Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145925.roa
File:                     AS145925.roa (raw, json)
Hash identifier:          Y01VewVCH/gimI1v312f27xFleWd+ZJ2dyAbst6c554=
Subject key identifier:   FC:DF:B3:8D:D1:4D:62:47:9C:47:3D:7E:49:DC:D3:04:BE:41:17:D7
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       59C8A3816C4D07F928E527291DAFD38B620A7EED
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145925.roa
Signing time:             Wed 04 Mar 2026 06:30:15 +0000
ROA not before:           Wed 04 Mar 2026 06:25:15 +0000
ROA not after:            Wed 03 Mar 2027 06:30:15 +0000
asID:                     145925
IP address blocks:        240a:accb::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            59:c8:a3:81:6c:4d:07:f9:28:e5:27:29:1d:af:d3:8b:62:0a:7e:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:25:15 2026 GMT
            Not After : Mar  3 06:30:15 2027 GMT
        Subject: CN=FCDFB38DD14D62479C473D7E49DCD304BE4117D7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:0a:5c:b9:e9:74:3b:8b:e9:1e:83:6c:67:af:
                    70:03:6a:ea:27:c8:23:9d:f7:b9:85:f7:59:a1:a5:
                    c8:2e:67:42:3f:bf:94:94:a6:6e:53:8e:e6:51:b6:
                    76:93:21:e9:47:77:6d:5c:b7:9c:8d:00:a2:45:d5:
                    62:32:16:79:6d:13:f6:10:e3:59:09:48:89:f4:c5:
                    72:aa:34:bc:42:ae:e0:5c:6a:85:47:f3:27:e7:42:
                    d8:52:42:0a:40:f3:0b:18:e5:b0:59:ba:19:f8:71:
                    f3:a0:30:ff:24:37:4a:da:19:ca:43:92:65:f0:fa:
                    91:5b:85:3f:06:a9:b3:28:00:71:1c:6f:ec:49:3f:
                    7d:2b:36:90:58:03:75:b7:ca:c2:7c:01:67:7d:b0:
                    fe:d8:31:e6:5e:eb:4f:89:54:b3:ce:ea:86:9e:84:
                    75:b5:28:c4:59:27:dd:4d:c0:2b:6a:1a:29:ab:7b:
                    12:e1:fe:3d:2f:bf:0e:8b:d9:50:ee:e2:6a:89:a0:
                    7e:b7:86:7c:79:ec:dd:9e:12:d3:f1:bf:3a:7d:da:
                    3d:65:b2:d5:a4:52:b2:65:fe:6f:80:1b:f0:f7:82:
                    82:e1:22:18:a0:58:77:7a:8c:26:1b:86:05:74:78:
                    f9:5d:d8:9a:8e:3e:49:9a:08:63:74:14:ee:b8:0d:
                    7a:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:DF:B3:8D:D1:4D:62:47:9C:47:3D:7E:49:DC:D3:04:BE:41:17:D7
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145925.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:accb::/32

    Signature Algorithm: sha256WithRSAEncryption
         76:b0:1e:c7:a0:11:b6:4a:59:78:c6:48:97:bd:00:e4:be:a4:
         5e:23:3d:e5:64:54:7d:86:2f:f8:1e:3f:54:26:00:dd:61:9c:
         d5:c1:48:76:90:f3:3d:22:bb:9f:27:73:88:6d:b0:22:03:c4:
         fb:ad:21:08:04:2e:9c:db:f7:33:cb:48:bb:f4:35:70:9b:e0:
         99:5e:9c:2d:00:8c:1a:52:94:6c:67:b2:7a:f7:24:a0:cc:ea:
         52:25:1e:a6:69:4c:70:2d:4c:a4:aa:a4:09:72:a6:4a:fe:dd:
         3d:8c:0d:e2:6c:4f:c2:75:fe:3b:2d:e1:33:dc:63:5e:76:3f:
         da:86:2b:24:89:75:58:dd:00:9b:9e:8c:29:2f:14:6b:17:b2:
         f3:64:2f:f7:7f:25:6a:28:07:b4:1f:49:6e:d5:cc:28:8b:d4:
         27:16:c2:8a:48:52:a4:b1:f9:14:6c:92:f0:b8:a3:95:5c:99:
         3e:cb:93:c9:cd:eb:ce:bf:c1:2c:66:0d:b9:44:9c:d8:e2:23:
         b1:a6:b7:1e:02:8f:19:22:8d:bc:b5:ee:9b:bc:28:a7:02:7e:
         20:1c:a8:c2:fe:07:37:63:e4:ee:a7:23:60:0e:d3:4e:32:48:
         9e:d1:43:d4:51:54:57:b5:6e:7b:1e:b8:81:75:4a:1f:87:cc:
         67:ca:4e:f8
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUWcijgWxNB/ko5ScpHa/Ti2IKfu0wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MjUxNVoX
DTI3MDMwMzA2MzAxNVowMzExMC8GA1UEAxMoRkNERkIzOEREMTRENjI0NzlDNDcz
RDdFNDlEQ0QzMDRCRTQxMTdENzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJEKXLnpdDuL6R6DbGevcANq6ifII533uYX3WaGlyC5nQj+/lJSmblOO5lG2
dpMh6Ud3bVy3nI0AokXVYjIWeW0T9hDjWQlIifTFcqo0vEKu4FxqhUfzJ+dC2FJC
CkDzCxjlsFm6Gfhx86Aw/yQ3StoZykOSZfD6kVuFPwapsygAcRxv7Ek/fSs2kFgD
dbfKwnwBZ32w/tgx5l7rT4lUs87qhp6EdbUoxFkn3U3AK2oaKat7EuH+PS+/DovZ
UO7iaomgfreGfHns3Z4S0/G/On3aPWWy1aRSsmX+b4Ab8PeCguEiGKBYd3qMJhuG
BXR4+V3Ymo4+SZoIY3QU7rgNekcCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBT837ON
0U1iR5xHPX5J3NMEvkEX1zAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTkyNS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
rMswDQYJKoZIhvcNAQELBQADggEBAHawHsegEbZKWXjGSJe9AOS+pF4jPeVkVH2G
L/geP1QmAN1hnNXBSHaQ8z0iu58nc4htsCIDxPutIQgELpzb9zPLSLv0NXCb4Jle
nC0AjBpSlGxnsnr3JKDM6lIlHqZpTHAtTKSqpAlypkr+3T2MDeJsT8J1/jst4TPc
Y152P9qGKySJdVjdAJuejCkvFGsXsvNkL/d/JWooB7QfSW7VzCiL1CcWwopIUqSx
+RRskvC4o5VcmT7Lk8nN686/wSxmDblEnNjiI7Gmtx4Cjxkijby17pu8KKcCfiAc
qML+Bzdj5O6nI2AO004ySJ7RQ9RRVFe1bnseuIF1Sh+HzGfKTvg=
-----END CERTIFICATE-----