Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145551.roa
File:                     AS145551.roa (raw, json)
Hash identifier:          VezyXaq001jOxwMao56CcFFoPse4T0GzggqTLzuL9fY=
Subject key identifier:   33:5E:B0:99:E3:77:E8:01:88:8F:8A:07:FB:D6:6D:8B:A1:EB:CC:60
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       5FA1B842B0FAF2EA2DC8277290A454FCD55D9C3F
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145551.roa
Signing time:             Wed 04 Mar 2026 06:29:50 +0000
ROA not before:           Wed 04 Mar 2026 06:24:50 +0000
ROA not after:            Wed 03 Mar 2027 06:29:50 +0000
asID:                     145551
IP address blocks:        240a:ab55::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5f:a1:b8:42:b0:fa:f2:ea:2d:c8:27:72:90:a4:54:fc:d5:5d:9c:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:24:50 2026 GMT
            Not After : Mar  3 06:29:50 2027 GMT
        Subject: CN=335EB099E377E801888F8A07FBD66D8BA1EBCC60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:2a:b0:28:32:19:d5:88:c8:8c:10:ea:29:e9:
                    c5:8e:34:a9:32:40:4e:e4:f8:85:86:1b:e8:5c:43:
                    7f:52:37:a6:50:25:f7:f5:27:f6:4a:4d:17:56:e5:
                    f0:06:20:89:e3:cc:ec:09:5f:65:41:37:0d:ab:3b:
                    f0:24:f2:3b:f0:e1:85:34:b1:b5:d6:2c:cc:dd:e2:
                    56:8f:34:e1:e4:9f:00:a0:95:d8:06:26:07:c9:d4:
                    da:d2:45:98:06:5b:4a:b5:84:53:20:86:7b:cf:b3:
                    cb:d6:12:76:90:7c:a3:56:f8:df:e7:3d:2f:17:9b:
                    d4:ec:00:8a:01:8a:e6:65:ee:b4:a6:c3:a9:24:74:
                    16:81:ab:c8:81:b7:df:23:46:d7:45:c0:d5:1e:48:
                    80:1b:1f:27:4b:a6:47:3b:26:5b:43:86:b9:c3:d7:
                    ff:2f:38:f7:b1:de:03:3e:34:f7:2a:ee:20:d2:e7:
                    28:f0:e4:e5:ed:c9:dd:66:28:b4:be:fa:a1:bf:00:
                    6b:0e:ef:88:dd:c8:dd:f5:3f:0c:68:85:ea:a5:f1:
                    9c:02:71:10:46:3d:27:53:8f:b7:f3:6e:ef:09:7c:
                    ba:84:c3:67:97:59:ca:22:88:48:fe:2f:9b:ac:da:
                    ca:65:28:e1:b5:2e:7f:45:f8:a7:12:af:ed:26:29:
                    fa:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:5E:B0:99:E3:77:E8:01:88:8F:8A:07:FB:D6:6D:8B:A1:EB:CC:60
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145551.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:ab55::/32

    Signature Algorithm: sha256WithRSAEncryption
         96:d3:5d:94:9b:15:ba:9d:60:08:3f:f8:54:f6:d1:94:df:cb:
         57:cf:f4:01:c3:86:ac:bb:f6:c4:40:94:12:a9:1a:90:6f:69:
         3d:20:a7:46:34:f8:0e:07:3e:bb:30:35:11:59:59:c1:24:ca:
         5b:3c:b1:96:56:2a:99:1c:60:a5:32:78:56:a8:11:55:43:18:
         e1:14:09:58:b3:fe:de:5f:8e:1b:a1:fa:dd:63:3d:be:a4:d8:
         82:08:50:6c:8b:c4:1b:65:d6:db:54:3c:39:62:6b:81:65:21:
         af:54:f5:3d:3b:ef:5b:34:e7:35:36:10:0b:4c:da:9e:4c:7d:
         46:ef:96:b6:34:42:eb:f0:4e:42:37:b2:60:f4:ab:43:74:96:
         26:4a:0a:ec:03:d2:b7:28:31:f3:ed:bb:f2:2b:35:fa:b9:c3:
         6a:47:1a:32:1f:20:9f:b0:29:13:01:b5:59:11:d1:26:25:a8:
         f7:63:56:f9:6b:76:9b:78:56:da:36:b7:81:c2:ea:8d:4c:ae:
         34:a1:48:a5:f5:ad:f1:95:43:0e:c7:4d:31:24:36:d9:f2:29:
         ea:45:e2:83:fa:f1:b6:69:10:b1:07:3c:fd:e0:64:8c:6e:c9:
         62:8f:d7:7d:94:4f:4b:d4:0f:71:c7:6b:b3:29:59:7f:96:36:
         06:3a:22:e4
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUX6G4QrD68uotyCdykKRU/NVdnD8wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MjQ1MFoX
DTI3MDMwMzA2Mjk1MFowMzExMC8GA1UEAxMoMzM1RUIwOTlFMzc3RTgwMTg4OEY4
QTA3RkJENjZEOEJBMUVCQ0M2MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMoqsCgyGdWIyIwQ6inpxY40qTJATuT4hYYb6FxDf1I3plAl9/Un9kpNF1bl
8AYgiePM7AlfZUE3Das78CTyO/DhhTSxtdYszN3iVo804eSfAKCV2AYmB8nU2tJF
mAZbSrWEUyCGe8+zy9YSdpB8o1b43+c9Lxeb1OwAigGK5mXutKbDqSR0FoGryIG3
3yNG10XA1R5IgBsfJ0umRzsmW0OGucPX/y8497HeAz409yruINLnKPDk5e3J3WYo
tL76ob8Aaw7viN3I3fU/DGiF6qXxnAJxEEY9J1OPt/Nu7wl8uoTDZ5dZyiKISP4v
m6zaymUo4bUuf0X4pxKv7SYp+hECAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQzXrCZ
43foAYiPigf71m2LoevMYDAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTU1MS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
q1UwDQYJKoZIhvcNAQELBQADggEBAJbTXZSbFbqdYAg/+FT20ZTfy1fP9AHDhqy7
9sRAlBKpGpBvaT0gp0Y0+A4HPrswNRFZWcEkyls8sZZWKpkcYKUyeFaoEVVDGOEU
CViz/t5fjhuh+t1jPb6k2IIIUGyLxBtl1ttUPDlia4FlIa9U9T0771s05zU2EAtM
2p5MfUbvlrY0QuvwTkI3smD0q0N0liZKCuwD0rcoMfPtu/IrNfq5w2pHGjIfIJ+w
KRMBtVkR0SYlqPdjVvlrdpt4Vto2t4HC6o1MrjShSKX1rfGVQw7HTTEkNtnyKepF
4oP68bZpELEHPP3gZIxuyWKP132UT0vUD3HHa7MpWX+WNgY6IuQ=
-----END CERTIFICATE-----