Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145939.roa
File:                     AS145939.roa (raw, json)
Hash identifier:          BIzOsaPtFdLHS93zsxJhIiNk5eDdP4RQL2F2hmPkN0I=
Subject key identifier:   13:77:68:37:92:14:2A:F5:3E:55:AD:EE:77:59:03:16:C1:4C:EF:AF
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       25BC13BCFEAF4BE0A6E87421AEC487C7151B5D52
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145939.roa
Signing time:             Wed 04 Mar 2026 06:30:43 +0000
ROA not before:           Wed 04 Mar 2026 06:25:43 +0000
ROA not after:            Wed 03 Mar 2027 06:30:43 +0000
asID:                     145939
IP address blocks:        240a:acd9::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:bc:13:bc:fe:af:4b:e0:a6:e8:74:21:ae:c4:87:c7:15:1b:5d:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:25:43 2026 GMT
            Not After : Mar  3 06:30:43 2027 GMT
        Subject: CN=1377683792142AF53E55ADEE77590316C14CEFAF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:62:95:ac:3d:6b:39:0b:df:14:08:1a:6d:05:
                    8c:4a:32:1e:ea:51:8e:4e:3a:5d:e7:a1:61:a0:4f:
                    99:6c:9b:a7:3e:d6:bf:df:b5:82:eb:db:ab:86:64:
                    2f:30:e4:05:2d:1d:3f:8d:6a:3a:e8:9d:8a:16:ef:
                    38:c8:29:26:fa:a3:7a:ab:c0:29:37:6c:43:c7:7e:
                    c1:80:84:80:00:e0:de:a9:8a:6f:6b:ff:d0:2f:82:
                    06:47:e3:e1:9a:cc:a4:41:6b:96:43:28:82:e5:8a:
                    49:b5:8e:4c:45:83:48:6a:8c:c8:32:c8:1c:16:b5:
                    ba:9a:1e:42:6f:03:9d:fc:2d:43:57:28:ae:51:80:
                    9c:1e:b4:9f:e4:a3:2d:ee:75:75:3a:c6:71:fa:30:
                    ce:e2:80:d7:ea:22:2b:87:9a:c4:7e:79:3d:ec:bc:
                    51:7d:61:74:ce:c7:90:2b:6f:3b:47:b0:f4:93:cc:
                    9b:28:af:52:3c:1f:5d:7a:1a:0a:86:6f:01:42:0b:
                    28:40:d2:ce:1d:8f:a5:2f:75:f9:b9:ae:f9:3a:8d:
                    79:b6:25:83:d8:51:0e:fa:27:b4:8c:3a:e1:f6:d8:
                    f2:4e:55:18:a4:e9:8b:a7:29:21:4d:26:03:3f:a9:
                    a9:c4:ef:1c:dc:86:f0:80:2e:9d:35:6a:8c:1b:32:
                    e4:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:77:68:37:92:14:2A:F5:3E:55:AD:EE:77:59:03:16:C1:4C:EF:AF
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145939.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:acd9::/32

    Signature Algorithm: sha256WithRSAEncryption
         78:e7:73:55:15:0e:18:15:b5:ca:ac:b3:6a:60:78:15:21:f6:
         89:9d:f2:a3:46:d2:0c:e1:79:da:58:0e:80:84:15:36:1f:cb:
         2a:ef:72:10:cc:13:cd:04:f1:70:41:35:cd:86:62:0a:b5:cb:
         f4:fa:fe:99:33:19:ba:09:b6:25:b6:97:85:fd:bb:78:d6:78:
         65:29:17:fe:b6:7a:f2:1b:32:03:ae:d2:24:05:46:64:80:ef:
         30:9c:c8:cb:fe:e4:e9:71:d8:a1:15:95:cf:b0:70:ed:78:c4:
         31:e3:11:c7:d4:7a:39:28:a9:31:c0:f8:38:9c:c3:ad:c4:5b:
         84:49:d9:58:dc:cc:82:ff:c5:44:ef:28:f3:bb:66:32:4e:16:
         d6:43:b6:b8:22:65:ed:05:8d:84:7a:e7:75:d1:1c:20:30:f0:
         1b:43:f5:92:2e:0c:7a:df:d9:d1:af:20:5d:ed:ab:c5:b8:a9:
         de:e4:bf:d6:be:bf:98:a7:75:58:00:56:e5:5b:c9:a1:83:23:
         3f:15:fa:6a:79:83:a6:33:8c:19:6f:45:a3:f8:51:1e:d1:b8:
         88:9d:f1:b7:fd:13:46:4c:b8:73:9c:9f:e6:3e:43:4d:9f:1d:
         67:1b:dd:8b:ed:c4:2c:bd:e8:66:65:67:a6:fb:f7:d1:47:6d:
         88:52:cc:3a
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUJbwTvP6vS+Cm6HQhrsSHxxUbXVIwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MjU0M1oX
DTI3MDMwMzA2MzA0M1owMzExMC8GA1UEAxMoMTM3NzY4Mzc5MjE0MkFGNTNFNTVB
REVFNzc1OTAzMTZDMTRDRUZBRjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMpilaw9azkL3xQIGm0FjEoyHupRjk46XeehYaBPmWybpz7Wv9+1guvbq4Zk
LzDkBS0dP41qOuidihbvOMgpJvqjeqvAKTdsQ8d+wYCEgADg3qmKb2v/0C+CBkfj
4ZrMpEFrlkMoguWKSbWOTEWDSGqMyDLIHBa1upoeQm8DnfwtQ1corlGAnB60n+Sj
Le51dTrGcfowzuKA1+oiK4eaxH55Pey8UX1hdM7HkCtvO0ew9JPMmyivUjwfXXoa
CoZvAUILKEDSzh2PpS91+bmu+TqNebYlg9hRDvontIw64fbY8k5VGKTpi6cpIU0m
Az+pqcTvHNyG8IAunTVqjBsy5OkCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQTd2g3
khQq9T5Vre53WQMWwUzvrzAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTkzOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
rNkwDQYJKoZIhvcNAQELBQADggEBAHjnc1UVDhgVtcqss2pgeBUh9omd8qNG0gzh
edpYDoCEFTYfyyrvchDME80E8XBBNc2GYgq1y/T6/pkzGboJtiW2l4X9u3jWeGUp
F/62evIbMgOu0iQFRmSA7zCcyMv+5Olx2KEVlc+wcO14xDHjEcfUejkoqTHA+Dic
w63EW4RJ2VjczIL/xUTvKPO7ZjJOFtZDtrgiZe0FjYR653XRHCAw8BtD9ZIuDHrf
2dGvIF3tq8W4qd7kv9a+v5indVgAVuVbyaGDIz8V+mp5g6YzjBlvRaP4UR7RuIid
8bf9E0ZMuHOcn+Y+Q02fHWcb3YvtxCy96GZlZ6b799FHbYhSzDo=
-----END CERTIFICATE-----