Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145189.roa
File:                     AS145189.roa (raw, json)
Hash identifier:          ++xAlkCi1exvy5CtSI+wFutSbGVjYkXECZ1CH83MbD0=
Subject key identifier:   98:4B:C4:AA:90:BF:DA:CD:26:14:BF:E5:4A:1F:FD:2F:E8:D3:38:8D
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       0FBEFEA93011AFA342404482F24CB68068768269
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145189.roa
Signing time:             Wed 04 Mar 2026 06:20:25 +0000
ROA not before:           Wed 04 Mar 2026 06:15:25 +0000
ROA not after:            Wed 03 Mar 2027 06:20:25 +0000
asID:                     145189
IP address blocks:        240a:a9eb::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:be:fe:a9:30:11:af:a3:42:40:44:82:f2:4c:b6:80:68:76:82:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:15:25 2026 GMT
            Not After : Mar  3 06:20:25 2027 GMT
        Subject: CN=984BC4AA90BFDACD2614BFE54A1FFD2FE8D3388D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:b0:54:66:82:c4:a0:e5:9f:a0:5b:6b:d8:fe:
                    60:16:db:49:d8:63:ff:95:17:c1:b4:a5:b1:12:4e:
                    bb:44:87:49:d7:9b:18:84:1c:bb:b7:d3:01:05:86:
                    d5:c5:1e:6c:c4:9f:d7:63:5a:21:7c:8c:03:64:0a:
                    26:58:09:96:52:8b:29:3c:30:a1:6c:e8:16:36:ae:
                    c9:40:1c:29:9b:44:a9:0a:b1:1a:27:af:0a:be:7f:
                    8d:6b:98:8c:84:52:c4:d1:1d:c0:00:3e:94:38:15:
                    e2:bc:26:ba:8f:d3:a9:d5:fb:bc:55:85:f2:9d:b5:
                    2d:f4:ea:e5:e9:af:2c:5f:c3:72:02:79:aa:5a:1c:
                    44:1d:a4:19:d5:e1:9b:1e:ab:b1:76:56:be:60:85:
                    98:d1:22:8a:77:46:69:59:de:33:58:5a:d1:94:10:
                    9c:71:44:58:ae:07:3f:41:a5:9b:e3:de:5c:c8:ef:
                    e6:87:2b:55:17:15:d7:68:a6:ff:1b:13:a9:1f:84:
                    82:37:60:af:8e:e8:71:f4:b6:67:59:29:e7:fe:a9:
                    48:1a:f2:e6:e8:e9:72:50:14:d8:a0:f1:f9:d3:58:
                    0e:4d:d3:26:60:47:fe:63:a3:ba:7f:46:43:75:93:
                    8d:85:b2:77:16:98:a1:8f:68:b3:ca:7d:94:91:36:
                    ce:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:4B:C4:AA:90:BF:DA:CD:26:14:BF:E5:4A:1F:FD:2F:E8:D3:38:8D
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145189.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a9eb::/32

    Signature Algorithm: sha256WithRSAEncryption
         cf:37:54:15:f1:2a:2a:67:18:68:4d:af:1d:d1:62:9b:c8:75:
         5b:18:6b:08:ca:5e:a3:98:37:95:54:c9:b5:25:dc:a4:12:f0:
         15:a9:8a:69:f5:c4:45:8e:b3:20:04:47:8d:7d:32:ce:28:03:
         a9:8b:75:74:3e:f4:00:e3:7f:ed:91:2a:65:09:3f:6f:8e:26:
         86:fc:3f:5c:ed:ce:a3:19:0c:f9:5a:53:af:9e:47:62:bb:9b:
         2b:80:2e:34:6d:43:58:15:58:83:2e:9a:ad:30:c1:7c:90:99:
         f8:3e:8a:c4:28:7a:69:5b:c4:60:cd:64:24:ad:87:ab:88:ea:
         ed:63:7f:a1:7d:8c:47:15:d9:82:7d:6d:64:f9:a3:a1:b0:54:
         be:86:5d:57:d1:7c:eb:5a:f2:cc:75:f4:33:16:dd:51:a8:c9:
         25:48:c9:28:5b:44:c5:6b:3e:f9:af:fd:24:87:7e:ad:0b:9b:
         11:c0:bb:0b:80:47:f3:da:77:ec:85:e2:93:a0:d3:5c:98:a5:
         88:92:01:05:56:85:97:f8:a6:c7:dd:cb:cd:f1:a1:e3:da:cf:
         f9:d9:e0:dc:24:6d:48:80:4c:45:af:d6:3d:33:0a:93:0e:aa:
         d5:1f:f4:b1:41:b6:c2:1b:93:18:51:e0:00:da:2a:10:41:37:
         37:7f:70:89
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUD77+qTARr6NCQESC8ky2gGh2gmkwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTUyNVoX
DTI3MDMwMzA2MjAyNVowMzExMC8GA1UEAxMoOTg0QkM0QUE5MEJGREFDRDI2MTRC
RkU1NEExRkZEMkZFOEQzMzg4RDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKywVGaCxKDln6Bba9j+YBbbSdhj/5UXwbSlsRJOu0SHSdebGIQcu7fTAQWG
1cUebMSf12NaIXyMA2QKJlgJllKLKTwwoWzoFjauyUAcKZtEqQqxGievCr5/jWuY
jIRSxNEdwAA+lDgV4rwmuo/TqdX7vFWF8p21LfTq5emvLF/DcgJ5qlocRB2kGdXh
mx6rsXZWvmCFmNEiindGaVneM1ha0ZQQnHFEWK4HP0Glm+PeXMjv5ocrVRcV12im
/xsTqR+Egjdgr47ocfS2Z1kp5/6pSBry5ujpclAU2KDx+dNYDk3TJmBH/mOjun9G
Q3WTjYWydxaYoY9os8p9lJE2zu0CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBSYS8Sq
kL/azSYUv+VKH/0v6NM4jTAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTE4OS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
qeswDQYJKoZIhvcNAQELBQADggEBAM83VBXxKipnGGhNrx3RYpvIdVsYawjKXqOY
N5VUybUl3KQS8BWpimn1xEWOsyAER419Ms4oA6mLdXQ+9ADjf+2RKmUJP2+OJob8
P1ztzqMZDPlaU6+eR2K7myuALjRtQ1gVWIMumq0wwXyQmfg+isQoemlbxGDNZCSt
h6uI6u1jf6F9jEcV2YJ9bWT5o6GwVL6GXVfRfOta8sx19DMW3VGoySVIyShbRMVr
Pvmv/SSHfq0LmxHAuwuAR/Pad+yF4pOg01yYpYiSAQVWhZf4psfdy83xoePaz/nZ
4NwkbUiATEWv1j0zCpMOqtUf9LFBtsIbkxhR4ADaKhBBNzd/cIk=
-----END CERTIFICATE-----