Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145975.roa
File:                     AS145975.roa (raw, json)
Hash identifier:          xyKUpXd9wirbnE5eBTxVWtaO0RxIEONJOvBtpKQIskY=
Subject key identifier:   E4:E1:07:6F:07:32:DC:41:24:F1:3E:26:2D:2A:80:94:0A:53:18:FC
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       66D4EDA12666172840F33D85A5BF1EEBE75C86C6
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145975.roa
Signing time:             Wed 04 Mar 2026 06:30:36 +0000
ROA not before:           Wed 04 Mar 2026 06:25:36 +0000
ROA not after:            Wed 03 Mar 2027 06:30:36 +0000
asID:                     145975
IP address blocks:        240a:acfd::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            66:d4:ed:a1:26:66:17:28:40:f3:3d:85:a5:bf:1e:eb:e7:5c:86:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:25:36 2026 GMT
            Not After : Mar  3 06:30:36 2027 GMT
        Subject: CN=E4E1076F0732DC4124F13E262D2A80940A5318FC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:66:39:ee:07:05:a6:9f:f3:41:98:35:4a:bc:
                    67:4c:4c:30:3d:1c:1b:13:08:4a:bc:29:b1:74:98:
                    ed:78:df:83:58:67:ea:9b:2b:92:a0:24:fb:37:6d:
                    f7:41:f7:96:69:10:ab:c0:c1:4d:55:57:b2:35:98:
                    50:c7:31:c7:f3:4f:08:99:a7:10:9a:b3:d3:e3:69:
                    2e:45:cc:d6:16:04:fa:c6:47:22:9e:8b:20:4e:c4:
                    a8:3b:cd:be:ef:b2:56:38:62:bb:4b:1d:c7:cb:f2:
                    2d:6f:b7:c4:63:4a:d6:5e:71:c8:9b:14:e3:60:33:
                    5d:f1:c6:8c:89:52:f1:ec:c1:20:a9:7d:b3:08:95:
                    c8:f7:01:b8:9a:1f:89:c2:b5:e7:76:a5:a3:98:4b:
                    a2:eb:25:bb:2e:75:52:cf:7b:8d:21:e8:49:e2:82:
                    6f:da:65:14:ba:86:37:b9:c3:b3:e3:f0:54:30:1c:
                    68:92:c3:8c:25:cf:99:26:0f:1c:b5:7e:a5:68:1f:
                    90:90:63:db:75:95:fb:e1:1d:02:86:14:cd:a9:6d:
                    9e:97:45:34:7d:a9:55:88:de:79:55:a3:6b:40:22:
                    52:a9:a1:13:c7:f6:cc:63:c8:ec:a5:8e:1b:2b:90:
                    df:fd:b0:1b:22:4e:cb:9d:1a:f7:3e:40:8b:bb:51:
                    d5:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:E1:07:6F:07:32:DC:41:24:F1:3E:26:2D:2A:80:94:0A:53:18:FC
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145975.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:acfd::/32

    Signature Algorithm: sha256WithRSAEncryption
         a9:05:a4:d1:98:89:87:1f:56:36:07:eb:2c:fe:27:bc:3d:b4:
         e2:f4:4c:58:2f:12:e3:39:57:fd:ad:4a:cc:80:fa:25:b4:3a:
         b4:43:e6:81:cc:50:b5:25:77:7f:1e:57:6d:36:ba:22:b1:87:
         2d:a1:de:07:a4:6d:51:f2:8b:c7:ce:7f:cf:f3:e1:a8:61:fd:
         1e:b1:b5:89:0a:36:9b:1c:5d:2d:b1:d9:b2:b8:ef:4d:be:6f:
         84:ef:8e:de:43:ea:59:b5:96:23:65:79:a0:bd:ec:69:56:0d:
         d5:75:87:10:fb:8f:9e:82:d9:db:56:05:bb:46:69:e1:59:bd:
         7b:f3:1a:10:0d:f8:0a:c0:7b:13:0e:0b:d8:75:9a:c4:f4:b4:
         d0:69:db:07:27:14:19:f6:33:ef:58:7e:cc:2d:ab:77:ec:0e:
         e8:0c:13:47:c1:ac:07:ea:e1:42:fb:2d:c8:bb:90:2d:5f:0d:
         f6:a9:e8:48:8b:13:6f:aa:dc:85:28:81:f6:e8:e6:4a:07:a2:
         0b:20:07:57:dd:f6:2f:ce:11:cb:2c:21:bd:c3:44:38:0d:a2:
         bf:0f:ba:5a:6b:b3:32:00:0c:67:e7:16:fd:1c:09:d4:d8:cd:
         a0:02:7e:b5:ef:4c:fd:23:ae:77:fb:b2:51:8c:10:ca:60:6e:
         58:ac:1a:a3
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUZtTtoSZmFyhA8z2Fpb8e6+dchsYwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MjUzNloX
DTI3MDMwMzA2MzAzNlowMzExMC8GA1UEAxMoRTRFMTA3NkYwNzMyREM0MTI0RjEz
RTI2MkQyQTgwOTQwQTUzMThGQzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANdmOe4HBaaf80GYNUq8Z0xMMD0cGxMISrwpsXSY7Xjfg1hn6psrkqAk+zdt
90H3lmkQq8DBTVVXsjWYUMcxx/NPCJmnEJqz0+NpLkXM1hYE+sZHIp6LIE7EqDvN
vu+yVjhiu0sdx8vyLW+3xGNK1l5xyJsU42AzXfHGjIlS8ezBIKl9swiVyPcBuJof
icK153alo5hLousluy51Us97jSHoSeKCb9plFLqGN7nDs+PwVDAcaJLDjCXPmSYP
HLV+pWgfkJBj23WV++EdAoYUzaltnpdFNH2pVYjeeVWja0AiUqmhE8f2zGPI7KWO
GyuQ3/2wGyJOy50a9z5Ai7tR1S0CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBTk4Qdv
BzLcQSTxPiYtKoCUClMY/DAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTk3NS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
rP0wDQYJKoZIhvcNAQELBQADggEBAKkFpNGYiYcfVjYH6yz+J7w9tOL0TFgvEuM5
V/2tSsyA+iW0OrRD5oHMULUld38eV202uiKxhy2h3gekbVHyi8fOf8/z4ahh/R6x
tYkKNpscXS2x2bK4702+b4Tvjt5D6lm1liNleaC97GlWDdV1hxD7j56C2dtWBbtG
aeFZvXvzGhAN+ArAexMOC9h1msT0tNBp2wcnFBn2M+9Yfswtq3fsDugME0fBrAfq
4UL7Lci7kC1fDfap6EiLE2+q3IUogfbo5koHogsgB1fd9i/OEcssIb3DRDgNor8P
ulprszIADGfnFv0cCdTYzaACfrXvTP0jrnf7slGMEMpgblisGqM=
-----END CERTIFICATE-----