Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145805.roa
File:                     AS145805.roa (raw, json)
Hash identifier:          B6kCAI4VYpzG5BGcUm7i1xYCPyV490mw/aFAFwW2+Po=
Subject key identifier:   33:FB:91:B9:4D:88:29:9A:75:53:EF:09:45:55:97:A3:FD:73:E5:2A
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       0A617448A288AF743083AE6D58294B921E207D9E
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145805.roa
Signing time:             Wed 04 Mar 2026 06:29:48 +0000
ROA not before:           Wed 04 Mar 2026 06:24:48 +0000
ROA not after:            Wed 03 Mar 2027 06:29:48 +0000
asID:                     145805
IP address blocks:        240a:ac53::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:61:74:48:a2:88:af:74:30:83:ae:6d:58:29:4b:92:1e:20:7d:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:24:48 2026 GMT
            Not After : Mar  3 06:29:48 2027 GMT
        Subject: CN=33FB91B94D88299A7553EF09455597A3FD73E52A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:76:99:98:34:59:e3:a5:8a:6a:7c:25:b7:b4:
                    f1:39:e4:67:14:62:21:73:64:05:d9:57:91:42:f2:
                    3e:08:a0:31:b1:6e:c7:bd:54:29:ab:63:1e:5e:12:
                    4c:69:7d:d3:e9:21:e8:5f:f3:74:dd:a4:00:94:bd:
                    7d:5a:d7:0d:25:37:bd:af:e7:f6:6e:09:d1:e7:89:
                    ee:c2:f4:34:88:dc:37:ed:9e:12:fd:41:e4:8b:e5:
                    b7:35:a6:a5:d5:86:a1:33:4c:14:67:44:63:c5:ba:
                    fb:be:08:c2:bf:5b:3c:8d:da:6b:47:ec:19:25:ce:
                    1d:59:ed:f7:7d:15:e5:60:82:a0:65:a8:05:f0:c8:
                    75:a5:e2:5c:2d:20:fd:09:9b:b6:70:60:b1:fc:c2:
                    ef:6e:ca:db:88:87:61:2a:b7:c9:9b:a7:ef:c9:de:
                    d3:2d:ee:8f:37:aa:3e:4f:d3:a9:00:0b:d6:10:35:
                    b6:53:89:b2:a3:c8:be:ff:35:fb:33:55:33:d6:83:
                    31:ed:fe:66:e5:7a:24:7c:99:40:e6:45:9e:03:30:
                    19:8e:80:88:e6:5b:bb:68:e6:55:4f:87:11:af:2a:
                    28:da:fb:30:68:c1:b8:01:b6:7e:4b:b3:d6:c5:5b:
                    85:91:72:ec:46:02:68:9e:07:74:99:1e:0d:27:20:
                    c5:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:FB:91:B9:4D:88:29:9A:75:53:EF:09:45:55:97:A3:FD:73:E5:2A
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145805.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:ac53::/32

    Signature Algorithm: sha256WithRSAEncryption
         41:6d:dc:6f:af:de:73:6c:ea:06:d8:d8:0a:aa:11:e1:a8:a7:
         a2:c1:1b:e3:05:e6:c7:df:1d:d3:72:65:3a:bd:15:e8:99:3d:
         f3:2a:9a:bf:78:ac:aa:dc:f0:0c:af:81:d0:79:18:16:2c:ba:
         2b:39:7b:c0:a1:09:0f:d0:c7:c1:a2:82:eb:2b:19:00:57:76:
         50:92:0d:a1:72:a4:8f:a7:e0:76:f1:3e:48:f9:e7:e1:c6:66:
         70:b5:cb:79:78:33:ae:a2:2f:f8:1f:15:e0:fa:cf:f4:55:92:
         10:a5:c4:94:f6:17:90:95:f3:f6:78:5b:7f:3c:74:d3:ce:22:
         e2:08:1e:de:e2:13:b8:a6:cc:68:83:ea:63:21:3e:f4:b8:d9:
         b2:d3:fd:8c:b5:14:89:3e:1f:df:44:47:4c:b6:98:20:bc:7a:
         50:ae:b9:0b:a3:82:99:db:a0:29:a7:a3:8e:ed:e4:40:6e:86:
         b6:e8:23:6f:23:4f:82:19:07:c9:8a:b7:42:d9:e0:2f:3d:2d:
         a3:c1:d8:9a:95:ee:ad:52:f7:89:33:2b:01:da:7f:f8:05:2a:
         19:67:12:12:86:9f:bf:6c:e9:54:a0:db:35:b0:c5:f2:c8:8e:
         f1:49:3e:cf:ee:6a:e6:53:e1:38:dc:2f:75:fd:eb:bd:7c:6b:
         c7:73:36:e4
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUCmF0SKKIr3Qwg65tWClLkh4gfZ4wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MjQ0OFoX
DTI3MDMwMzA2Mjk0OFowMzExMC8GA1UEAxMoMzNGQjkxQjk0RDg4Mjk5QTc1NTNF
RjA5NDU1NTk3QTNGRDczRTUyQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL92mZg0WeOlimp8Jbe08TnkZxRiIXNkBdlXkULyPgigMbFux71UKatjHl4S
TGl90+kh6F/zdN2kAJS9fVrXDSU3va/n9m4J0eeJ7sL0NIjcN+2eEv1B5IvltzWm
pdWGoTNMFGdEY8W6+74Iwr9bPI3aa0fsGSXOHVnt930V5WCCoGWoBfDIdaXiXC0g
/QmbtnBgsfzC727K24iHYSq3yZun78ne0y3ujzeqPk/TqQAL1hA1tlOJsqPIvv81
+zNVM9aDMe3+ZuV6JHyZQOZFngMwGY6AiOZbu2jmVU+HEa8qKNr7MGjBuAG2fkuz
1sVbhZFy7EYCaJ4HdJkeDScgxUcCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQz+5G5
TYgpmnVT7wlFVZej/XPlKjAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTgwNS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
rFMwDQYJKoZIhvcNAQELBQADggEBAEFt3G+v3nNs6gbY2AqqEeGop6LBG+MF5sff
HdNyZTq9FeiZPfMqmr94rKrc8AyvgdB5GBYsuis5e8ChCQ/Qx8GigusrGQBXdlCS
DaFypI+n4HbxPkj55+HGZnC1y3l4M66iL/gfFeD6z/RVkhClxJT2F5CV8/Z4W388
dNPOIuIIHt7iE7imzGiD6mMhPvS42bLT/Yy1FIk+H99ER0y2mCC8elCuuQujgpnb
oCmno47t5EBuhrboI28jT4IZB8mKt0LZ4C89LaPB2JqV7q1S94kzKwHaf/gFKhln
EhKGn79s6VSg2zWwxfLIjvFJPs/uauZT4TjcL3X96718a8dzNuQ=
-----END CERTIFICATE-----