Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145889.roa
File:                     AS145889.roa (raw, json)
Hash identifier:          egSFgyp+ox+hkPhISFIA5YL2+JU7uFib4YSHwZHqq2Q=
Subject key identifier:   46:8E:B0:5B:CC:59:DF:97:DC:04:63:1C:F7:29:CA:5E:01:16:2C:D3
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       535513CF24CCC4519D58A172CABF6DE3F66A6A5B
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145889.roa
Signing time:             Wed 04 Mar 2026 06:29:49 +0000
ROA not before:           Wed 04 Mar 2026 06:24:49 +0000
ROA not after:            Wed 03 Mar 2027 06:29:49 +0000
asID:                     145889
IP address blocks:        240a:aca7::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:55:13:cf:24:cc:c4:51:9d:58:a1:72:ca:bf:6d:e3:f6:6a:6a:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:24:49 2026 GMT
            Not After : Mar  3 06:29:49 2027 GMT
        Subject: CN=468EB05BCC59DF97DC04631CF729CA5E01162CD3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:28:17:c8:e8:45:a7:00:1d:05:b5:62:05:a6:
                    7f:fe:e9:44:a8:93:57:b1:c0:47:42:d1:53:5c:ba:
                    84:fb:26:6e:04:5c:ec:4f:cd:c8:d9:6d:8b:13:df:
                    c8:d8:f0:f9:31:df:19:55:54:ed:8b:32:c2:ef:9e:
                    62:ff:65:d6:5a:2e:e3:2f:ea:57:66:66:6f:f2:ee:
                    0a:e2:e3:f0:fa:b8:da:f8:78:66:75:13:7c:21:6b:
                    29:45:7b:24:81:f2:f4:a8:b5:e6:61:c8:8c:d6:8d:
                    18:1d:ad:04:f5:33:33:91:40:5b:a4:ec:92:79:27:
                    9a:bc:ca:04:73:9f:c0:4f:2a:8c:63:0a:6a:53:ea:
                    ce:2c:c1:4f:c5:c2:a0:be:45:ba:2a:22:fd:48:26:
                    8d:05:5a:52:57:06:7f:6c:32:1a:12:b2:eb:4c:e8:
                    88:9c:41:ca:cc:ec:f2:fe:39:03:81:ce:01:bb:f3:
                    8f:c5:2c:56:99:3d:36:95:eb:98:c7:e5:37:43:9a:
                    39:73:e2:c9:d1:b0:cb:d2:7f:dc:c7:86:32:8d:86:
                    c8:1e:80:b7:75:4e:f5:c3:82:95:51:77:01:e1:1d:
                    c5:78:bb:9f:df:07:10:7a:12:03:12:4b:68:3e:ef:
                    e8:42:af:8e:f0:6c:8d:12:2d:1d:be:1a:74:5d:73:
                    d9:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:8E:B0:5B:CC:59:DF:97:DC:04:63:1C:F7:29:CA:5E:01:16:2C:D3
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145889.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:aca7::/32

    Signature Algorithm: sha256WithRSAEncryption
         c8:65:dd:87:17:a0:ff:99:fa:a0:cb:0c:94:22:97:9b:db:ed:
         22:b9:9d:98:a4:32:08:07:ce:eb:2e:1f:42:2f:2c:06:c0:8b:
         d3:bf:c9:78:cd:6b:5e:50:43:d1:a2:77:45:e3:e3:a9:23:88:
         25:e7:a7:a3:3a:c8:ad:de:31:70:fe:bb:35:15:17:f1:de:55:
         0f:ba:39:d2:10:5f:d6:22:50:4a:ef:42:5d:a3:8e:ad:c2:48:
         c4:26:b6:12:1e:30:09:3f:4b:58:fd:ea:fd:b4:ca:3f:b3:2b:
         02:d0:f1:82:a2:88:ef:eb:89:5d:bd:05:17:ba:39:3a:58:c8:
         55:d1:b2:e7:d1:1d:fa:b2:d1:22:c0:15:5a:b1:40:fe:56:12:
         0a:ab:92:87:30:2b:43:60:c1:c8:94:7f:93:7c:77:cb:3a:af:
         35:2b:35:d2:fa:b3:29:21:4a:96:8b:bd:ff:12:65:4e:61:41:
         88:42:64:ba:bd:97:5f:8f:83:26:33:58:4d:5a:40:8f:94:f0:
         d4:58:86:f0:f9:12:be:4b:a0:1a:28:ea:18:2c:df:86:9a:5e:
         77:4e:aa:c0:9a:97:5b:b2:5a:09:e8:50:0a:05:1a:43:c9:d6:
         cd:b9:4c:d4:51:b7:92:07:31:51:d9:eb:21:c1:8a:5d:f9:2c:
         03:70:23:75
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUU1UTzyTMxFGdWKFyyr9t4/ZqalswDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MjQ0OVoX
DTI3MDMwMzA2Mjk0OVowMzExMC8GA1UEAxMoNDY4RUIwNUJDQzU5REY5N0RDMDQ2
MzFDRjcyOUNBNUUwMTE2MkNEMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMMoF8joRacAHQW1YgWmf/7pRKiTV7HAR0LRU1y6hPsmbgRc7E/NyNltixPf
yNjw+THfGVVU7Ysywu+eYv9l1lou4y/qV2Zmb/LuCuLj8Pq42vh4ZnUTfCFrKUV7
JIHy9Ki15mHIjNaNGB2tBPUzM5FAW6TsknknmrzKBHOfwE8qjGMKalPqzizBT8XC
oL5Fuioi/UgmjQVaUlcGf2wyGhKy60zoiJxByszs8v45A4HOAbvzj8UsVpk9NpXr
mMflN0OaOXPiydGwy9J/3MeGMo2GyB6At3VO9cOClVF3AeEdxXi7n98HEHoSAxJL
aD7v6EKvjvBsjRItHb4adF1z2TUCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBRGjrBb
zFnfl9wEYxz3KcpeARYs0zAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTg4OS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
rKcwDQYJKoZIhvcNAQELBQADggEBAMhl3YcXoP+Z+qDLDJQil5vb7SK5nZikMggH
zusuH0IvLAbAi9O/yXjNa15QQ9Gid0Xj46kjiCXnp6M6yK3eMXD+uzUVF/HeVQ+6
OdIQX9YiUErvQl2jjq3CSMQmthIeMAk/S1j96v20yj+zKwLQ8YKiiO/riV29BRe6
OTpYyFXRsufRHfqy0SLAFVqxQP5WEgqrkocwK0NgwciUf5N8d8s6rzUrNdL6sykh
SpaLvf8SZU5hQYhCZLq9l1+PgyYzWE1aQI+U8NRYhvD5Er5LoBoo6hgs34aaXndO
qsCal1uyWgnoUAoFGkPJ1s25TNRRt5IHMVHZ6yHBil35LANwI3U=
-----END CERTIFICATE-----