Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145923.roa
File:                     AS145923.roa (raw, json)
Hash identifier:          Fy4yRnv5jyd+2tThj0lacbCw6UdqRLROAJj7OgRgW7w=
Subject key identifier:   5F:60:B6:BA:D0:A7:90:B9:3F:AC:41:3C:63:69:71:3C:ED:DA:25:79
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       29BDD80AC2E7E42B84D425E827CA7A7790220D3F
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145923.roa
Signing time:             Wed 04 Mar 2026 06:30:45 +0000
ROA not before:           Wed 04 Mar 2026 06:25:45 +0000
ROA not after:            Wed 03 Mar 2027 06:30:45 +0000
asID:                     145923
IP address blocks:        240a:acc9::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            29:bd:d8:0a:c2:e7:e4:2b:84:d4:25:e8:27:ca:7a:77:90:22:0d:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:25:45 2026 GMT
            Not After : Mar  3 06:30:45 2027 GMT
        Subject: CN=5F60B6BAD0A790B93FAC413C6369713CEDDA2579
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:b5:66:ae:82:db:d7:96:db:2b:76:c1:82:b8:
                    2c:28:82:7b:77:aa:39:de:10:d3:e2:df:ed:6c:dc:
                    06:b4:19:ce:9d:27:64:35:89:93:d8:23:a4:13:70:
                    e0:28:e5:d4:87:ce:67:a8:bc:78:b6:22:ba:a8:70:
                    19:8d:5c:22:2d:10:49:b5:f6:f7:04:87:14:ea:f8:
                    af:51:a2:be:c0:d5:77:62:f6:20:1a:9d:38:53:20:
                    05:0c:0d:bf:94:62:c2:a5:3a:8c:a8:5a:16:e6:e1:
                    d1:01:53:2c:58:d1:ab:8a:f2:49:6d:9f:45:80:4d:
                    2a:d4:b4:ff:de:23:be:1e:ae:79:f3:d9:2f:f2:51:
                    3c:74:6b:fb:ef:49:97:2f:62:7f:a1:71:68:1f:b4:
                    d6:3e:88:1f:90:bb:53:12:b9:26:01:16:12:85:1d:
                    7f:16:b8:37:59:aa:32:33:d3:b9:63:b5:5f:43:8d:
                    3d:cb:d3:bb:de:80:db:31:0b:3e:17:50:cf:0d:c6:
                    71:5d:38:92:56:b2:95:24:dd:14:11:16:96:a4:92:
                    d7:dd:86:42:a7:43:8d:f8:0e:ad:74:27:ec:fb:ec:
                    fe:60:db:5c:ba:68:96:3a:67:ec:37:c2:86:be:04:
                    b7:cd:ff:fb:5f:99:b3:61:46:55:8e:52:ca:06:40:
                    d4:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:60:B6:BA:D0:A7:90:B9:3F:AC:41:3C:63:69:71:3C:ED:DA:25:79
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145923.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:acc9::/32

    Signature Algorithm: sha256WithRSAEncryption
         a4:11:68:ae:fb:d6:a4:ba:4d:e4:e6:b5:98:9d:08:4e:c6:2e:
         52:56:e4:78:59:79:32:7e:f0:33:3a:5b:10:ea:48:18:32:d0:
         bd:63:c8:eb:ef:76:c2:70:36:22:94:f2:e0:b7:83:f3:39:72:
         d9:d2:3f:7c:e4:ae:f7:7c:f0:b1:13:26:b5:a0:f4:21:75:0b:
         92:d9:b1:9e:9a:34:5c:4f:66:00:15:71:51:86:e0:61:90:18:
         2b:36:fb:7a:66:b2:26:6d:1b:f6:ec:a3:43:24:c1:68:69:e0:
         f0:36:c0:7a:db:2f:9b:84:84:c4:e9:70:b2:38:08:89:a2:e3:
         79:1e:31:21:55:8c:e8:28:5d:91:d3:61:2a:73:57:d1:a1:a2:
         8a:86:e1:58:eb:6e:f7:32:f5:4c:66:9d:ee:91:db:65:78:19:
         84:56:21:fe:59:e2:60:bf:4e:18:d0:c2:87:e7:ae:5c:0e:c9:
         bf:b9:e3:92:8c:17:f8:f2:ba:73:6d:6d:68:42:ff:95:89:4e:
         bc:02:36:c0:44:02:02:d8:8f:fe:ef:73:97:72:dc:3a:59:eb:
         cb:ea:73:eb:9d:1b:f8:c5:88:92:22:a5:e5:57:36:57:c1:58:
         04:04:36:db:cf:50:90:25:bd:84:41:6a:80:c9:c1:51:53:46:
         76:d6:54:2f
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUKb3YCsLn5CuE1CXoJ8p6d5AiDT8wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MjU0NVoX
DTI3MDMwMzA2MzA0NVowMzExMC8GA1UEAxMoNUY2MEI2QkFEMEE3OTBCOTNGQUM0
MTNDNjM2OTcxM0NFRERBMjU3OTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANy1Zq6C29eW2yt2wYK4LCiCe3eqOd4Q0+Lf7WzcBrQZzp0nZDWJk9gjpBNw
4Cjl1IfOZ6i8eLYiuqhwGY1cIi0QSbX29wSHFOr4r1GivsDVd2L2IBqdOFMgBQwN
v5RiwqU6jKhaFubh0QFTLFjRq4rySW2fRYBNKtS0/94jvh6uefPZL/JRPHRr++9J
ly9if6FxaB+01j6IH5C7UxK5JgEWEoUdfxa4N1mqMjPTuWO1X0ONPcvTu96A2zEL
PhdQzw3GcV04klaylSTdFBEWlqSS192GQqdDjfgOrXQn7Pvs/mDbXLpoljpn7DfC
hr4Et83/+1+Zs2FGVY5SygZA1NkCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBRfYLa6
0KeQuT+sQTxjaXE87doleTAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTkyMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
rMkwDQYJKoZIhvcNAQELBQADggEBAKQRaK771qS6TeTmtZidCE7GLlJW5HhZeTJ+
8DM6WxDqSBgy0L1jyOvvdsJwNiKU8uC3g/M5ctnSP3zkrvd88LETJrWg9CF1C5LZ
sZ6aNFxPZgAVcVGG4GGQGCs2+3pmsiZtG/bso0MkwWhp4PA2wHrbL5uEhMTpcLI4
CImi43keMSFVjOgoXZHTYSpzV9GhooqG4Vjrbvcy9Uxmne6R22V4GYRWIf5Z4mC/
ThjQwofnrlwOyb+545KMF/jyunNtbWhC/5WJTrwCNsBEAgLYj/7vc5dy3DpZ68vq
c+udG/jFiJIipeVXNlfBWAQENtvPUJAlvYRBaoDJwVFTRnbWVC8=
-----END CERTIFICATE-----