Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145921.roa
File:                     AS145921.roa (raw, json)
Hash identifier:          f7z6RUCVBZK0Lx3rpwWdAWFxBlUSTRqfW7OUJ79U9C0=
Subject key identifier:   AC:ED:2E:76:E2:9A:08:7D:D8:78:F9:74:51:E9:B7:50:98:8E:C8:A1
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       75C8282BB5AA86BC8CFF67BF12207074BD7F6B9E
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145921.roa
Signing time:             Wed 04 Mar 2026 06:29:37 +0000
ROA not before:           Wed 04 Mar 2026 06:24:37 +0000
ROA not after:            Wed 03 Mar 2027 06:29:37 +0000
asID:                     145921
IP address blocks:        240a:acc7::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            75:c8:28:2b:b5:aa:86:bc:8c:ff:67:bf:12:20:70:74:bd:7f:6b:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:24:37 2026 GMT
            Not After : Mar  3 06:29:37 2027 GMT
        Subject: CN=ACED2E76E29A087DD878F97451E9B750988EC8A1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:a0:48:ee:26:7d:9a:5f:f0:29:d3:82:7e:2d:
                    42:3e:aa:29:81:87:95:69:34:c0:79:7a:85:c1:0b:
                    18:58:23:69:79:ce:6d:a5:93:bc:3a:91:85:6a:d6:
                    64:40:8b:f4:63:37:40:47:88:03:54:5e:a7:65:4f:
                    3d:89:56:4e:dd:ec:cd:1a:89:d5:4a:0c:3b:02:e9:
                    36:ed:65:bd:72:6e:39:e3:56:51:6c:36:b9:81:b5:
                    d7:65:6c:d1:fe:9a:88:bd:24:5b:c4:60:70:ba:8e:
                    f0:92:e3:0a:ca:d1:d9:1f:69:30:e3:11:ad:c0:e7:
                    4a:a9:23:81:12:57:8e:b8:3c:3d:e9:04:1d:ac:e7:
                    51:81:ce:da:10:db:55:10:23:8b:6f:27:f3:64:e5:
                    72:59:2f:0d:de:a4:2a:08:71:5f:e1:ce:3f:f0:97:
                    4d:b2:2f:fc:e0:de:64:5c:be:0f:ac:e9:b9:f9:1a:
                    9c:9f:f1:69:75:29:fe:a7:45:15:eb:6c:b8:46:ff:
                    c6:ee:cc:61:52:2c:e9:73:37:f2:5b:25:64:ac:3e:
                    a7:38:ff:46:0b:44:89:cf:d2:e0:bf:2f:b4:55:94:
                    76:0c:5d:68:e9:50:e2:1b:46:0f:9c:fd:9c:8c:3a:
                    07:54:af:62:c4:33:da:26:6e:ff:17:7d:39:8b:80:
                    62:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:ED:2E:76:E2:9A:08:7D:D8:78:F9:74:51:E9:B7:50:98:8E:C8:A1
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145921.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:acc7::/32

    Signature Algorithm: sha256WithRSAEncryption
         3c:26:18:71:de:b1:06:02:02:79:3a:18:f4:d7:58:91:bc:0d:
         db:e0:a5:0f:a5:99:1f:e4:4f:c1:3d:bb:41:e7:46:6a:74:81:
         75:d2:03:5f:df:af:87:2e:09:83:a7:6f:cd:95:59:1f:d1:db:
         02:3e:f2:a5:1a:38:a8:13:b6:a8:1e:a6:6d:44:42:c8:0e:0b:
         87:1b:47:ba:15:29:cd:f3:3b:f6:e9:b9:86:16:4f:ed:98:2d:
         72:5f:f9:78:63:d7:3a:f9:95:0e:30:e1:f6:6b:8e:ed:cb:d6:
         1d:30:25:d3:43:de:a4:8a:1f:60:37:18:93:89:e7:57:38:3b:
         8c:1c:0e:c6:a1:4f:30:09:88:25:24:1d:1f:d9:8f:0f:4a:4f:
         d2:58:49:a6:85:cb:d0:c1:b8:d6:8f:2b:12:98:f1:5c:1a:5a:
         e0:a0:18:39:0d:c7:76:0f:93:4c:ac:a7:0d:a5:43:6d:dc:a7:
         e0:da:ec:b9:b3:c3:0c:0b:4f:7b:09:5c:2a:55:3e:de:eb:5c:
         fc:56:47:9e:52:3b:7f:c4:ae:e4:fd:a0:0d:0b:3f:0b:f3:4e:
         b3:30:d2:42:15:c8:51:bc:78:e2:00:fd:28:17:56:50:cf:b7:
         12:a7:67:90:2e:51:e9:cb:35:bb:8a:a9:33:a4:3f:d5:b1:94:
         a8:d8:0e:00
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUdcgoK7WqhryM/2e/EiBwdL1/a54wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MjQzN1oX
DTI3MDMwMzA2MjkzN1owMzExMC8GA1UEAxMoQUNFRDJFNzZFMjlBMDg3REQ4NzhG
OTc0NTFFOUI3NTA5ODhFQzhBMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALOgSO4mfZpf8CnTgn4tQj6qKYGHlWk0wHl6hcELGFgjaXnObaWTvDqRhWrW
ZECL9GM3QEeIA1Rep2VPPYlWTt3szRqJ1UoMOwLpNu1lvXJuOeNWUWw2uYG112Vs
0f6aiL0kW8RgcLqO8JLjCsrR2R9pMOMRrcDnSqkjgRJXjrg8PekEHaznUYHO2hDb
VRAji28n82TlclkvDd6kKghxX+HOP/CXTbIv/ODeZFy+D6zpufkanJ/xaXUp/qdF
FetsuEb/xu7MYVIs6XM38lslZKw+pzj/RgtEic/S4L8vtFWUdgxdaOlQ4htGD5z9
nIw6B1SvYsQz2iZu/xd9OYuAYhsCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBSs7S52
4poIfdh4+XRR6bdQmI7IoTAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTkyMS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
rMcwDQYJKoZIhvcNAQELBQADggEBADwmGHHesQYCAnk6GPTXWJG8DdvgpQ+lmR/k
T8E9u0HnRmp0gXXSA1/fr4cuCYOnb82VWR/R2wI+8qUaOKgTtqgepm1EQsgOC4cb
R7oVKc3zO/bpuYYWT+2YLXJf+Xhj1zr5lQ4w4fZrju3L1h0wJdND3qSKH2A3GJOJ
51c4O4wcDsahTzAJiCUkHR/Zjw9KT9JYSaaFy9DBuNaPKxKY8VwaWuCgGDkNx3YP
k0yspw2lQ23cp+Da7LmzwwwLT3sJXCpVPt7rXPxWR55SO3/EruT9oA0LPwvzTrMw
0kIVyFG8eOIA/SgXVlDPtxKnZ5AuUenLNbuKqTOkP9WxlKjYDgA=
-----END CERTIFICATE-----