Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145761.roa
File:                     AS145761.roa (raw, json)
Hash identifier:          INkgCrvdjaRs95j4E2I3a41bezDePRo9roi7iJ0bbe0=
Subject key identifier:   92:E6:CF:64:6D:C0:DC:4F:12:15:F0:CC:49:A1:A1:C1:39:63:8F:2D
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       04CBCFACC36C504707C5306E896307E54BAD560B
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145761.roa
Signing time:             Wed 04 Mar 2026 06:31:10 +0000
ROA not before:           Wed 04 Mar 2026 06:26:10 +0000
ROA not after:            Wed 03 Mar 2027 06:31:10 +0000
asID:                     145761
IP address blocks:        240a:ac27::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:cb:cf:ac:c3:6c:50:47:07:c5:30:6e:89:63:07:e5:4b:ad:56:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:26:10 2026 GMT
            Not After : Mar  3 06:31:10 2027 GMT
        Subject: CN=92E6CF646DC0DC4F1215F0CC49A1A1C139638F2D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:ac:c1:08:d5:a9:aa:3e:ce:8a:85:26:c0:f7:
                    d0:9b:8d:4a:d8:19:69:34:d6:dd:71:bc:4f:2c:84:
                    15:54:45:0f:7e:49:35:a9:ea:45:09:8e:3a:e1:46:
                    ce:66:f7:89:af:52:b5:e6:c9:62:f5:fc:c1:e7:c7:
                    18:65:8c:8d:e9:0c:9a:e5:68:e5:b5:6e:cd:aa:55:
                    2c:9a:5a:48:ad:21:c8:ea:ba:05:ff:95:8a:ba:fa:
                    b0:03:5f:0e:6c:69:5f:05:cf:2a:fb:91:2f:1b:b2:
                    01:76:40:c2:ea:b2:ed:f5:b7:1d:22:ba:be:46:75:
                    68:86:c4:1f:26:d7:56:de:61:a1:b4:1c:e9:1f:f1:
                    b2:4b:4a:e7:f6:cb:1f:1c:e4:de:94:e9:16:04:aa:
                    91:ae:aa:73:9a:82:1b:17:e6:3e:3a:14:85:73:a2:
                    c8:9f:9d:b0:f2:41:af:df:34:d2:56:76:f7:47:2a:
                    ac:bf:bc:74:37:47:1a:1b:e4:10:b1:6a:1e:a7:11:
                    d6:78:60:02:1e:e0:2a:ed:74:e9:d6:7e:49:9f:07:
                    bf:f7:ac:39:87:d4:5a:67:af:2e:83:dc:c6:42:0c:
                    3d:63:ad:8e:98:96:d4:16:ce:98:87:3f:64:9d:77:
                    c5:64:d5:87:cf:ec:2f:bf:94:08:cf:bd:8f:49:0e:
                    a6:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:E6:CF:64:6D:C0:DC:4F:12:15:F0:CC:49:A1:A1:C1:39:63:8F:2D
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145761.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:ac27::/32

    Signature Algorithm: sha256WithRSAEncryption
         aa:02:e9:75:c5:e2:b6:f4:f8:36:61:92:3b:e9:58:8d:16:87:
         1c:e5:4a:c2:4e:ad:8a:a4:cc:79:65:08:25:07:4b:68:7c:88:
         71:7d:ce:38:b7:67:3a:ae:8d:b5:ad:a7:39:26:c3:cc:a8:ad:
         1b:e9:dd:8c:13:c7:e2:d5:78:8e:a0:cf:69:78:b1:9b:43:55:
         c7:c5:87:35:90:09:db:7a:e1:84:fa:a6:1e:03:1d:6b:72:7d:
         58:36:d3:89:e4:29:fe:4a:e0:8f:64:02:b1:ce:7a:c6:57:39:
         ef:10:e4:89:06:9e:41:c5:80:97:23:7e:11:fb:6d:2a:19:5e:
         89:47:45:43:6d:75:34:c7:56:df:9e:98:c5:1f:c5:5c:37:96:
         f6:7c:ae:80:a4:69:6a:9a:2d:b3:ad:89:25:82:41:69:36:e0:
         56:92:23:2a:b2:65:ea:43:2e:90:83:b9:f0:9e:15:90:f2:6a:
         98:cb:ca:51:7f:aa:3b:24:42:90:15:60:2d:98:9d:0c:4e:b9:
         da:34:11:b8:29:9a:58:26:59:ce:1d:e3:70:26:51:8d:d7:30:
         50:3c:5d:50:d3:db:b7:16:9a:f6:59:ce:cc:fa:df:25:32:40:
         0f:d4:5f:2c:68:20:43:f3:2b:19:9d:94:ab:27:f3:ec:aa:5c:
         c1:67:73:8f
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUBMvPrMNsUEcHxTBuiWMH5UutVgswDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MjYxMFoX
DTI3MDMwMzA2MzExMFowMzExMC8GA1UEAxMoOTJFNkNGNjQ2REMwREM0RjEyMTVG
MENDNDlBMUExQzEzOTYzOEYyRDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMWswQjVqao+zoqFJsD30JuNStgZaTTW3XG8TyyEFVRFD35JNanqRQmOOuFG
zmb3ia9StebJYvX8wefHGGWMjekMmuVo5bVuzapVLJpaSK0hyOq6Bf+Virr6sANf
DmxpXwXPKvuRLxuyAXZAwuqy7fW3HSK6vkZ1aIbEHybXVt5hobQc6R/xsktK5/bL
Hxzk3pTpFgSqka6qc5qCGxfmPjoUhXOiyJ+dsPJBr9800lZ290cqrL+8dDdHGhvk
ELFqHqcR1nhgAh7gKu106dZ+SZ8Hv/esOYfUWmevLoPcxkIMPWOtjpiW1BbOmIc/
ZJ13xWTVh8/sL7+UCM+9j0kOpscCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBSS5s9k
bcDcTxIV8MxJoaHBOWOPLTAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTc2MS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
rCcwDQYJKoZIhvcNAQELBQADggEBAKoC6XXF4rb0+DZhkjvpWI0WhxzlSsJOrYqk
zHllCCUHS2h8iHF9zji3ZzqujbWtpzkmw8yorRvp3YwTx+LVeI6gz2l4sZtDVcfF
hzWQCdt64YT6ph4DHWtyfVg204nkKf5K4I9kArHOesZXOe8Q5IkGnkHFgJcjfhH7
bSoZXolHRUNtdTTHVt+emMUfxVw3lvZ8roCkaWqaLbOtiSWCQWk24FaSIyqyZepD
LpCDufCeFZDyapjLylF/qjskQpAVYC2YnQxOudo0EbgpmlgmWc4d43AmUY3XMFA8
XVDT27cWmvZZzsz63yUyQA/UXyxoIEPzKxmdlKsn8+yqXMFnc48=
-----END CERTIFICATE-----