Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145839.roa
File:                     AS145839.roa (raw, json)
Hash identifier:          klRN46yGu1VRzOXxVvwMS1yvScs1QV3upxTT21hrRq0=
Subject key identifier:   75:13:F7:AA:6A:DA:E9:8D:C1:ED:69:45:0A:73:64:2C:D6:30:D9:1B
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       241DA042AC9694AD5ECC093C07786A8669A2770A
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145839.roa
Signing time:             Wed 04 Mar 2026 06:29:44 +0000
ROA not before:           Wed 04 Mar 2026 06:24:44 +0000
ROA not after:            Wed 03 Mar 2027 06:29:44 +0000
asID:                     145839
IP address blocks:        240a:ac75::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            24:1d:a0:42:ac:96:94:ad:5e:cc:09:3c:07:78:6a:86:69:a2:77:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:24:44 2026 GMT
            Not After : Mar  3 06:29:44 2027 GMT
        Subject: CN=7513F7AA6ADAE98DC1ED69450A73642CD630D91B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:f1:f7:63:2b:24:2f:c2:c4:f1:c5:fb:ee:32:
                    22:4f:b9:80:bd:dc:c5:a9:09:34:a5:96:12:82:ea:
                    b9:de:a9:d3:20:a4:23:73:5b:bf:cd:b7:7d:49:01:
                    60:65:3a:38:27:7a:ce:c7:fc:c5:1a:9e:1c:41:b4:
                    91:be:9c:78:26:fd:c0:17:a6:be:a7:53:3b:ee:e7:
                    93:75:d6:3e:9d:95:67:59:be:4c:dc:aa:85:de:de:
                    4b:6b:4d:6c:6c:47:54:58:f9:1b:73:a2:99:0d:6d:
                    26:d3:23:81:c4:17:3b:c5:53:3d:52:1e:e3:dd:c0:
                    9e:53:48:1a:9a:23:46:cb:4c:05:3a:16:1f:cd:a0:
                    b9:a1:f3:c9:82:78:77:63:7b:e1:d5:1d:39:d9:d7:
                    27:44:8c:d8:44:fc:df:13:22:cd:25:8e:f4:b1:47:
                    8e:b6:36:ef:84:91:e0:38:77:ab:e9:42:d9:65:28:
                    7c:c4:54:c9:e1:9c:16:90:ec:9b:61:80:a0:ff:72:
                    dd:2b:93:66:6a:20:ff:d2:9b:d4:34:85:53:55:f0:
                    99:fa:f5:bf:b7:e7:68:99:80:ef:f4:ce:e9:94:83:
                    46:40:5f:8e:30:f6:53:e0:de:74:cc:c4:a0:9b:a9:
                    92:60:01:4c:94:9f:1c:ad:9e:6e:b7:68:90:85:8e:
                    a3:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:13:F7:AA:6A:DA:E9:8D:C1:ED:69:45:0A:73:64:2C:D6:30:D9:1B
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145839.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:ac75::/32

    Signature Algorithm: sha256WithRSAEncryption
         d3:f2:9f:02:c4:91:00:21:2f:6b:f3:1b:fe:7b:0d:14:98:20:
         87:34:d9:f3:d4:20:b7:0f:96:54:21:71:84:11:a3:7d:41:b5:
         aa:ab:26:69:8c:f7:48:a5:87:72:af:9b:46:8a:71:b1:16:75:
         6a:81:05:cc:9d:64:83:a5:a1:cc:67:58:96:3b:c4:6b:57:90:
         e5:36:00:d7:fc:bd:85:74:ea:e5:c7:de:15:22:60:b8:f4:e6:
         82:f2:4a:f5:f3:da:53:1b:d4:71:90:d3:3b:bc:2b:59:bf:29:
         74:1d:77:41:3b:e2:73:99:8a:c9:74:f2:15:d9:db:4b:c5:93:
         dc:99:53:8a:9f:0a:46:68:5a:3b:2d:e7:81:a6:09:84:89:23:
         ef:17:de:46:15:b7:d3:2d:d4:10:b5:e1:4d:1e:66:9c:85:61:
         fe:d3:88:f8:6c:ca:3b:98:0c:9a:27:1e:2e:d2:62:c5:06:1b:
         c1:fc:6c:d6:e4:bc:d8:6b:67:b9:fa:55:42:e4:fd:79:e1:13:
         cd:c6:ad:79:70:f2:84:b7:85:ce:f7:03:b3:1e:31:9c:8e:43:
         88:02:da:f4:ac:8d:b2:2e:e2:37:99:54:15:dd:77:96:bc:17:
         49:9b:0c:27:94:a0:22:c5:49:b9:84:60:74:84:0e:24:d1:14:
         3e:01:1e:f3
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUJB2gQqyWlK1ezAk8B3hqhmmidwowDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MjQ0NFoX
DTI3MDMwMzA2Mjk0NFowMzExMC8GA1UEAxMoNzUxM0Y3QUE2QURBRTk4REMxRUQ2
OTQ1MEE3MzY0MkNENjMwRDkxQjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJHx92MrJC/CxPHF++4yIk+5gL3cxakJNKWWEoLqud6p0yCkI3Nbv823fUkB
YGU6OCd6zsf8xRqeHEG0kb6ceCb9wBemvqdTO+7nk3XWPp2VZ1m+TNyqhd7eS2tN
bGxHVFj5G3OimQ1tJtMjgcQXO8VTPVIe493AnlNIGpojRstMBToWH82guaHzyYJ4
d2N74dUdOdnXJ0SM2ET83xMizSWO9LFHjrY274SR4Dh3q+lC2WUofMRUyeGcFpDs
m2GAoP9y3SuTZmog/9Kb1DSFU1Xwmfr1v7fnaJmA7/TO6ZSDRkBfjjD2U+DedMzE
oJupkmABTJSfHK2ebrdokIWOo8cCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBR1E/eq
atrpjcHtaUUKc2Qs1jDZGzAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTgzOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
rHUwDQYJKoZIhvcNAQELBQADggEBANPynwLEkQAhL2vzG/57DRSYIIc02fPUILcP
llQhcYQRo31BtaqrJmmM90ilh3Kvm0aKcbEWdWqBBcydZIOlocxnWJY7xGtXkOU2
ANf8vYV06uXH3hUiYLj05oLySvXz2lMb1HGQ0zu8K1m/KXQdd0E74nOZisl08hXZ
20vFk9yZU4qfCkZoWjst54GmCYSJI+8X3kYVt9Mt1BC14U0eZpyFYf7TiPhsyjuY
DJonHi7SYsUGG8H8bNbkvNhrZ7n6VULk/XnhE83GrXlw8oS3hc73A7MeMZyOQ4gC
2vSsjbIu4jeZVBXdd5a8F0mbDCeUoCLFSbmEYHSEDiTRFD4BHvM=
-----END CERTIFICATE-----