Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145918.roa
File:                     AS145918.roa (raw, json)
Hash identifier:          VvEuBF5GfEc66l7EWXHA9iYsKFD7V2UNReOmSlfmIV8=
Subject key identifier:   DC:46:B2:12:76:3D:AE:C7:3E:C1:08:B4:CB:23:45:70:76:EC:24:BB
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       55127465659F88F3C70275A2CBC8B0C8EB4E87D1
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145918.roa
Signing time:             Wed 04 Mar 2026 06:30:14 +0000
ROA not before:           Wed 04 Mar 2026 06:25:14 +0000
ROA not after:            Wed 03 Mar 2027 06:30:14 +0000
asID:                     145918
IP address blocks:        240a:acc4::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            55:12:74:65:65:9f:88:f3:c7:02:75:a2:cb:c8:b0:c8:eb:4e:87:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:25:14 2026 GMT
            Not After : Mar  3 06:30:14 2027 GMT
        Subject: CN=DC46B212763DAEC73EC108B4CB23457076EC24BB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:3c:ef:e8:52:2b:b7:a8:f4:d7:40:9b:a9:18:
                    33:c8:bf:ce:6d:09:04:71:4d:e3:50:2d:a2:9f:de:
                    cf:59:f7:a9:e3:41:4d:fb:3e:15:9c:88:31:8d:d9:
                    c0:e2:6b:12:7a:d2:4d:9c:4d:e0:77:16:c1:24:a5:
                    8f:87:85:45:03:23:a2:96:7c:8a:40:7d:b2:9c:cd:
                    ab:18:4d:b0:1d:5b:09:b0:eb:76:1e:79:47:f7:57:
                    89:d3:c5:3d:a3:04:ae:80:d4:fe:ce:ee:08:c0:e2:
                    52:12:e8:f5:92:d1:11:71:82:93:df:44:6b:2f:aa:
                    86:13:27:51:1a:d4:92:57:a5:dd:48:0a:e4:c1:12:
                    ac:2b:a7:92:fe:ff:a0:29:53:2f:73:99:0a:19:c2:
                    f2:40:f0:7c:56:6b:96:fd:ca:ac:60:32:6c:83:94:
                    6d:c4:d3:bd:d8:22:91:5e:ce:fb:e8:d4:cd:8a:6a:
                    83:48:ab:da:42:2e:ba:d8:89:d9:9b:f5:e0:28:d9:
                    9f:f8:24:ae:64:76:8b:42:7b:ec:43:ef:dc:da:93:
                    76:9d:2e:fb:38:dc:3e:ac:f9:ad:27:ab:b3:10:ca:
                    c5:0b:de:0c:f4:2a:23:2b:38:48:34:7d:2b:ee:bc:
                    3e:4b:a9:a1:f5:c9:34:67:ad:43:89:12:60:1c:be:
                    af:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:46:B2:12:76:3D:AE:C7:3E:C1:08:B4:CB:23:45:70:76:EC:24:BB
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145918.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:acc4::/32

    Signature Algorithm: sha256WithRSAEncryption
         a3:c6:dc:f2:1b:5e:c1:3f:e9:fd:39:e2:c8:4a:df:24:ef:15:
         71:5c:60:0b:8e:19:b8:c7:87:e7:e1:ce:25:f1:d5:78:8f:7b:
         55:52:21:53:80:0d:47:e9:1b:24:62:aa:61:71:4d:d8:1e:05:
         f7:fc:c5:dc:fc:85:75:b2:be:8c:3f:12:3e:a5:68:0a:d7:f3:
         99:af:94:c7:15:01:53:d3:5d:b2:3a:3a:c9:40:ff:9b:72:a4:
         70:41:28:1f:9d:1a:35:e4:7d:fe:d0:17:46:51:7b:3a:62:ce:
         ba:f0:cf:fd:29:19:4d:58:4d:0b:e0:15:22:02:7c:5e:d8:8e:
         4a:42:bf:b8:2d:c1:ff:59:1b:4d:a0:75:c3:8d:5b:fc:16:12:
         0f:8b:a3:28:59:c5:82:d8:02:63:79:2b:5e:10:2d:ea:03:6a:
         26:52:70:16:7d:e3:8f:47:90:15:27:8b:53:c5:31:55:51:d4:
         b2:8d:1a:aa:a4:bc:e7:47:7f:a6:91:6c:a4:d0:21:eb:71:24:
         7b:a7:c0:12:34:05:e3:0b:ab:19:e7:13:f7:4a:eb:ed:9f:9e:
         cb:68:26:d9:8b:8a:f7:f3:34:7e:a3:40:f4:2c:4c:f0:de:d6:
         84:d6:4e:36:4e:c6:29:66:a9:3b:fb:e2:2e:31:45:54:f7:3b:
         4a:e7:58:54
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUVRJ0ZWWfiPPHAnWiy8iwyOtOh9EwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MjUxNFoX
DTI3MDMwMzA2MzAxNFowMzExMC8GA1UEAxMoREM0NkIyMTI3NjNEQUVDNzNFQzEw
OEI0Q0IyMzQ1NzA3NkVDMjRCQjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAN087+hSK7eo9NdAm6kYM8i/zm0JBHFN41Atop/ez1n3qeNBTfs+FZyIMY3Z
wOJrEnrSTZxN4HcWwSSlj4eFRQMjopZ8ikB9spzNqxhNsB1bCbDrdh55R/dXidPF
PaMEroDU/s7uCMDiUhLo9ZLREXGCk99Eay+qhhMnURrUklel3UgK5MESrCunkv7/
oClTL3OZChnC8kDwfFZrlv3KrGAybIOUbcTTvdgikV7O++jUzYpqg0ir2kIuutiJ
2Zv14CjZn/gkrmR2i0J77EPv3NqTdp0u+zjcPqz5rSersxDKxQveDPQqIys4SDR9
K+68PkupofXJNGetQ4kSYBy+r50CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBTcRrIS
dj2uxz7BCLTLI0VwduwkuzAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTkxOC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
rMQwDQYJKoZIhvcNAQELBQADggEBAKPG3PIbXsE/6f054shK3yTvFXFcYAuOGbjH
h+fhziXx1XiPe1VSIVOADUfpGyRiqmFxTdgeBff8xdz8hXWyvow/Ej6laArX85mv
lMcVAVPTXbI6OslA/5typHBBKB+dGjXkff7QF0ZRezpizrrwz/0pGU1YTQvgFSIC
fF7YjkpCv7gtwf9ZG02gdcONW/wWEg+LoyhZxYLYAmN5K14QLeoDaiZScBZ9449H
kBUni1PFMVVR1LKNGqqkvOdHf6aRbKTQIetxJHunwBI0BeMLqxnnE/dK6+2fnsto
JtmLivfzNH6jQPQsTPDe1oTWTjZOxilmqTv74i4xRVT3O0rnWFQ=
-----END CERTIFICATE-----