Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145890.roa
File:                     AS145890.roa (raw, json)
Hash identifier:          /hzpxW9ENVTsopCmAfmMxoNHZxuj/dVsV/2mxrfk444=
Subject key identifier:   E9:F1:E9:3C:4E:EF:1B:CC:DC:90:0A:A6:03:5C:88:91:96:D7:A0:95
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       663AA67FECE3D59C0C2DA52337B8467D9E1B0D94
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145890.roa
Signing time:             Wed 04 Mar 2026 06:31:05 +0000
ROA not before:           Wed 04 Mar 2026 06:26:05 +0000
ROA not after:            Wed 03 Mar 2027 06:31:05 +0000
asID:                     145890
IP address blocks:        240a:aca8::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            66:3a:a6:7f:ec:e3:d5:9c:0c:2d:a5:23:37:b8:46:7d:9e:1b:0d:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:26:05 2026 GMT
            Not After : Mar  3 06:31:05 2027 GMT
        Subject: CN=E9F1E93C4EEF1BCCDC900AA6035C889196D7A095
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:40:3a:6e:c7:ce:dc:df:89:5e:4e:c5:19:53:
                    32:8f:e4:20:d5:2a:d5:d3:aa:1a:80:c2:b9:b8:5b:
                    7c:71:45:d6:58:26:55:89:6f:75:18:ad:82:76:93:
                    68:c2:e0:03:9f:27:3b:23:10:ba:68:5b:ea:db:61:
                    97:1a:af:e1:58:98:b6:61:bf:e5:e5:3d:eb:e8:e4:
                    f9:68:f7:db:4a:d7:89:eb:b1:3e:04:36:d4:d9:40:
                    4e:a1:f3:11:36:fe:d9:58:e4:af:f6:cd:44:41:69:
                    c5:86:6e:c7:7a:5d:cd:f7:99:6d:ff:c3:1c:33:74:
                    6d:48:c4:a7:71:b4:04:44:1c:24:a9:59:8a:af:83:
                    54:1a:54:e2:2c:75:c0:c0:f0:8e:8e:80:f9:1f:48:
                    24:40:4b:e9:ae:3a:ca:e2:64:7a:d5:ae:a2:a2:1b:
                    50:29:56:56:10:5d:ba:77:4f:04:02:5b:d3:76:97:
                    4d:a9:d1:9c:38:4b:d9:b3:cb:82:5d:8b:86:cd:be:
                    24:3b:dd:7a:d3:0e:cc:59:82:6b:88:c7:d5:7b:a7:
                    79:5b:0d:4d:bb:b3:66:1a:eb:be:72:aa:d4:b4:62:
                    d6:48:70:7b:fe:0c:14:d1:ba:02:68:68:96:01:2b:
                    27:06:66:94:a9:68:1d:20:cc:40:b7:6f:cc:7a:34:
                    8a:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:F1:E9:3C:4E:EF:1B:CC:DC:90:0A:A6:03:5C:88:91:96:D7:A0:95
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145890.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:aca8::/32

    Signature Algorithm: sha256WithRSAEncryption
         25:84:14:09:d1:8e:3a:f4:3e:30:19:d6:88:b1:b1:e7:08:62:
         a5:eb:33:2c:53:20:33:c7:84:71:58:2f:7f:75:d4:f1:6e:0e:
         ed:10:ad:b1:90:83:1c:fe:52:29:7f:ec:df:dc:da:e3:9d:a8:
         af:53:a2:93:44:b4:82:01:f0:72:b3:d8:0f:cb:7c:e2:5a:32:
         12:00:fd:ff:7d:d9:32:4e:ee:98:b2:00:3c:b5:b4:23:1c:fb:
         46:7b:f4:3e:30:a1:ac:85:0e:59:b0:ed:30:eb:e7:eb:4a:f9:
         eb:af:8b:3f:ca:8d:32:a2:cc:d2:ab:4f:c8:78:30:ed:78:65:
         f9:11:e3:76:87:94:f2:7d:08:92:e0:40:aa:7c:06:0f:b7:40:
         50:50:e5:82:73:e9:06:6d:5a:76:cf:ea:73:98:9e:6c:42:03:
         f0:5e:c6:cb:60:f9:77:55:67:5e:bd:bb:42:2f:bc:d1:79:93:
         3a:82:57:d2:41:5a:8a:aa:96:ca:58:78:b5:4a:c6:8d:25:ca:
         a6:d2:41:67:61:8a:73:9d:28:fb:52:fc:a6:53:66:bb:37:5b:
         63:28:e2:7c:07:f1:44:e8:5b:10:5b:5e:7a:6b:e7:ba:3e:59:
         2e:0a:dd:a9:b0:8e:d5:84:87:55:61:47:28:1b:ac:be:b6:00:
         58:5f:b8:e6
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUZjqmf+zj1ZwMLaUjN7hGfZ4bDZQwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MjYwNVoX
DTI3MDMwMzA2MzEwNVowMzExMC8GA1UEAxMoRTlGMUU5M0M0RUVGMUJDQ0RDOTAw
QUE2MDM1Qzg4OTE5NkQ3QTA5NTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJ1AOm7HztzfiV5OxRlTMo/kINUq1dOqGoDCubhbfHFF1lgmVYlvdRitgnaT
aMLgA58nOyMQumhb6tthlxqv4ViYtmG/5eU96+jk+Wj320rXieuxPgQ21NlATqHz
ETb+2Vjkr/bNREFpxYZux3pdzfeZbf/DHDN0bUjEp3G0BEQcJKlZiq+DVBpU4ix1
wMDwjo6A+R9IJEBL6a46yuJketWuoqIbUClWVhBdundPBAJb03aXTanRnDhL2bPL
gl2Lhs2+JDvdetMOzFmCa4jH1XuneVsNTbuzZhrrvnKq1LRi1khwe/4MFNG6Amho
lgErJwZmlKloHSDMQLdvzHo0it8CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBTp8ek8
Tu8bzNyQCqYDXIiRlteglTAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTg5MC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
rKgwDQYJKoZIhvcNAQELBQADggEBACWEFAnRjjr0PjAZ1oixsecIYqXrMyxTIDPH
hHFYL3911PFuDu0QrbGQgxz+Uil/7N/c2uOdqK9TopNEtIIB8HKz2A/LfOJaMhIA
/f992TJO7piyADy1tCMc+0Z79D4woayFDlmw7TDr5+tK+euviz/KjTKizNKrT8h4
MO14ZfkR43aHlPJ9CJLgQKp8Bg+3QFBQ5YJz6QZtWnbP6nOYnmxCA/Bexstg+XdV
Z169u0IvvNF5kzqCV9JBWoqqlspYeLVKxo0lyqbSQWdhinOdKPtS/KZTZrs3W2Mo
4nwH8UToWxBbXnpr57o+WS4K3amwjtWEh1VhRygbrL62AFhfuOY=
-----END CERTIFICATE-----