Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145754.roa
File:                     AS145754.roa (raw, json)
Hash identifier:          /m/tdhvEICEm3q3gPnnXRF88cTM0R36MMSEm4Xs7cxQ=
Subject key identifier:   AC:D2:E3:1E:EA:5A:EC:C8:53:8C:18:05:EA:1B:47:A4:1B:0C:C2:5E
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       7CD628407738C024E7DAE8D1874F74E1CBF7686B
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145754.roa
Signing time:             Wed 04 Mar 2026 06:30:34 +0000
ROA not before:           Wed 04 Mar 2026 06:25:34 +0000
ROA not after:            Wed 03 Mar 2027 06:30:34 +0000
asID:                     145754
IP address blocks:        240a:ac20::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:d6:28:40:77:38:c0:24:e7:da:e8:d1:87:4f:74:e1:cb:f7:68:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:25:34 2026 GMT
            Not After : Mar  3 06:30:34 2027 GMT
        Subject: CN=ACD2E31EEA5AECC8538C1805EA1B47A41B0CC25E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:77:f8:26:0b:17:f1:2b:6e:b5:4e:67:d9:64:
                    8d:50:ac:55:37:18:8a:49:d1:5a:d2:52:8e:f7:1d:
                    3c:c0:97:6d:15:4d:14:5f:54:03:3c:92:27:79:27:
                    28:50:d0:dd:21:b5:71:7e:15:4a:18:13:05:dd:02:
                    4f:e4:6f:1c:0e:ed:5b:2f:b6:77:6f:b7:01:44:12:
                    3a:e6:65:27:61:5d:bc:ad:46:ff:ed:da:af:69:54:
                    f0:46:41:70:f9:8f:c9:d3:00:b2:87:53:66:c3:c1:
                    f5:d6:e4:5f:9e:4d:6a:da:1f:02:cc:9d:bd:57:36:
                    6f:d0:f8:5d:01:57:4b:b1:7e:8c:3e:ff:9b:27:c9:
                    94:04:f0:df:8c:8d:b4:d5:81:96:d5:71:3e:bf:70:
                    bd:1e:0e:e6:02:70:af:29:42:93:d8:ac:b8:45:6d:
                    f0:9c:19:d7:34:85:02:7a:d3:60:1d:13:e7:fb:6e:
                    d9:34:49:6d:52:e3:58:86:2a:42:21:39:ef:a7:c6:
                    38:ca:4a:ba:96:30:1c:00:c8:ed:0e:6d:90:a2:17:
                    d2:2a:03:1d:5f:88:26:51:e5:33:f9:77:3d:2f:3d:
                    53:fe:86:63:b9:b9:03:8d:17:16:3b:71:a4:d8:e2:
                    bc:3c:cf:4e:df:41:12:c8:f5:a0:71:18:e2:88:c2:
                    6f:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:D2:E3:1E:EA:5A:EC:C8:53:8C:18:05:EA:1B:47:A4:1B:0C:C2:5E
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145754.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:ac20::/32

    Signature Algorithm: sha256WithRSAEncryption
         41:a9:e7:19:bd:e9:a5:93:05:29:b5:c8:8a:56:c8:79:68:3e:
         d3:de:97:11:8f:c5:5a:12:38:4b:2f:08:74:a7:fd:54:14:2f:
         63:55:1a:b9:dd:f2:9d:be:92:aa:b1:d6:35:df:ea:9d:59:5d:
         0e:14:ae:f4:59:48:cd:32:63:68:71:60:9b:93:1b:9a:0c:b1:
         71:82:c5:cb:a1:85:90:bb:d0:28:39:fc:0b:4e:e1:23:3b:e8:
         f1:0c:fe:8c:22:47:f0:74:d4:f3:80:ec:ad:ed:e3:c6:84:b7:
         55:90:16:ab:6b:e0:27:8b:9d:bc:c3:d8:ae:f1:17:4b:06:39:
         8b:df:96:9d:16:96:6f:bb:37:2a:66:e9:07:11:b7:98:c0:9e:
         85:da:c7:4b:04:f2:8d:82:5b:be:37:84:9d:54:80:64:3f:aa:
         37:92:f7:8e:aa:d7:e0:a5:fb:6c:bd:db:6a:c8:0d:ee:f5:b2:
         11:cd:e0:68:33:59:41:ce:8c:78:62:1e:93:00:53:e8:44:a9:
         db:34:ab:5b:3b:79:24:97:2f:c9:d8:57:5b:4e:8c:ff:2c:d9:
         37:7c:9e:2a:0e:71:18:a5:a8:c9:58:df:24:7c:af:96:a5:01:
         bd:ec:92:ce:d6:88:18:33:46:95:28:73:56:5a:05:ed:7e:56:
         0a:f7:70:fa
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUfNYoQHc4wCTn2ujRh0904cv3aGswDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MjUzNFoX
DTI3MDMwMzA2MzAzNFowMzExMC8GA1UEAxMoQUNEMkUzMUVFQTVBRUNDODUzOEMx
ODA1RUExQjQ3QTQxQjBDQzI1RTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALd3+CYLF/ErbrVOZ9lkjVCsVTcYiknRWtJSjvcdPMCXbRVNFF9UAzySJ3kn
KFDQ3SG1cX4VShgTBd0CT+RvHA7tWy+2d2+3AUQSOuZlJ2FdvK1G/+3ar2lU8EZB
cPmPydMAsodTZsPB9dbkX55NatofAsydvVc2b9D4XQFXS7F+jD7/myfJlATw34yN
tNWBltVxPr9wvR4O5gJwrylCk9isuEVt8JwZ1zSFAnrTYB0T5/tu2TRJbVLjWIYq
QiE576fGOMpKupYwHADI7Q5tkKIX0ioDHV+IJlHlM/l3PS89U/6GY7m5A40XFjtx
pNjivDzPTt9BEsj1oHEY4ojCbwcCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBSs0uMe
6lrsyFOMGAXqG0ekGwzCXjAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTc1NC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
rCAwDQYJKoZIhvcNAQELBQADggEBAEGp5xm96aWTBSm1yIpWyHloPtPelxGPxVoS
OEsvCHSn/VQUL2NVGrnd8p2+kqqx1jXf6p1ZXQ4UrvRZSM0yY2hxYJuTG5oMsXGC
xcuhhZC70Cg5/AtO4SM76PEM/owiR/B01POA7K3t48aEt1WQFqtr4CeLnbzD2K7x
F0sGOYvflp0Wlm+7Nypm6QcRt5jAnoXax0sE8o2CW743hJ1UgGQ/qjeS946q1+Cl
+2y922rIDe71shHN4GgzWUHOjHhiHpMAU+hEqds0q1s7eSSXL8nYV1tOjP8s2Td8
nioOcRilqMlY3yR8r5alAb3sks7WiBgzRpUoc1ZaBe1+Vgr3cPo=
-----END CERTIFICATE-----