Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145821.roa
File:                     AS145821.roa (raw, json)
Hash identifier:          +OSTsHbFw0AqjLogVuZBmZq1WuU9dwfo86TWRURT69c=
Subject key identifier:   92:BF:69:F6:9E:13:27:7E:A7:35:60:F4:97:63:C7:A5:37:27:E2:6A
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       4BA8033E7B7DCE0358B69E168B8E74ED89586880
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145821.roa
Signing time:             Wed 04 Mar 2026 06:30:00 +0000
ROA not before:           Wed 04 Mar 2026 06:25:00 +0000
ROA not after:            Wed 03 Mar 2027 06:30:00 +0000
asID:                     145821
IP address blocks:        240a:ac63::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4b:a8:03:3e:7b:7d:ce:03:58:b6:9e:16:8b:8e:74:ed:89:58:68:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:25:00 2026 GMT
            Not After : Mar  3 06:30:00 2027 GMT
        Subject: CN=92BF69F69E13277EA73560F49763C7A53727E26A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:06:e2:40:46:25:53:0a:a9:f8:34:00:25:77:
                    c2:cf:2e:4d:ce:a6:eb:12:c8:35:e0:b7:e6:c3:01:
                    4e:1e:e0:de:f5:82:a3:32:03:59:81:19:5f:65:bd:
                    ba:77:81:d0:d1:06:fa:11:88:84:dc:20:17:4a:80:
                    a0:a3:8e:29:41:ad:54:db:b9:cd:c6:f0:6b:00:8a:
                    05:d3:67:29:a8:9c:76:3c:e4:be:c6:26:74:2d:1e:
                    7e:9f:a1:a1:2b:7c:64:3f:1b:f8:15:93:d0:c1:44:
                    a3:9c:de:dc:d2:33:bf:a1:42:af:88:07:5e:a7:b4:
                    ea:78:f7:3b:9e:7f:d9:51:79:2e:92:d4:a6:b6:bc:
                    7a:39:af:8f:cb:4e:60:3e:2d:45:ae:ba:bb:32:bf:
                    c1:9c:6c:96:22:1b:27:95:70:f5:7b:d6:4b:3c:0b:
                    66:31:dc:67:00:c3:a5:a5:a0:bb:28:19:a7:e2:10:
                    f5:24:34:90:e5:37:8a:e9:7d:f0:75:84:fb:6b:8b:
                    ef:b4:df:a0:ec:64:d4:b6:e7:0b:ac:f9:a4:d1:1d:
                    83:34:1b:a8:68:6f:ef:39:3a:3b:c2:e6:63:64:a7:
                    59:c4:d0:76:ff:ca:0b:7c:c4:b3:cd:f5:26:55:10:
                    de:09:bc:78:b9:a0:20:99:db:fd:c8:33:ba:27:b8:
                    5f:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:BF:69:F6:9E:13:27:7E:A7:35:60:F4:97:63:C7:A5:37:27:E2:6A
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145821.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:ac63::/32

    Signature Algorithm: sha256WithRSAEncryption
         69:74:4e:d4:ef:c8:f8:df:2e:72:03:06:e6:4b:cd:03:41:d9:
         dd:87:a3:17:51:51:75:18:d2:35:12:37:4f:08:a1:71:0e:c0:
         ad:9e:ee:7c:d1:64:6e:96:d8:56:3a:b0:ac:bc:07:32:41:05:
         2c:49:b4:f3:64:26:de:c9:71:41:d3:98:44:4b:35:87:f3:37:
         7e:49:c2:b4:21:b4:48:7c:b1:d1:38:f5:b6:2d:fd:bf:d3:fa:
         3d:96:ca:04:bc:3a:19:63:11:3b:cf:83:7b:1c:23:b7:ec:29:
         e8:bf:da:bf:12:7b:39:b9:c9:3b:9b:cf:e2:d9:14:40:ca:56:
         52:fc:98:78:1e:4e:eb:b8:e4:94:f0:86:6d:73:f0:cc:1f:c5:
         4c:d4:45:40:d3:28:ff:22:c3:65:bf:a9:04:f8:1a:eb:52:bc:
         23:9e:9d:a8:25:c8:40:d7:68:73:09:95:34:18:1f:ef:b7:10:
         9c:f8:41:8f:9f:4e:8d:90:9b:3e:b6:ae:ff:50:fc:04:af:cc:
         62:c2:d7:d4:ee:61:fd:8d:06:b2:97:75:d6:c5:e1:f5:72:56:
         52:0e:5a:b2:0b:20:10:e5:15:63:90:89:c8:13:22:13:69:df:
         ef:9c:d0:94:0b:33:c2:87:d6:01:35:3a:f8:70:24:f4:e2:6d:
         57:d4:b5:01
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUS6gDPnt9zgNYtp4Wi4507YlYaIAwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MjUwMFoX
DTI3MDMwMzA2MzAwMFowMzExMC8GA1UEAxMoOTJCRjY5RjY5RTEzMjc3RUE3MzU2
MEY0OTc2M0M3QTUzNzI3RTI2QTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK0G4kBGJVMKqfg0ACV3ws8uTc6m6xLINeC35sMBTh7g3vWCozIDWYEZX2W9
uneB0NEG+hGIhNwgF0qAoKOOKUGtVNu5zcbwawCKBdNnKaicdjzkvsYmdC0efp+h
oSt8ZD8b+BWT0MFEo5ze3NIzv6FCr4gHXqe06nj3O55/2VF5LpLUpra8ejmvj8tO
YD4tRa66uzK/wZxsliIbJ5Vw9XvWSzwLZjHcZwDDpaWguygZp+IQ9SQ0kOU3iul9
8HWE+2uL77TfoOxk1LbnC6z5pNEdgzQbqGhv7zk6O8LmY2SnWcTQdv/KC3zEs831
JlUQ3gm8eLmgIJnb/cgzuie4X9cCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBSSv2n2
nhMnfqc1YPSXY8elNyfiajAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTgyMS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
rGMwDQYJKoZIhvcNAQELBQADggEBAGl0TtTvyPjfLnIDBuZLzQNB2d2HoxdRUXUY
0jUSN08IoXEOwK2e7nzRZG6W2FY6sKy8BzJBBSxJtPNkJt7JcUHTmERLNYfzN35J
wrQhtEh8sdE49bYt/b/T+j2WygS8OhljETvPg3scI7fsKei/2r8Sezm5yTubz+LZ
FEDKVlL8mHgeTuu45JTwhm1z8MwfxUzURUDTKP8iw2W/qQT4GutSvCOenaglyEDX
aHMJlTQYH++3EJz4QY+fTo2Qmz62rv9Q/ASvzGLC19TuYf2NBrKXddbF4fVyVlIO
WrILIBDlFWOQicgTIhNp3++c0JQLM8KH1gE1OvhwJPTibVfUtQE=
-----END CERTIFICATE-----