Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145815.roa
File:                     AS145815.roa (raw, json)
Hash identifier:          i7kTDbG9eiRbTyHjJH6fxfKN08NA4EMB/n2JP9GQr7U=
Subject key identifier:   80:04:93:95:44:DE:A2:10:AB:B6:0F:06:58:8A:B8:1B:2E:74:75:F8
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       35D170159BBA9D24FAAADE944A10426C1782BA35
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145815.roa
Signing time:             Wed 04 Mar 2026 06:30:45 +0000
ROA not before:           Wed 04 Mar 2026 06:25:45 +0000
ROA not after:            Wed 03 Mar 2027 06:30:45 +0000
asID:                     145815
IP address blocks:        240a:ac5d::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:d1:70:15:9b:ba:9d:24:fa:aa:de:94:4a:10:42:6c:17:82:ba:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:25:45 2026 GMT
            Not After : Mar  3 06:30:45 2027 GMT
        Subject: CN=8004939544DEA210ABB60F06588AB81B2E7475F8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:84:83:cd:d2:af:38:9e:ad:21:d5:ec:02:b8:
                    f3:d1:ef:0d:b2:b8:a3:5a:38:dd:9b:c5:0f:80:62:
                    d8:a6:39:e1:4a:82:ea:c0:ac:59:8f:1a:a7:c6:ac:
                    83:84:28:72:9e:ad:41:9d:65:e6:c8:51:0e:02:b6:
                    64:b4:1e:30:e3:9d:60:11:e8:0d:b5:40:f5:1b:f1:
                    54:a9:eb:00:0e:69:41:95:54:e2:ea:12:81:a1:99:
                    87:09:a5:a2:ed:ab:b9:37:f1:18:a1:63:32:88:49:
                    63:99:b7:f4:12:b1:9c:fe:99:3f:b2:48:e1:f6:56:
                    ad:10:52:52:29:8f:57:20:4a:4f:ec:ea:c9:17:2c:
                    34:4d:5f:38:a2:7c:dd:4b:e2:50:f4:68:a4:dd:02:
                    40:ac:cd:ba:6a:8b:ba:58:a1:d9:78:3d:4e:df:c9:
                    c9:92:16:0d:53:99:79:41:29:07:3e:b9:a2:ec:2d:
                    8a:79:73:af:a1:1b:e1:bc:4f:8b:b1:90:89:de:13:
                    2f:ce:75:a3:6c:38:43:d7:d7:d5:60:15:c0:ee:07:
                    32:a6:4f:bb:94:7f:33:3d:b5:a7:65:2e:8f:e0:61:
                    af:4d:10:ab:fb:6d:75:cc:16:f5:0c:57:12:7f:6f:
                    d7:07:90:db:c1:8e:e5:79:44:9d:2c:b8:5b:c8:18:
                    54:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:04:93:95:44:DE:A2:10:AB:B6:0F:06:58:8A:B8:1B:2E:74:75:F8
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145815.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:ac5d::/32

    Signature Algorithm: sha256WithRSAEncryption
         61:2e:fd:ee:44:99:07:63:e3:53:ef:f7:50:e8:ff:43:ee:5d:
         ee:17:e4:8e:6d:57:d7:b6:02:04:dc:d3:00:62:47:b0:f4:a0:
         fa:c9:61:6f:ec:37:8f:2c:7f:7b:d4:fb:5f:d3:f0:5c:13:b1:
         4c:9f:27:0c:2e:7e:3e:ff:97:9c:4a:06:ac:fd:a7:e9:81:00:
         3d:37:f3:9a:32:d5:a1:ee:2c:d2:86:eb:db:99:bd:9e:c7:12:
         e0:b6:6f:4d:c7:0a:61:6a:98:c7:b4:80:eb:9b:65:13:80:76:
         28:de:7c:34:b8:38:1d:25:71:8a:e6:d0:51:d2:cf:0f:f1:d4:
         d1:96:e6:6c:7f:88:3d:18:b6:90:12:f7:de:a2:51:8d:8a:0f:
         57:46:a8:d0:12:29:cf:5b:5c:7f:cd:92:35:55:aa:ce:b2:9d:
         7c:55:27:d2:6c:dd:25:a2:68:eb:c4:c9:23:65:9c:53:f5:ce:
         4a:95:eb:c0:1f:7f:5f:d1:ed:29:29:c8:c2:26:d0:a5:7d:7e:
         4b:a5:1f:bd:8d:3a:65:ee:40:f3:39:86:56:e5:0e:7b:59:be:
         84:44:ab:ee:97:32:05:bf:ba:57:d2:9b:df:6f:4f:7a:3c:aa:
         fb:e8:3f:97:4c:eb:31:08:9f:05:23:a0:ab:7b:a4:95:f9:22:
         1c:42:5d:7a
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUNdFwFZu6nST6qt6UShBCbBeCujUwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MjU0NVoX
DTI3MDMwMzA2MzA0NVowMzExMC8GA1UEAxMoODAwNDkzOTU0NERFQTIxMEFCQjYw
RjA2NTg4QUI4MUIyRTc0NzVGODCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJqEg83SrzierSHV7AK489HvDbK4o1o43ZvFD4Bi2KY54UqC6sCsWY8ap8as
g4Qocp6tQZ1l5shRDgK2ZLQeMOOdYBHoDbVA9RvxVKnrAA5pQZVU4uoSgaGZhwml
ou2ruTfxGKFjMohJY5m39BKxnP6ZP7JI4fZWrRBSUimPVyBKT+zqyRcsNE1fOKJ8
3UviUPRopN0CQKzNumqLulih2Xg9Tt/JyZIWDVOZeUEpBz65ouwtinlzr6Eb4bxP
i7GQid4TL851o2w4Q9fX1WAVwO4HMqZPu5R/Mz21p2Uuj+Bhr00Qq/ttdcwW9QxX
En9v1weQ28GO5XlEnSy4W8gYVA0CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBSABJOV
RN6iEKu2DwZYirgbLnR1+DAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTgxNS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
rF0wDQYJKoZIhvcNAQELBQADggEBAGEu/e5EmQdj41Pv91Do/0PuXe4X5I5tV9e2
AgTc0wBiR7D0oPrJYW/sN48sf3vU+1/T8FwTsUyfJwwufj7/l5xKBqz9p+mBAD03
85oy1aHuLNKG69uZvZ7HEuC2b03HCmFqmMe0gOubZROAdijefDS4OB0lcYrm0FHS
zw/x1NGW5mx/iD0YtpAS996iUY2KD1dGqNASKc9bXH/NkjVVqs6ynXxVJ9Js3SWi
aOvEySNlnFP1zkqV68Aff1/R7SkpyMIm0KV9fkulH72NOmXuQPM5hlblDntZvoRE
q+6XMgW/ulfSm99vT3o8qvvoP5dM6zEInwUjoKt7pJX5IhxCXXo=
-----END CERTIFICATE-----