Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145920.roa
File:                     AS145920.roa (raw, json)
Hash identifier:          rh5cQIjmeLUzwMFM6eupbJxbgjX4py15U3gkm8RP6+g=
Subject key identifier:   55:D0:17:94:7B:C4:93:3F:CB:E4:A3:D0:83:C3:55:00:E4:65:20:15
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       7035F07C1FE6EE4298B0560DF1D854EFB1470759
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145920.roa
Signing time:             Wed 04 Mar 2026 06:29:51 +0000
ROA not before:           Wed 04 Mar 2026 06:24:51 +0000
ROA not after:            Wed 03 Mar 2027 06:29:51 +0000
asID:                     145920
IP address blocks:        240a:acc6::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            70:35:f0:7c:1f:e6:ee:42:98:b0:56:0d:f1:d8:54:ef:b1:47:07:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:24:51 2026 GMT
            Not After : Mar  3 06:29:51 2027 GMT
        Subject: CN=55D017947BC4933FCBE4A3D083C35500E4652015
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:14:1d:ed:ac:0d:3b:df:a1:24:e0:3f:9a:6e:
                    66:5c:ef:a1:70:44:c0:a3:37:e2:a1:c8:fb:2b:1c:
                    aa:72:e7:07:55:2c:fd:b1:75:7c:11:a4:0c:7e:5e:
                    76:54:e7:8f:d0:28:a8:6e:53:5c:37:43:5d:f1:49:
                    1e:a2:84:9a:3d:e9:5b:cd:ee:c4:9d:79:68:0f:5f:
                    cf:47:7e:0d:24:c7:1d:c4:5f:bb:d7:0f:fe:dc:d8:
                    b1:53:a2:1c:e3:37:ea:0b:eb:6c:c1:27:38:7b:f1:
                    f8:46:76:fe:1e:65:67:54:e3:63:ac:2c:a7:99:c2:
                    89:0d:da:0f:56:76:fb:10:49:ec:f5:89:af:5b:15:
                    9d:f9:e1:c5:bf:75:51:74:58:0e:98:6a:bc:83:ab:
                    08:79:33:c0:03:4b:a3:0b:70:a4:0b:25:6f:83:6c:
                    3a:c2:7c:99:1e:8d:49:11:13:e9:c2:cc:8a:ea:fc:
                    17:fa:6d:9d:da:ec:2e:cc:41:ce:e3:5b:01:00:d9:
                    e2:8e:41:dc:7d:c2:02:c9:89:c0:5a:2f:43:79:5e:
                    f2:fc:0f:ff:88:f9:7a:f8:71:30:cd:a1:5a:bc:fd:
                    0d:a9:0f:ef:93:77:bb:b0:4d:63:21:25:52:a7:56:
                    8b:d6:7d:77:91:b5:e8:67:ab:0e:48:e2:de:32:e4:
                    a5:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:D0:17:94:7B:C4:93:3F:CB:E4:A3:D0:83:C3:55:00:E4:65:20:15
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145920.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:acc6::/32

    Signature Algorithm: sha256WithRSAEncryption
         91:84:74:7d:f3:81:a1:d8:8f:95:d2:89:4b:f5:39:af:43:7d:
         0b:14:36:a7:94:da:f7:84:64:59:6f:1f:54:0f:ed:77:a1:f5:
         14:21:17:78:a2:3e:af:2d:87:8c:d6:98:93:6b:37:d0:cd:f7:
         8b:95:8b:c5:6e:52:08:42:1d:1e:71:e9:70:f8:31:09:dd:5f:
         c9:76:5c:e1:13:4a:5f:d4:f2:41:b6:2f:d5:d3:10:a1:81:90:
         fc:71:b5:89:e8:89:58:cd:30:ab:7c:9a:12:11:01:81:eb:2b:
         de:d6:76:68:e0:22:09:7b:db:89:aa:89:5b:45:78:6e:dc:f1:
         89:13:49:8d:b1:22:8f:70:19:a7:d7:37:5e:41:c5:b7:33:9a:
         8a:34:3f:a0:ef:bd:9e:99:91:48:5e:32:be:4c:b4:b7:26:d3:
         ce:2d:a1:c3:87:df:b0:98:c8:80:ec:d1:22:1e:0f:86:7b:60:
         e0:98:64:ea:26:e2:f2:f6:ec:c6:97:a5:bf:18:b9:af:97:b2:
         45:8f:6a:34:ce:f4:30:4f:06:c2:9a:40:34:0b:23:a0:2a:3c:
         30:49:34:49:78:76:9a:c6:f1:ca:16:49:e9:cf:8b:dd:ad:8b:
         f9:17:4a:ca:38:4d:db:b8:eb:76:f7:b0:6c:18:26:1a:39:82:
         6b:9a:1a:7d
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUcDXwfB/m7kKYsFYN8dhU77FHB1kwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MjQ1MVoX
DTI3MDMwMzA2Mjk1MVowMzExMC8GA1UEAxMoNTVEMDE3OTQ3QkM0OTMzRkNCRTRB
M0QwODNDMzU1MDBFNDY1MjAxNTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAI8UHe2sDTvfoSTgP5puZlzvoXBEwKM34qHI+yscqnLnB1Us/bF1fBGkDH5e
dlTnj9AoqG5TXDdDXfFJHqKEmj3pW83uxJ15aA9fz0d+DSTHHcRfu9cP/tzYsVOi
HOM36gvrbMEnOHvx+EZ2/h5lZ1TjY6wsp5nCiQ3aD1Z2+xBJ7PWJr1sVnfnhxb91
UXRYDphqvIOrCHkzwANLowtwpAslb4NsOsJ8mR6NSRET6cLMiur8F/ptndrsLsxB
zuNbAQDZ4o5B3H3CAsmJwFovQ3le8vwP/4j5evhxMM2hWrz9DakP75N3u7BNYyEl
UqdWi9Z9d5G16GerDkji3jLkpfcCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBRV0BeU
e8STP8vko9CDw1UA5GUgFTAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTkyMC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
rMYwDQYJKoZIhvcNAQELBQADggEBAJGEdH3zgaHYj5XSiUv1Oa9DfQsUNqeU2veE
ZFlvH1QP7Xeh9RQhF3iiPq8th4zWmJNrN9DN94uVi8VuUghCHR5x6XD4MQndX8l2
XOETSl/U8kG2L9XTEKGBkPxxtYnoiVjNMKt8mhIRAYHrK97WdmjgIgl724mqiVtF
eG7c8YkTSY2xIo9wGafXN15Bxbczmoo0P6DvvZ6ZkUheMr5MtLcm084tocOH37CY
yIDs0SIeD4Z7YOCYZOom4vL27MaXpb8Yua+XskWPajTO9DBPBsKaQDQLI6AqPDBJ
NEl4dprG8coWSenPi92ti/kXSso4Tdu463b3sGwYJho5gmuaGn0=
-----END CERTIFICATE-----