Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145053.roa
File:                     AS145053.roa (raw, json)
Hash identifier:          fGwSdMn0mhW4dQdkF3bj/u6D/5ebgQllEHP+KMoluxY=
Subject key identifier:   5D:19:32:14:E1:D2:0E:5C:7F:73:D0:0B:69:99:39:44:67:FE:FD:65
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       3C473DD7D447C4D8D4B48CF4A4BA2547EC95358A
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145053.roa
Signing time:             Wed 04 Mar 2026 06:21:23 +0000
ROA not before:           Wed 04 Mar 2026 06:16:23 +0000
ROA not after:            Wed 03 Mar 2027 06:21:23 +0000
asID:                     145053
IP address blocks:        240a:a963::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:47:3d:d7:d4:47:c4:d8:d4:b4:8c:f4:a4:ba:25:47:ec:95:35:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:16:23 2026 GMT
            Not After : Mar  3 06:21:23 2027 GMT
        Subject: CN=5D193214E1D20E5C7F73D00B6999394467FEFD65
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:5b:65:00:5f:8f:30:78:57:bf:5e:80:98:6f:
                    c8:79:fa:1f:f0:33:8e:57:ec:7d:cd:59:1c:2d:e9:
                    1e:98:23:42:b8:88:8f:4f:0d:77:85:ea:04:1d:95:
                    ad:c3:74:61:e9:0f:ef:9d:8b:7e:90:06:1b:df:7a:
                    49:1f:cf:75:d3:a2:01:f2:72:bf:a6:ce:cf:bc:0b:
                    5e:a4:82:e8:20:5f:af:30:e8:19:23:f8:b9:71:84:
                    c5:5c:c5:34:c5:a3:5b:c7:8a:3d:fa:d5:f5:e2:53:
                    d7:7a:d9:ae:46:ad:98:e3:e4:e0:64:10:cd:3f:e7:
                    33:8e:96:6d:19:4b:5f:21:56:a4:e1:db:3e:a6:99:
                    ee:3c:bd:50:8d:8c:18:6f:80:a0:29:7a:74:f7:6c:
                    83:f9:62:44:29:55:7e:1c:d1:e2:c4:75:ae:cd:cc:
                    ca:4c:a7:3a:59:c5:2e:b8:70:78:e9:ce:91:a7:7b:
                    cf:db:76:e8:cd:e0:e2:30:2c:ab:c1:10:46:69:2b:
                    ac:4d:74:f5:5d:ac:9e:96:7a:ae:4f:1d:25:8f:74:
                    e1:8c:5f:2f:cf:39:ae:f6:c4:82:06:6b:b2:58:10:
                    51:03:bc:94:f9:4b:f3:4b:d8:fd:30:a4:75:95:0e:
                    12:6b:a4:7e:da:61:c6:7a:95:fa:78:b0:20:34:f0:
                    35:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:19:32:14:E1:D2:0E:5C:7F:73:D0:0B:69:99:39:44:67:FE:FD:65
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145053.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a963::/32

    Signature Algorithm: sha256WithRSAEncryption
         d5:de:a9:0f:28:a0:ac:3a:99:93:11:37:ec:f0:67:22:35:91:
         31:ce:2a:be:c5:3d:ed:08:2e:94:98:21:94:a3:21:b1:ed:e3:
         71:b5:97:6b:39:3e:54:50:a6:53:59:49:d2:92:2e:46:78:23:
         03:f2:64:11:c5:8d:28:8c:ec:bb:5c:ff:2f:23:41:c2:3a:64:
         bc:e1:66:9e:63:85:90:e5:f5:08:5d:c3:80:03:92:18:51:23:
         c5:33:bc:a7:c1:12:b1:68:82:73:ad:c6:5f:f5:b8:07:c1:a3:
         e5:fb:ce:5b:e5:78:6f:b4:d4:48:49:9c:42:af:a0:0f:01:d2:
         28:a8:2a:af:00:3f:75:38:9d:77:4c:e8:8d:cf:b0:0a:d6:09:
         02:c2:f2:77:df:93:f4:65:c5:25:f1:6f:32:58:45:0a:83:e4:
         52:54:d5:d5:3c:6f:df:72:27:64:67:d6:99:4a:c8:97:e8:72:
         cf:b9:3c:98:6a:7c:a3:da:0e:46:77:d1:ed:29:1b:ed:95:7a:
         51:be:bd:50:6c:19:1d:e9:1f:84:27:9d:19:7c:04:26:59:55:
         7e:b7:8d:12:4d:94:1b:c7:7e:67:81:e6:61:32:c9:da:a2:ed:
         47:aa:d5:e5:55:f6:08:ac:15:61:40:88:42:f1:bc:cc:21:c2:
         78:2b:4f:ff
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUPEc919RHxNjUtIz0pLolR+yVNYowDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTYyM1oX
DTI3MDMwMzA2MjEyM1owMzExMC8GA1UEAxMoNUQxOTMyMTRFMUQyMEU1QzdGNzNE
MDBCNjk5OTM5NDQ2N0ZFRkQ2NTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALFbZQBfjzB4V79egJhvyHn6H/Azjlfsfc1ZHC3pHpgjQriIj08Nd4XqBB2V
rcN0YekP752LfpAGG996SR/PddOiAfJyv6bOz7wLXqSC6CBfrzDoGSP4uXGExVzF
NMWjW8eKPfrV9eJT13rZrkatmOPk4GQQzT/nM46WbRlLXyFWpOHbPqaZ7jy9UI2M
GG+AoCl6dPdsg/liRClVfhzR4sR1rs3MykynOlnFLrhweOnOkad7z9t26M3g4jAs
q8EQRmkrrE109V2snpZ6rk8dJY904YxfL885rvbEggZrslgQUQO8lPlL80vY/TCk
dZUOEmukftphxnqV+niwIDTwNW8CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBRdGTIU
4dIOXH9z0AtpmTlEZ/79ZTAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTA1My5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
qWMwDQYJKoZIhvcNAQELBQADggEBANXeqQ8ooKw6mZMRN+zwZyI1kTHOKr7FPe0I
LpSYIZSjIbHt43G1l2s5PlRQplNZSdKSLkZ4IwPyZBHFjSiM7Ltc/y8jQcI6ZLzh
Zp5jhZDl9Qhdw4ADkhhRI8UzvKfBErFognOtxl/1uAfBo+X7zlvleG+01EhJnEKv
oA8B0iioKq8AP3U4nXdM6I3PsArWCQLC8nffk/RlxSXxbzJYRQqD5FJU1dU8b99y
J2Rn1plKyJfocs+5PJhqfKPaDkZ30e0pG+2VelG+vVBsGR3pH4QnnRl8BCZZVX63
jRJNlBvHfmeB5mEyydqi7Ueq1eVV9gisFWFAiELxvMwhwngrT/8=
-----END CERTIFICATE-----