Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145090.roa
File:                     AS145090.roa (raw, json)
Hash identifier:          ZX0DpcArbQkw7yqSbxRBIpBRZIMVQq9jAcyfgePDY+Q=
Subject key identifier:   0E:B7:83:B1:A0:10:5B:ED:57:82:21:6B:A0:69:47:5F:61:D9:E2:F2
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       15D65205851FAA7ADA1D4F5714D7A1A181CE1A3F
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145090.roa
Signing time:             Wed 04 Mar 2026 06:22:18 +0000
ROA not before:           Wed 04 Mar 2026 06:17:18 +0000
ROA not after:            Wed 03 Mar 2027 06:22:18 +0000
asID:                     145090
IP address blocks:        240a:a988::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            15:d6:52:05:85:1f:aa:7a:da:1d:4f:57:14:d7:a1:a1:81:ce:1a:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:17:18 2026 GMT
            Not After : Mar  3 06:22:18 2027 GMT
        Subject: CN=0EB783B1A0105BED5782216BA069475F61D9E2F2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:1f:d5:97:2a:fc:0c:07:05:eb:f8:b2:63:10:
                    2e:ea:1e:74:7a:c5:ae:d3:b4:76:b4:37:45:20:f3:
                    30:06:6a:7c:c1:2c:09:de:0e:32:c6:50:73:cd:03:
                    0b:56:9e:70:c1:61:cc:c7:5d:d9:07:a1:66:3c:af:
                    f8:73:47:ed:96:a8:43:51:00:4d:35:f9:d2:ab:b9:
                    72:e2:07:0d:7a:4a:d3:d1:98:db:ee:77:e8:7b:7f:
                    17:b4:ad:53:17:6a:58:f9:51:3c:c7:0f:d6:a3:e7:
                    00:79:10:50:de:f6:99:63:7f:d7:75:2a:fb:e3:9e:
                    5e:17:c1:f0:25:aa:d8:1b:9e:18:a2:98:26:d0:1a:
                    99:48:b8:c4:7a:63:3b:ab:02:cd:47:52:fd:d7:a0:
                    8c:c1:53:56:0e:2d:5d:72:cb:de:61:d4:01:1c:7d:
                    91:db:13:44:2e:25:4c:f8:17:48:56:33:b3:68:eb:
                    52:92:91:c5:01:da:dc:dd:b9:87:1d:61:29:d8:d9:
                    aa:a8:53:c7:81:47:dd:c3:8b:db:b9:71:da:a1:89:
                    85:56:a6:93:41:22:b1:15:ad:7a:73:67:94:20:88:
                    78:df:06:35:02:fc:7f:9d:f6:c2:0a:20:37:2a:d8:
                    a0:e0:e5:59:19:02:11:6d:95:50:ef:81:d0:d9:1a:
                    34:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:B7:83:B1:A0:10:5B:ED:57:82:21:6B:A0:69:47:5F:61:D9:E2:F2
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145090.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a988::/32

    Signature Algorithm: sha256WithRSAEncryption
         1c:0c:89:ec:62:5b:49:e0:37:46:ac:e8:e4:e2:8d:46:01:a0:
         65:68:97:04:6d:ed:0a:ce:98:b0:73:7c:69:af:8d:82:7c:b9:
         4b:5b:93:b8:52:c4:39:01:19:4d:71:3d:97:70:6e:b7:10:7c:
         dd:0d:79:51:0c:ed:03:85:6a:72:9a:2b:43:e7:9a:fe:0f:44:
         24:1d:cf:f8:67:38:4c:bb:2e:08:38:88:4c:ee:42:e4:2f:6b:
         42:d4:88:3b:f6:ec:4e:10:32:85:e6:27:f4:c1:4c:8a:bf:83:
         22:4a:fb:1d:cb:a9:0c:49:10:48:9a:2f:34:d4:72:f7:40:aa:
         6d:32:56:99:f6:20:dc:b0:04:e6:2a:76:78:f6:fc:93:60:7c:
         37:88:6b:cb:fd:6e:f6:4b:b5:10:b4:49:d2:0e:f8:74:62:9d:
         3d:47:66:3e:a8:58:6f:55:4a:c5:49:d9:d5:07:de:ef:6a:57:
         71:ff:8e:db:ff:27:f6:68:f3:96:c0:ba:57:3e:1b:ce:24:2f:
         1e:c5:ec:27:26:dc:69:a2:23:be:17:fa:bd:d5:9c:18:7c:f5:
         77:21:24:cb:c2:a5:69:02:73:46:a5:57:be:4d:0f:7b:92:25:
         f1:7f:c4:34:e0:2b:e8:1b:8d:5c:53:80:f8:aa:69:9f:ab:ab:
         08:61:62:f4
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUFdZSBYUfqnraHU9XFNehoYHOGj8wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTcxOFoX
DTI3MDMwMzA2MjIxOFowMzExMC8GA1UEAxMoMEVCNzgzQjFBMDEwNUJFRDU3ODIy
MTZCQTA2OTQ3NUY2MUQ5RTJGMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMQf1Zcq/AwHBev4smMQLuoedHrFrtO0drQ3RSDzMAZqfMEsCd4OMsZQc80D
C1aecMFhzMdd2QehZjyv+HNH7ZaoQ1EATTX50qu5cuIHDXpK09GY2+536Ht/F7St
UxdqWPlRPMcP1qPnAHkQUN72mWN/13Uq++OeXhfB8CWq2BueGKKYJtAamUi4xHpj
O6sCzUdS/degjMFTVg4tXXLL3mHUARx9kdsTRC4lTPgXSFYzs2jrUpKRxQHa3N25
hx1hKdjZqqhTx4FH3cOL27lx2qGJhVamk0EisRWtenNnlCCIeN8GNQL8f532wgog
NyrYoODlWRkCEW2VUO+B0NkaNLkCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQOt4Ox
oBBb7VeCIWugaUdfYdni8jAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTA5MC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
qYgwDQYJKoZIhvcNAQELBQADggEBABwMiexiW0ngN0as6OTijUYBoGVolwRt7QrO
mLBzfGmvjYJ8uUtbk7hSxDkBGU1xPZdwbrcQfN0NeVEM7QOFanKaK0Pnmv4PRCQd
z/hnOEy7Lgg4iEzuQuQva0LUiDv27E4QMoXmJ/TBTIq/gyJK+x3LqQxJEEiaLzTU
cvdAqm0yVpn2INywBOYqdnj2/JNgfDeIa8v9bvZLtRC0SdIO+HRinT1HZj6oWG9V
SsVJ2dUH3u9qV3H/jtv/J/Zo85bAulc+G84kLx7F7Ccm3GmiI74X+r3VnBh89Xch
JMvCpWkCc0alV75ND3uSJfF/xDTgK+gbjVxTgPiqaZ+rqwhhYvQ=
-----END CERTIFICATE-----