ULBPWzbSn65vRHSaN1UeevgaliNrFDIhdTOgTc/LH78il
Ghs+Qn4LaCF53iDU8IvmpxRyq73znBATws0oZkR6RCIdSXjM1LtQWVx6rreSgJUk
B7gKhUXWA9ScL9LqPx43Xb1WdTGI3SAdH+RFxKzvhzMhk2JIUKQ=
-----END CERTIFICATE-----