Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145932.roa
File:                     AS145932.roa (raw, json)
Hash identifier:          B9P8iTyq35xlroQQDV0lyEI58Bh06gwc77sHhOMTrw8=
Subject key identifier:   97:ED:58:00:4F:D4:2F:DC:C2:C4:F1:2A:25:E4:44:33:30:4C:E2:28
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       6CED5477785CD35217B3F4B04E4A60D2639ED06A
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145932.roa
Signing time:             Wed 04 Mar 2026 06:29:40 +0000
ROA not before:           Wed 04 Mar 2026 06:24:40 +0000
ROA not after:            Wed 03 Mar 2027 06:29:40 +0000
asID:                     145932
IP address blocks:        240a:acd2::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:ed:54:77:78:5c:d3:52:17:b3:f4:b0:4e:4a:60:d2:63:9e:d0:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:24:40 2026 GMT
            Not After : Mar  3 06:29:40 2027 GMT
        Subject: CN=97ED58004FD42FDCC2C4F12A25E44433304CE228
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:97:bc:6f:60:ac:01:85:06:49:11:e3:5d:5d:
                    03:75:61:2d:e4:e2:96:39:71:b1:55:8d:79:06:1f:
                    b1:39:32:c9:40:54:2e:cd:1d:1b:9d:cf:a8:85:6c:
                    ea:f4:e4:03:7b:97:52:81:a0:e2:6a:18:6c:42:db:
                    c0:49:50:04:35:0d:68:e4:b3:bb:32:70:d5:23:f8:
                    f1:5e:1e:50:3e:36:fe:0f:e7:4d:a2:a0:b6:8a:62:
                    40:12:09:0c:5f:89:7c:e4:25:f1:64:d6:60:85:18:
                    a3:74:aa:bc:3a:08:57:c2:cd:cb:cd:01:b6:8c:43:
                    83:82:59:13:f0:cb:8a:3f:77:be:88:d4:77:22:69:
                    bd:3a:7c:95:a7:04:8d:7e:51:b4:cc:49:77:10:ba:
                    0b:ed:dd:7f:fa:5a:86:fb:61:1c:a9:88:13:76:83:
                    54:cd:19:5a:bc:e3:77:e3:db:db:5d:a0:a2:94:93:
                    90:da:b3:4c:17:96:d9:fa:5e:9e:ea:c9:d4:f3:07:
                    4b:ff:68:31:6d:9c:c9:60:63:72:34:19:0b:8c:83:
                    3e:24:20:69:3b:d9:c1:61:46:8d:03:40:1c:cb:cc:
                    a1:ea:5b:5b:30:34:6c:16:8b:14:2d:1c:97:81:ac:
                    3b:98:b2:9a:23:33:35:92:20:e4:a8:9f:cc:df:c5:
                    90:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:ED:58:00:4F:D4:2F:DC:C2:C4:F1:2A:25:E4:44:33:30:4C:E2:28
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145932.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:acd2::/32

    Signature Algorithm: sha256WithRSAEncryption
         30:bc:cd:48:05:84:f0:2a:ac:22:95:e5:61:9c:f3:55:6d:98:
         b5:b9:c5:b7:8b:46:a3:cb:94:b5:08:29:59:33:17:65:26:51:
         75:19:0e:ca:73:13:cf:84:17:c8:96:1d:48:c9:11:7e:72:46:
         9c:8b:fe:ce:ec:31:e9:a5:9d:4c:0d:ea:9e:dc:96:4d:6e:1b:
         83:9f:44:15:10:86:0e:9b:2e:38:11:04:39:85:d8:7b:4f:a2:
         d4:75:68:87:39:c3:32:b1:49:d1:cd:cf:71:bf:b7:75:17:ff:
         4e:48:34:ad:1e:47:08:ab:7d:5a:f2:28:77:f9:fc:d3:84:29:
         b1:9a:1e:59:f5:aa:83:9c:61:02:f8:dc:cf:5a:cf:52:9c:92:
         09:10:0c:3f:15:fd:46:e5:d1:d4:44:ec:d4:93:c3:35:18:07:
         7b:f6:d8:5b:7d:50:fa:c1:18:8a:76:fa:2f:47:d4:f9:84:83:
         0d:4e:b6:35:98:f2:bd:1f:0c:94:65:ad:10:23:ac:e8:0b:7e:
         a3:dd:4e:57:56:83:ff:b9:ad:bc:58:dd:0d:1b:72:94:e3:1f:
         2d:f9:73:a3:61:50:5f:86:de:d3:99:1c:36:bd:47:9f:c4:58:
         cb:83:d2:aa:a2:7d:8f:c9:89:86:9e:24:0c:22:6d:49:bb:1b:
         61:78:05:46
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUbO1Ud3hc01IXs/SwTkpg0mOe0GowDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MjQ0MFoX
DTI3MDMwMzA2Mjk0MFowMzExMC8GA1UEAxMoOTdFRDU4MDA0RkQ0MkZEQ0MyQzRG
MTJBMjVFNDQ0MzMzMDRDRTIyODCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALuXvG9grAGFBkkR411dA3VhLeTiljlxsVWNeQYfsTkyyUBULs0dG53PqIVs
6vTkA3uXUoGg4moYbELbwElQBDUNaOSzuzJw1SP48V4eUD42/g/nTaKgtopiQBIJ
DF+JfOQl8WTWYIUYo3SqvDoIV8LNy80BtoxDg4JZE/DLij93vojUdyJpvTp8lacE
jX5RtMxJdxC6C+3df/pahvthHKmIE3aDVM0ZWrzjd+Pb212gopSTkNqzTBeW2fpe
nurJ1PMHS/9oMW2cyWBjcjQZC4yDPiQgaTvZwWFGjQNAHMvMoepbWzA0bBaLFC0c
l4GsO5iymiMzNZIg5KifzN/FkNMCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBSX7VgA
T9Qv3MLE8Sol5EQzMEziKDAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTkzMi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
rNIwDQYJKoZIhvcNAQELBQADggEBADC8zUgFhPAqrCKV5WGc81VtmLW5xbeLRqPL
lLUIKVkzF2UmUXUZDspzE8+EF8iWHUjJEX5yRpyL/s7sMemlnUwN6p7clk1uG4Of
RBUQhg6bLjgRBDmF2HtPotR1aIc5wzKxSdHNz3G/t3UX/05INK0eRwirfVryKHf5
/NOEKbGaHln1qoOcYQL43M9az1KckgkQDD8V/Ubl0dRE7NSTwzUYB3v22Ft9UPrB
GIp2+i9H1PmEgw1OtjWY8r0fDJRlrRAjrOgLfqPdTldWg/+5rbxY3Q0bcpTjHy35
c6NhUF+G3tOZHDa9R5/EWMuD0qqifY/JiYaeJAwibUm7G2F4BUY=
-----END CERTIFICATE-----