Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145529.roa
File:                     AS145529.roa (raw, json)
Hash identifier:          uXQ4Bx8z4fj/omOoLcNI3aHdrBxDaPYb92RwlBet0FA=
Subject key identifier:   C4:5B:D2:13:06:B0:3D:28:69:C6:66:63:82:5D:E8:2F:63:0B:F4:D0
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       357CD9D7A46A74D8143262610CF0678FEAA995
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145529.roa
Signing time:             Wed 04 Mar 2026 06:30:53 +0000
ROA not before:           Wed 04 Mar 2026 06:25:53 +0000
ROA not after:            Wed 03 Mar 2027 06:30:53 +0000
asID:                     145529
IP address blocks:        240a:ab3f::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:7c:d9:d7:a4:6a:74:d8:14:32:62:61:0c:f0:67:8f:ea:a9:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:25:53 2026 GMT
            Not After : Mar  3 06:30:53 2027 GMT
        Subject: CN=C45BD21306B03D2869C66663825DE82F630BF4D0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:40:55:f8:04:1c:9e:e5:01:8f:81:65:cb:9c:
                    9e:3b:d6:ce:af:5c:ee:05:53:ee:6a:d1:38:61:58:
                    2a:e7:85:c6:0f:de:93:dd:ec:0f:2b:8e:2b:2f:68:
                    7c:07:f3:30:fd:64:6b:d6:1c:8a:3e:8f:e3:cf:ec:
                    db:77:e6:32:b1:ef:10:93:dd:9f:f7:56:c5:81:eb:
                    1a:f3:43:74:2a:75:b4:dd:07:2c:82:80:8f:1d:41:
                    d5:47:1e:19:20:5d:a5:e3:3c:6f:dd:2d:b7:5a:f3:
                    2d:5b:b4:e2:4f:68:23:e9:c4:9f:a9:b0:ed:62:cb:
                    69:a0:f3:f6:4a:2b:3c:55:d5:9b:93:8d:de:02:06:
                    13:5b:63:55:c8:a7:c0:df:46:1b:a9:d7:90:a5:05:
                    34:c6:62:5c:3e:0a:13:e4:2f:1f:b3:63:3e:0c:1a:
                    11:75:c0:2a:af:bf:5f:d5:2a:db:39:a9:45:ae:09:
                    7e:e8:46:fc:fa:4b:91:af:c3:9f:ba:22:22:99:e5:
                    ba:71:b0:cd:bf:84:4d:b1:66:30:07:3c:cc:f4:5f:
                    8e:57:bd:a1:3b:94:f1:fc:14:9d:6c:73:24:f3:65:
                    0d:60:cb:3f:b9:b5:4a:a6:07:d7:3b:5d:ec:bb:8e:
                    61:07:8a:d8:08:3c:b6:b9:88:94:b7:b5:47:2c:7d:
                    00:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:5B:D2:13:06:B0:3D:28:69:C6:66:63:82:5D:E8:2F:63:0B:F4:D0
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145529.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:ab3f::/32

    Signature Algorithm: sha256WithRSAEncryption
         35:6b:2b:e2:db:0b:d7:1d:f5:b1:65:0b:d8:6d:f3:a7:30:8c:
         cf:ce:56:c6:bd:1e:9d:4d:63:80:71:e8:ab:74:69:7e:17:94:
         ea:9c:ef:54:92:c0:4f:f0:70:f4:7c:3d:b2:e7:20:ad:61:9e:
         18:24:2e:5d:94:9d:ad:0d:10:35:a0:5c:a1:8e:82:3c:44:2f:
         8a:34:18:43:f4:c6:c4:01:5f:46:a7:39:e7:ca:50:ed:4a:fb:
         47:ed:7c:42:7a:9f:22:95:5e:03:e6:ac:63:8f:98:3b:92:c4:
         02:f6:25:f6:08:ee:ac:52:73:04:0c:41:63:fb:5f:00:93:5a:
         3d:7f:6b:98:13:19:f8:7d:20:16:20:92:1d:72:00:b5:b1:b8:
         40:ec:3b:b1:c0:c4:a4:6f:6d:8f:0e:89:51:53:c3:7b:68:34:
         57:6b:f6:d9:f7:7f:9a:a6:fd:95:54:5b:1b:04:ec:61:65:86:
         3c:38:9c:cd:17:f9:3d:32:a0:b6:28:10:e3:2e:54:45:2b:08:
         f0:55:cf:68:f9:b9:d0:de:a1:90:98:a5:5c:4d:d7:86:28:73:
         e7:ee:da:cf:60:b1:55:e9:3a:e2:4a:ea:76:50:35:5e:5c:b5:
         ff:74:5a:a7:70:45:98:e8:a0:1e:84:b5:31:fa:a9:d0:ba:82:
         1d:90:ca:e7
-----BEGIN CERTIFICATE-----
MIIE0TCCA7mgAwIBAgITNXzZ16RqdNgUMmJhDPBnj+qplTANBgkqhkiG9w0BAQsF
ADBKMRUwEwYDVQQDDAxBOTFFNUQ2MTAwMDExMTAvBgNVBAUTKDA1RkM5QzVCODg1
MDZGN0MwRDNGODYyQzg4OTVCRUQ2N0U5RjhFQkEwHhcNMjYwMzA0MDYyNTUzWhcN
MjcwMzAzMDYzMDUzWjAzMTEwLwYDVQQDEyhDNDVCRDIxMzA2QjAzRDI4NjlDNjY2
NjM4MjVERTgyRjYzMEJGNEQwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA3UBV+AQcnuUBj4Fly5yeO9bOr1zuBVPuatE4YVgq54XGD96T3ewPK44rL2h8
B/Mw/WRr1hyKPo/jz+zbd+Yyse8Qk92f91bFgesa80N0KnW03QcsgoCPHUHVRx4Z
IF2l4zxv3S23WvMtW7TiT2gj6cSfqbDtYstpoPP2Sis8VdWbk43eAgYTW2NVyKfA
30YbqdeQpQU0xmJcPgoT5C8fs2M+DBoRdcAqr79f1SrbOalFrgl+6Eb8+kuRr8Of
uiIimeW6cbDNv4RNsWYwBzzM9F+OV72hO5Tx/BSdbHMk82UNYMs/ubVKpgfXO13s
u45hB4rYCDy2uYiUt7VHLH0AHwIDAQABo4IBxTCCAcEwHQYDVR0OBBYEFMRb0hMG
sD0oacZmY4Jd6C9jC/TQMB8GA1UdIwQYMBaAFAX8nFuIUG98DT+GLIiVvtZ+n466
MA4GA1UdDwEB/wQEAwIHgDBjBgNVHR8EXDBaMFigVqBUhlJyc3luYzovL3Jwa2ku
Y2VybmV0Lm5ldC9yZXBvL2Nlcm5ldC8wLzA1RkM5QzVCODg1MDZGN0MwRDNGODYy
Qzg4OTVCRUQ2N0U5RjhFQkEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcw
AoZicnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2
NjExRTJCQjQ2OEY3QzcyRkQxRkYyL0JmeWNXNGhRYjN3TlA0WXNpSlctMW42Zmpy
by5jZXIwTgYIKwYBBQUHAQsEQjBAMD4GCCsGAQUFBzALhjJyc3luYzovL3Jwa2ku
Y2VybmV0Lm5ldC9yZXBvL2Nlcm5ldC8wL0FTMTQ1NTI5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAJAqr
PzANBgkqhkiG9w0BAQsFAAOCAQEANWsr4tsL1x31sWUL2G3zpzCMz85Wxr0enU1j
gHHoq3RpfheU6pzvVJLAT/Bw9Hw9sucgrWGeGCQuXZSdrQ0QNaBcoY6CPEQvijQY
Q/TGxAFfRqc558pQ7Ur7R+18QnqfIpVeA+asY4+YO5LEAvYl9gjurFJzBAxBY/tf
AJNaPX9rmBMZ+H0gFiCSHXIAtbG4QOw7scDEpG9tjw6JUVPDe2g0V2v22fd/mqb9
lVRbGwTsYWWGPDiczRf5PTKgtigQ4y5URSsI8FXPaPm50N6hkJilXE3Xhihz5+7a
z2CxVek64krqdlA1Xly1/3Rap3BFmOigHoS1Mfqp0LqCHZDK5w==
-----END CERTIFICATE-----