Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145089.roa
File:                     AS145089.roa (raw, json)
Hash identifier:          XrL1f4wPVjPrAzg2WL0zM7F7e5jiOd+ocGs6FcvFWZs=
Subject key identifier:   BA:52:3B:90:69:98:FB:00:47:64:36:AD:AE:F1:22:53:61:BF:27:76
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       0E3012BD040FCABFAC69615DA378B5A3F3125A5F
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145089.roa
Signing time:             Wed 04 Mar 2026 06:20:36 +0000
ROA not before:           Wed 04 Mar 2026 06:15:36 +0000
ROA not after:            Wed 03 Mar 2027 06:20:36 +0000
asID:                     145089
IP address blocks:        240a:a987::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0e:30:12:bd:04:0f:ca:bf:ac:69:61:5d:a3:78:b5:a3:f3:12:5a:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:15:36 2026 GMT
            Not After : Mar  3 06:20:36 2027 GMT
        Subject: CN=BA523B906998FB00476436ADAEF1225361BF2776
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:f6:57:44:35:4a:d6:d9:58:87:d4:3d:8a:87:
                    d3:c8:9e:3c:d8:01:7c:0a:19:18:c7:16:12:ea:a5:
                    6b:57:50:ee:ed:f1:7f:62:ed:6f:77:bd:87:86:8a:
                    a6:b8:6d:fe:66:94:45:74:a1:bf:74:00:9f:0a:da:
                    c7:2f:7a:45:7e:ec:7a:73:8d:39:bb:46:f8:36:b3:
                    b9:02:5c:bf:cf:3c:ac:60:fa:6c:8a:79:29:72:51:
                    3f:bc:56:d9:9b:6a:58:d8:2b:d3:0e:76:03:d1:a7:
                    35:fe:7b:67:af:2e:be:5c:3c:76:65:10:9a:5a:31:
                    6c:a4:1f:99:14:9d:24:a5:9b:56:b6:2c:d4:0a:c9:
                    03:f5:68:15:bf:5a:50:a4:9d:4c:5c:0b:bb:c2:c8:
                    b0:d7:f2:12:29:f7:47:f7:08:b1:49:dd:a5:c0:2c:
                    75:8f:7d:fe:9b:c6:cc:28:0d:0c:e1:91:64:52:dc:
                    e8:93:26:82:08:85:db:24:45:2b:eb:ce:7a:f1:a6:
                    37:fb:0e:60:f3:c3:99:d7:c7:2b:51:0b:6e:90:2a:
                    c0:38:c0:4c:51:d9:31:ee:38:26:76:cb:c5:19:29:
                    52:85:82:5d:5d:80:1f:7d:e4:7e:6e:66:30:fa:cc:
                    cd:34:3e:9c:86:1c:fd:50:bf:4d:9d:8f:fe:32:50:
                    9d:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:52:3B:90:69:98:FB:00:47:64:36:AD:AE:F1:22:53:61:BF:27:76
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145089.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a987::/32

    Signature Algorithm: sha256WithRSAEncryption
         bd:27:0f:46:a6:f7:27:32:dd:1c:1b:23:b9:c6:57:22:f2:81:
         d4:6b:3c:0f:b4:d1:39:f4:44:66:02:bf:cb:33:46:b5:04:14:
         5e:11:88:0a:52:c6:f1:5e:31:cd:be:d1:f9:d3:7c:a7:8b:21:
         60:d6:34:38:6f:b3:5b:8c:73:9b:31:2a:c9:82:d0:3a:7b:52:
         02:49:30:b8:1f:07:88:a0:34:32:b8:8d:72:7c:e0:47:7e:3d:
         91:97:ee:3b:94:41:d6:bf:c8:5e:e9:df:61:50:69:4e:cb:61:
         ad:b3:1b:ec:1b:68:4e:a7:78:42:d8:d4:d8:79:54:7b:f4:a5:
         bd:d4:06:cb:2a:93:39:d9:06:ea:64:30:89:4e:44:2d:c9:98:
         cf:95:20:df:7f:5e:c2:06:93:a4:96:3b:56:db:a1:ec:d4:bb:
         fb:1e:32:45:73:7c:5c:7f:a5:c2:76:23:09:d5:aa:58:9a:1c:
         52:d9:00:d4:55:4a:66:13:06:b3:0d:de:08:88:69:b4:ac:3c:
         e7:4e:94:b4:60:57:57:f1:d0:67:df:b3:cd:b6:2e:ac:4d:8b:
         d7:9c:9c:97:5d:2a:cf:d9:e4:ca:f3:41:bc:48:4a:1f:d9:ec:
         c3:9a:b6:d9:ac:2f:7b:b4:bd:a6:d4:ad:ea:5c:b8:7e:fa:67:
         df:98:b7:dd
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUDjASvQQPyr+saWFdo3i1o/MSWl8wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTUzNloX
DTI3MDMwMzA2MjAzNlowMzExMC8GA1UEAxMoQkE1MjNCOTA2OTk4RkIwMDQ3NjQz
NkFEQUVGMTIyNTM2MUJGMjc3NjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAIv2V0Q1StbZWIfUPYqH08iePNgBfAoZGMcWEuqla1dQ7u3xf2Ltb3e9h4aK
prht/maURXShv3QAnwraxy96RX7senONObtG+DazuQJcv888rGD6bIp5KXJRP7xW
2ZtqWNgr0w52A9GnNf57Z68uvlw8dmUQmloxbKQfmRSdJKWbVrYs1ArJA/VoFb9a
UKSdTFwLu8LIsNfyEin3R/cIsUndpcAsdY99/pvGzCgNDOGRZFLc6JMmggiF2yRF
K+vOevGmN/sOYPPDmdfHK1ELbpAqwDjATFHZMe44JnbLxRkpUoWCXV2AH33kfm5m
MPrMzTQ+nIYc/VC/TZ2P/jJQnUUCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBS6UjuQ
aZj7AEdkNq2u8SJTYb8ndjAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTA4OS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
qYcwDQYJKoZIhvcNAQELBQADggEBAL0nD0am9ycy3RwbI7nGVyLygdRrPA+00Tn0
RGYCv8szRrUEFF4RiApSxvFeMc2+0fnTfKeLIWDWNDhvs1uMc5sxKsmC0Dp7UgJJ
MLgfB4igNDK4jXJ84Ed+PZGX7juUQda/yF7p32FQaU7LYa2zG+wbaE6neELY1Nh5
VHv0pb3UBssqkznZBupkMIlORC3JmM+VIN9/XsIGk6SWO1bboezUu/seMkVzfFx/
pcJ2IwnVqliaHFLZANRVSmYTBrMN3giIabSsPOdOlLRgV1fx0Gffs822LqxNi9ec
nJddKs/Z5MrzQbxISh/Z7MOattmsL3u0vabUrepcuH76Z9+Yt90=
-----END CERTIFICATE-----