Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145977.roa
File:                     AS145977.roa (raw, json)
Hash identifier:          75G54GwOqCxrK83Pf1Y8dzK3jdCSpYneltHeAsPDAOU=
Subject key identifier:   FF:C0:F4:36:21:CB:C7:F2:30:05:0D:91:BC:56:07:43:47:D8:08:C3
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       20F3C11247A6C101A79710783CB9091ED13908C4
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145977.roa
Signing time:             Wed 04 Mar 2026 06:29:36 +0000
ROA not before:           Wed 04 Mar 2026 06:24:36 +0000
ROA not after:            Wed 03 Mar 2027 06:29:36 +0000
asID:                     145977
IP address blocks:        240a:acff::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:f3:c1:12:47:a6:c1:01:a7:97:10:78:3c:b9:09:1e:d1:39:08:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:24:36 2026 GMT
            Not After : Mar  3 06:29:36 2027 GMT
        Subject: CN=FFC0F43621CBC7F230050D91BC56074347D808C3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:4a:25:11:16:04:96:cd:d1:24:89:6b:2a:ce:
                    19:60:96:ad:86:46:fe:75:3a:dd:7d:68:87:75:0c:
                    c9:6a:fa:5b:28:45:92:7a:a1:8f:a2:ab:e2:b2:41:
                    b1:6b:e4:a9:62:52:58:fd:d1:07:c2:03:1f:5c:ff:
                    05:35:21:57:1c:26:69:24:da:cd:58:ba:17:08:46:
                    be:b7:ca:60:e4:8e:54:46:14:10:db:49:d7:fa:5d:
                    ff:7c:14:da:ca:d5:79:32:cd:e5:f8:90:95:f8:fc:
                    05:c2:0e:15:90:fc:2c:ba:a9:d1:13:73:fd:77:ac:
                    11:ae:ad:70:ac:e6:d6:8d:98:18:c0:1b:99:0b:30:
                    11:41:b4:e2:dd:0d:aa:ef:b0:f6:de:f3:89:ba:fa:
                    f0:43:47:56:f7:7a:86:ef:b8:47:e4:8e:f2:a7:ac:
                    5d:84:3f:97:97:0e:25:f5:d7:82:8f:6f:e6:8f:2e:
                    d3:3a:4c:cb:f5:a1:01:5b:93:37:d4:cb:48:cc:d1:
                    e7:9a:ea:4e:2c:a3:0a:c3:63:4d:cb:d9:16:f3:77:
                    10:26:9f:99:f2:57:63:d6:30:2e:55:a6:83:3f:26:
                    f4:dc:96:ef:7e:68:30:e6:fa:45:7e:4b:7c:b4:e3:
                    3f:87:63:2d:f6:42:87:20:40:5f:ae:a1:23:5a:0d:
                    2f:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:C0:F4:36:21:CB:C7:F2:30:05:0D:91:BC:56:07:43:47:D8:08:C3
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145977.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:acff::/32

    Signature Algorithm: sha256WithRSAEncryption
         aa:f2:2f:28:9c:ca:2e:d6:89:4b:03:fc:cf:fd:80:d9:12:29:
         3e:62:29:b1:d4:f0:d1:10:e5:83:91:66:a7:13:8d:ba:ad:93:
         be:e4:3c:e8:44:9e:ae:2b:5d:ec:4b:e4:f9:6b:6e:43:df:ed:
         13:46:9c:2f:4e:23:03:7c:f5:3d:12:7c:1c:77:a5:53:99:a1:
         80:3f:f2:c4:81:74:ec:81:64:fd:79:13:94:0b:a7:02:39:ff:
         e6:f8:09:ca:1b:6b:30:99:33:2f:56:f1:fe:76:da:da:ab:be:
         7d:f9:be:05:50:61:b7:7d:18:f2:19:0d:d7:60:df:0c:7a:4c:
         d8:65:f8:d7:c9:01:aa:f8:10:b7:cb:7c:8f:71:e0:c6:67:0a:
         e5:11:4a:73:37:e6:ab:d2:21:fd:49:0f:16:25:3e:56:60:bf:
         c6:90:14:68:52:26:ee:34:44:42:2b:7b:ad:fa:9e:ca:32:8f:
         40:f7:c5:02:fb:fd:06:70:53:e8:95:fc:4e:55:df:37:cc:ee:
         96:d3:97:d2:a7:2a:1e:b6:ac:00:62:20:e8:b2:59:71:58:ec:
         5f:90:33:62:9b:35:45:c1:2c:09:d5:85:55:be:87:e5:3a:a8:
         92:77:a4:5f:4f:da:0b:00:70:bc:28:13:9a:5f:12:b8:2a:b2:
         d9:dc:67:db
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUIPPBEkemwQGnlxB4PLkJHtE5CMQwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MjQzNloX
DTI3MDMwMzA2MjkzNlowMzExMC8GA1UEAxMoRkZDMEY0MzYyMUNCQzdGMjMwMDUw
RDkxQkM1NjA3NDM0N0Q4MDhDMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALhKJREWBJbN0SSJayrOGWCWrYZG/nU63X1oh3UMyWr6WyhFknqhj6Kr4rJB
sWvkqWJSWP3RB8IDH1z/BTUhVxwmaSTazVi6FwhGvrfKYOSOVEYUENtJ1/pd/3wU
2srVeTLN5fiQlfj8BcIOFZD8LLqp0RNz/XesEa6tcKzm1o2YGMAbmQswEUG04t0N
qu+w9t7zibr68ENHVvd6hu+4R+SO8qesXYQ/l5cOJfXXgo9v5o8u0zpMy/WhAVuT
N9TLSMzR55rqTiyjCsNjTcvZFvN3ECafmfJXY9YwLlWmgz8m9NyW735oMOb6RX5L
fLTjP4djLfZChyBAX66hI1oNL48CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBT/wPQ2
IcvH8jAFDZG8VgdDR9gIwzAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTk3Ny5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
rP8wDQYJKoZIhvcNAQELBQADggEBAKryLyicyi7WiUsD/M/9gNkSKT5iKbHU8NEQ
5YORZqcTjbqtk77kPOhEnq4rXexL5PlrbkPf7RNGnC9OIwN89T0SfBx3pVOZoYA/
8sSBdOyBZP15E5QLpwI5/+b4CcobazCZMy9W8f522tqrvn35vgVQYbd9GPIZDddg
3wx6TNhl+NfJAar4ELfLfI9x4MZnCuURSnM35qvSIf1JDxYlPlZgv8aQFGhSJu40
REIre636nsoyj0D3xQL7/QZwU+iV/E5V3zfM7pbTl9KnKh62rABiIOiyWXFY7F+Q
M2KbNUXBLAnVhVW+h+U6qJJ3pF9P2gsAcLwoE5pfErgqstncZ9s=
-----END CERTIFICATE-----