Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145902.roa
File:                     AS145902.roa (raw, json)
Hash identifier:          AZ74eqKEkUszlNGMGhsmLHiSr7IvL4K/F7yRerVVKPE=
Subject key identifier:   39:FB:14:37:DA:47:4C:99:50:09:46:16:99:7E:39:81:16:9E:25:0E
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       1E310CFC942B524F279E7E2071A13E0F380AC8C3
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145902.roa
Signing time:             Wed 04 Mar 2026 06:31:00 +0000
ROA not before:           Wed 04 Mar 2026 06:26:00 +0000
ROA not after:            Wed 03 Mar 2027 06:31:00 +0000
asID:                     145902
IP address blocks:        240a:acb4::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:31:0c:fc:94:2b:52:4f:27:9e:7e:20:71:a1:3e:0f:38:0a:c8:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:26:00 2026 GMT
            Not After : Mar  3 06:31:00 2027 GMT
        Subject: CN=39FB1437DA474C9950094616997E3981169E250E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:78:44:22:67:1a:75:93:40:b7:3a:25:d9:6b:
                    1d:c1:5e:70:54:49:0c:fc:31:93:08:9e:c6:4e:13:
                    06:3e:93:28:69:1f:23:16:6b:61:6c:a0:c5:a4:ba:
                    91:ab:78:bb:4c:e9:49:37:b9:b7:4a:4e:a5:6e:f6:
                    4b:6f:7b:33:27:37:56:42:24:9c:47:c1:17:07:21:
                    17:24:3e:31:cf:51:36:51:3f:31:1e:5e:44:55:37:
                    52:59:b6:01:07:64:3e:b8:f0:f2:85:0d:aa:b8:87:
                    7f:d3:6e:09:79:d6:99:cb:ed:98:60:ff:29:fa:82:
                    34:20:f7:de:de:8b:95:d7:18:45:cd:b4:64:24:d7:
                    a3:1c:8a:b4:13:66:38:98:95:75:e1:56:73:e7:8a:
                    28:b5:48:62:09:73:5d:9a:c3:9a:fe:0c:3e:d3:85:
                    7b:60:8d:4a:aa:02:7f:94:3d:91:a8:e0:ed:99:b4:
                    d2:97:ab:aa:9d:65:0e:d3:c1:0f:30:97:48:9d:06:
                    e3:08:36:64:07:70:99:8f:34:be:91:cc:94:4d:b8:
                    9b:07:0d:08:85:c0:1e:da:99:d3:cf:93:9c:6c:f1:
                    7f:bb:ee:03:29:8b:eb:6d:f0:c7:30:34:17:b1:cb:
                    60:7e:84:1e:c0:03:78:27:ce:d1:33:0a:89:bd:1f:
                    f1:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:FB:14:37:DA:47:4C:99:50:09:46:16:99:7E:39:81:16:9E:25:0E
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145902.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:acb4::/32

    Signature Algorithm: sha256WithRSAEncryption
         9a:ef:83:ca:fc:28:b3:82:39:13:a1:a4:66:d5:0f:89:66:19:
         ff:63:a7:7c:8c:89:1c:14:0e:67:b2:f1:bf:11:6f:73:7f:cb:
         78:e7:cd:60:42:3e:e2:4f:2d:4c:df:41:15:96:b7:d4:3b:9d:
         bd:cc:9a:f0:d7:4d:f4:98:2d:6f:57:4a:0f:f8:7b:97:6a:ea:
         e5:e1:82:27:51:3b:3a:a2:8c:11:89:58:21:6b:ec:a2:32:5e:
         2b:17:dd:c9:b8:8b:59:d8:2c:f7:03:40:48:d9:5b:80:cf:68:
         39:19:22:13:a9:36:bc:87:f7:64:35:f0:54:94:c9:b1:19:7f:
         65:37:18:58:ca:d7:aa:51:4c:84:78:f8:42:63:41:5f:98:fa:
         69:40:31:87:5c:0d:35:9e:93:ea:b6:99:63:bf:e1:d7:7e:98:
         7b:51:8c:bd:ad:eb:26:82:d8:45:d9:dc:bb:85:79:a6:ec:b1:
         f0:bd:a8:46:8c:f2:db:fb:fa:a6:95:c4:c6:0a:71:15:cb:51:
         43:ea:72:5f:11:d0:c1:be:19:93:7c:98:ce:ea:f6:5d:5e:ad:
         96:7e:d9:fe:ef:13:12:44:28:d7:8d:3a:04:5b:bb:b9:51:5d:
         4b:19:66:ab:66:4f:f6:f0:0f:5d:43:68:e1:23:0b:88:de:6c:
         95:c5:c7:fe
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUHjEM/JQrUk8nnn4gcaE+DzgKyMMwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MjYwMFoX
DTI3MDMwMzA2MzEwMFowMzExMC8GA1UEAxMoMzlGQjE0MzdEQTQ3NEM5OTUwMDk0
NjE2OTk3RTM5ODExNjlFMjUwRTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJV4RCJnGnWTQLc6JdlrHcFecFRJDPwxkwiexk4TBj6TKGkfIxZrYWygxaS6
kat4u0zpSTe5t0pOpW72S297Myc3VkIknEfBFwchFyQ+Mc9RNlE/MR5eRFU3Ulm2
AQdkPrjw8oUNqriHf9NuCXnWmcvtmGD/KfqCNCD33t6LldcYRc20ZCTXoxyKtBNm
OJiVdeFWc+eKKLVIYglzXZrDmv4MPtOFe2CNSqoCf5Q9kajg7Zm00perqp1lDtPB
DzCXSJ0G4wg2ZAdwmY80vpHMlE24mwcNCIXAHtqZ08+TnGzxf7vuAymL623wxzA0
F7HLYH6EHsADeCfO0TMKib0f8TsCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQ5+xQ3
2kdMmVAJRhaZfjmBFp4lDjAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTkwMi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
rLQwDQYJKoZIhvcNAQELBQADggEBAJrvg8r8KLOCOROhpGbVD4lmGf9jp3yMiRwU
Dmey8b8Rb3N/y3jnzWBCPuJPLUzfQRWWt9Q7nb3MmvDXTfSYLW9XSg/4e5dq6uXh
gidROzqijBGJWCFr7KIyXisX3cm4i1nYLPcDQEjZW4DPaDkZIhOpNryH92Q18FSU
ybEZf2U3GFjK16pRTIR4+EJjQV+Y+mlAMYdcDTWek+q2mWO/4dd+mHtRjL2t6yaC
2EXZ3LuFeabssfC9qEaM8tv7+qaVxMYKcRXLUUPqcl8R0MG+GZN8mM7q9l1erZZ+
2f7vExJEKNeNOgRbu7lRXUsZZqtmT/bwD11DaOEjC4jebJXFx/4=
-----END CERTIFICATE-----