Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145743.roa
File:                     AS145743.roa (raw, json)
Hash identifier:          ZG9YhcjmCRk6rB3mjKzSYnxPaPLwQ9yihUXF4ZoW+cc=
Subject key identifier:   80:34:C7:56:3C:B7:0C:40:B6:EE:26:41:96:22:68:75:18:FA:AF:9B
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       36B4B8AF45FCB7F3225B9C6B39CADF768F36F6C2
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145743.roa
Signing time:             Wed 04 Mar 2026 06:29:50 +0000
ROA not before:           Wed 04 Mar 2026 06:24:50 +0000
ROA not after:            Wed 03 Mar 2027 06:29:50 +0000
asID:                     145743
IP address blocks:        240a:ac15::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            36:b4:b8:af:45:fc:b7:f3:22:5b:9c:6b:39:ca:df:76:8f:36:f6:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:24:50 2026 GMT
            Not After : Mar  3 06:29:50 2027 GMT
        Subject: CN=8034C7563CB70C40B6EE26419622687518FAAF9B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:6c:34:cd:35:9b:79:ba:e9:f6:d2:2e:52:2a:
                    54:7a:e1:4c:fd:e9:ce:73:4f:4a:dc:a1:97:17:16:
                    0b:19:d7:06:d0:c3:59:4a:98:44:1a:7f:bf:48:0e:
                    ec:6f:e4:2e:04:cb:62:89:65:72:55:78:cb:97:de:
                    18:2d:5d:db:ad:44:30:b3:61:4d:39:b4:bc:d8:c7:
                    02:d3:53:ef:b0:30:96:0e:1c:de:1f:67:02:50:46:
                    12:88:5a:d7:b2:83:ac:12:ed:0a:a0:11:15:9b:f8:
                    1c:11:74:68:5d:b1:37:3b:0b:0c:cd:35:31:12:bd:
                    19:3b:cb:5f:1b:fe:97:be:b6:48:ac:3d:89:60:6c:
                    e1:8a:d0:69:6c:55:29:b3:cb:8f:02:4f:be:c3:92:
                    91:8f:80:15:c4:40:aa:a8:ae:ac:57:1e:c7:f7:47:
                    a1:da:35:72:5e:92:04:92:79:a0:69:a6:2f:ab:25:
                    87:49:82:5e:ec:4e:07:5d:b4:d4:f6:63:a0:71:a7:
                    92:44:37:26:2e:99:a9:1a:f5:15:7b:b3:74:a6:64:
                    58:0f:66:a8:5d:4c:6b:67:0e:63:a5:6b:36:45:35:
                    0d:c2:87:86:2d:90:cf:88:85:c9:b0:1e:ef:b7:22:
                    5e:f6:3a:dc:2f:95:37:99:9b:77:18:3d:3b:b4:5b:
                    81:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:34:C7:56:3C:B7:0C:40:B6:EE:26:41:96:22:68:75:18:FA:AF:9B
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145743.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:ac15::/32

    Signature Algorithm: sha256WithRSAEncryption
         11:0f:e0:91:71:d6:72:a7:e3:3d:05:47:94:8e:4c:86:70:0c:
         1b:7b:0e:9a:d9:5d:6c:b1:1f:c1:f1:a5:ed:11:66:d6:68:d4:
         1e:e0:b0:b7:1d:7e:64:50:e8:ff:f8:46:b9:7e:8f:5a:a7:ba:
         1c:52:38:2b:01:dd:59:1b:53:ed:4a:63:35:6b:e0:16:29:1a:
         ee:f1:60:24:6e:97:6e:77:51:ec:c5:e0:72:27:0e:4f:6f:ac:
         e8:78:81:d7:a1:45:53:40:64:d7:c3:63:14:ca:8f:db:f3:30:
         40:41:9f:4d:49:f7:a3:be:a0:de:bd:d7:f4:05:e7:37:f0:53:
         a4:73:b9:c7:5f:65:be:74:56:bf:51:74:36:96:7f:54:28:2c:
         4d:cc:0a:7d:0a:b9:2b:2f:46:20:d8:db:d3:81:04:93:dc:f8:
         89:eb:a6:eb:d0:c0:14:cd:aa:03:f7:0a:34:f6:fe:29:13:26:
         77:66:21:07:2f:69:3a:ce:2f:01:27:c4:c1:5a:9a:24:81:11:
         6f:bf:67:10:89:43:bd:b9:55:be:15:06:d3:be:d2:41:45:8a:
         bc:8b:05:30:da:c0:af:b3:a9:9e:04:93:62:96:ee:96:e4:ef:
         42:c3:e1:56:14:fa:fd:b1:d5:b8:29:47:17:1a:34:b2:9e:e1:
         dd:1e:54:20
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUNrS4r0X8t/MiW5xrOcrfdo829sIwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MjQ1MFoX
DTI3MDMwMzA2Mjk1MFowMzExMC8GA1UEAxMoODAzNEM3NTYzQ0I3MEM0MEI2RUUy
NjQxOTYyMjY4NzUxOEZBQUY5QjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKVsNM01m3m66fbSLlIqVHrhTP3pznNPStyhlxcWCxnXBtDDWUqYRBp/v0gO
7G/kLgTLYollclV4y5feGC1d261EMLNhTTm0vNjHAtNT77Awlg4c3h9nAlBGEoha
17KDrBLtCqARFZv4HBF0aF2xNzsLDM01MRK9GTvLXxv+l762SKw9iWBs4YrQaWxV
KbPLjwJPvsOSkY+AFcRAqqiurFcex/dHodo1cl6SBJJ5oGmmL6slh0mCXuxOB120
1PZjoHGnkkQ3Ji6ZqRr1FXuzdKZkWA9mqF1Ma2cOY6VrNkU1DcKHhi2Qz4iFybAe
77ciXvY63C+VN5mbdxg9O7RbgTkCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBSANMdW
PLcMQLbuJkGWImh1GPqvmzAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTc0My5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
rBUwDQYJKoZIhvcNAQELBQADggEBABEP4JFx1nKn4z0FR5SOTIZwDBt7DprZXWyx
H8Hxpe0RZtZo1B7gsLcdfmRQ6P/4Rrl+j1qnuhxSOCsB3VkbU+1KYzVr4BYpGu7x
YCRul253UezF4HInDk9vrOh4gdehRVNAZNfDYxTKj9vzMEBBn01J96O+oN691/QF
5zfwU6RzucdfZb50Vr9RdDaWf1QoLE3MCn0KuSsvRiDY29OBBJPc+InrpuvQwBTN
qgP3CjT2/ikTJndmIQcvaTrOLwEnxMFamiSBEW+/ZxCJQ725Vb4VBtO+0kFFiryL
BTDawK+zqZ4Ek2KW7pbk70LD4VYU+v2x1bgpRxcaNLKe4d0eVCA=
-----END CERTIFICATE-----