Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145149.roa
File:                     AS145149.roa (raw, json)
Hash identifier:          gq0YUATihlE40xlx/da2rFkHasZdMvDWrn56AN21Tzc=
Subject key identifier:   4A:E8:A3:8D:3A:C2:07:A6:68:7F:0D:44:3E:26:7C:21:6B:0A:58:B4
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       509005E29834B4D34CFF56E52A6396E03DFCDF33
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145149.roa
Signing time:             Wed 04 Mar 2026 06:22:02 +0000
ROA not before:           Wed 04 Mar 2026 06:17:02 +0000
ROA not after:            Wed 03 Mar 2027 06:22:02 +0000
asID:                     145149
IP address blocks:        240a:a9c3::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            50:90:05:e2:98:34:b4:d3:4c:ff:56:e5:2a:63:96:e0:3d:fc:df:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:17:02 2026 GMT
            Not After : Mar  3 06:22:02 2027 GMT
        Subject: CN=4AE8A38D3AC207A6687F0D443E267C216B0A58B4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:b0:af:bd:8e:26:66:64:09:0b:fa:2e:6a:66:
                    d9:a0:cf:6e:ff:e1:b7:16:cb:94:3b:7d:1e:50:06:
                    fc:f7:78:ba:f6:af:9e:52:d7:33:3d:1b:aa:a7:91:
                    0d:8e:aa:3f:83:0e:5d:0b:da:63:09:21:50:51:d6:
                    dd:70:dc:a1:a7:f8:d3:a2:dd:8c:8b:c8:84:23:8e:
                    c8:1f:9a:80:0e:3e:44:e5:6c:41:9c:a6:33:32:1d:
                    33:75:b0:b2:7a:8b:c3:2e:a3:72:63:cd:a9:f7:7d:
                    e3:0f:22:51:4f:03:c3:1c:a2:91:b5:ee:40:48:45:
                    0d:9d:7d:dd:a2:f2:df:22:19:94:af:43:59:6c:1b:
                    2b:bd:31:9c:34:82:56:0d:a9:b6:35:cf:58:e7:34:
                    bb:bd:3d:61:48:bc:22:e2:be:0b:52:b7:78:ef:fc:
                    a4:5c:dd:95:c9:4d:d1:d8:fd:96:60:db:02:8d:e0:
                    1e:47:6f:05:50:35:01:a2:14:3c:1f:a5:cd:05:04:
                    d4:be:fc:4d:3f:71:ee:cb:e3:82:72:c8:0e:98:cd:
                    35:cb:25:3b:94:3a:8d:63:15:0c:d2:48:d7:4c:03:
                    60:b0:b1:bf:ec:45:cb:f0:ea:1b:5b:d9:f1:7e:dd:
                    73:cf:44:52:4e:75:f5:2a:f0:3e:f1:db:17:ba:6c:
                    33:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:E8:A3:8D:3A:C2:07:A6:68:7F:0D:44:3E:26:7C:21:6B:0A:58:B4
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145149.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a9c3::/32

    Signature Algorithm: sha256WithRSAEncryption
         b7:8e:4e:2c:99:34:1b:f4:fd:aa:0d:4e:d4:e8:16:3e:c3:07:
         0f:6c:7d:8e:3b:ea:73:86:1e:b9:a6:0c:1c:64:b8:d8:27:56:
         50:5d:18:1a:93:db:c1:b2:94:ae:25:73:9f:c8:bb:d1:ae:55:
         4b:f4:a2:d8:e3:84:25:fe:a2:58:a6:e9:8a:8c:86:eb:cb:7a:
         83:b3:0d:e9:ee:07:bc:7c:85:86:25:29:bd:0d:aa:10:39:29:
         61:35:81:eb:a7:40:7f:7a:f1:27:0c:09:fc:93:4b:5b:a6:c0:
         b0:72:e1:b3:4e:2d:99:6a:63:f9:0e:04:6f:fb:6d:3b:5c:e5:
         a3:d2:e7:b3:11:2a:1a:f8:81:a6:41:5d:20:ed:6b:23:d6:93:
         5c:1e:7d:69:04:0d:8d:49:91:00:5c:6a:73:7d:85:54:83:97:
         f5:33:26:43:2b:83:bb:41:1d:55:a3:b2:4b:98:d2:f2:c6:c4:
         b7:7d:69:66:1e:e2:18:45:3a:a4:5a:d5:f2:05:0e:dd:5d:b7:
         99:82:1e:5e:fd:d5:86:b2:b7:bf:98:4f:57:0c:82:e0:2c:fa:
         3e:00:fe:57:5a:29:42:cd:98:72:90:e9:46:cd:c5:50:77:cb:
         72:8c:74:12:27:ba:86:fe:74:e6:3b:a6:49:c7:9a:05:7c:d8:
         25:cc:35:65
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUUJAF4pg0tNNM/1blKmOW4D383zMwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTcwMloX
DTI3MDMwMzA2MjIwMlowMzExMC8GA1UEAxMoNEFFOEEzOEQzQUMyMDdBNjY4N0Yw
RDQ0M0UyNjdDMjE2QjBBNThCNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALywr72OJmZkCQv6Lmpm2aDPbv/htxbLlDt9HlAG/Pd4uvavnlLXMz0bqqeR
DY6qP4MOXQvaYwkhUFHW3XDcoaf406LdjIvIhCOOyB+agA4+ROVsQZymMzIdM3Ww
snqLwy6jcmPNqfd94w8iUU8DwxyikbXuQEhFDZ193aLy3yIZlK9DWWwbK70xnDSC
Vg2ptjXPWOc0u709YUi8IuK+C1K3eO/8pFzdlclN0dj9lmDbAo3gHkdvBVA1AaIU
PB+lzQUE1L78TT9x7svjgnLIDpjNNcslO5Q6jWMVDNJI10wDYLCxv+xFy/DqG1vZ
8X7dc89EUk519SrwPvHbF7psMwUCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBRK6KON
OsIHpmh/DUQ+JnwhawpYtDAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTE0OS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
qcMwDQYJKoZIhvcNAQELBQADggEBALeOTiyZNBv0/aoNTtToFj7DBw9sfY476nOG
HrmmDBxkuNgnVlBdGBqT28GylK4lc5/Iu9GuVUv0otjjhCX+olim6YqMhuvLeoOz
DenuB7x8hYYlKb0NqhA5KWE1geunQH968ScMCfyTS1umwLBy4bNOLZlqY/kOBG/7
bTtc5aPS57MRKhr4gaZBXSDtayPWk1wefWkEDY1JkQBcanN9hVSDl/UzJkMrg7tB
HVWjskuY0vLGxLd9aWYe4hhFOqRa1fIFDt1dt5mCHl791Yayt7+YT1cMguAs+j4A
/ldaKULNmHKQ6UbNxVB3y3KMdBInuob+dOY7pknHmgV82CXMNWU=
-----END CERTIFICATE-----