Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145064.roa
File:                     AS145064.roa (raw, json)
Hash identifier:          M0AF/ZLJc3fh1YXErc6fnJ5wT6eZHE/OVZlX10o68qE=
Subject key identifier:   63:B5:E5:D2:B7:3C:52:4A:F1:E7:8C:B1:66:3C:B6:0F:2A:9E:26:44
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       05A3516CA377B382F3C0B3BE8DC6D9381B358CB2
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145064.roa
Signing time:             Wed 04 Mar 2026 06:19:41 +0000
ROA not before:           Wed 04 Mar 2026 06:14:41 +0000
ROA not after:            Wed 03 Mar 2027 06:19:41 +0000
asID:                     145064
IP address blocks:        240a:a96e::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            05:a3:51:6c:a3:77:b3:82:f3:c0:b3:be:8d:c6:d9:38:1b:35:8c:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:14:41 2026 GMT
            Not After : Mar  3 06:19:41 2027 GMT
        Subject: CN=63B5E5D2B73C524AF1E78CB1663CB60F2A9E2644
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:04:e3:86:7f:37:a9:b2:fb:c7:87:55:00:26:
                    91:5b:30:44:3c:94:96:fc:ba:f6:73:b3:6f:7f:bb:
                    27:cb:97:64:b5:b4:72:43:63:03:8a:b0:41:cc:1e:
                    66:b1:98:d6:2c:b1:4b:5e:7d:ff:48:02:40:29:19:
                    0c:69:e5:b3:e9:2f:93:61:90:a7:c6:98:b5:13:e1:
                    bb:02:20:0f:e2:19:05:af:d5:9b:06:a3:9f:97:e8:
                    ed:37:f9:91:1d:f4:5d:61:5c:fa:27:7a:2d:c6:cf:
                    07:43:9f:85:0e:9c:f2:69:12:e8:33:a3:f3:cd:ed:
                    e4:3b:43:d3:40:0b:35:ab:84:97:e7:62:b0:f8:00:
                    0b:3e:dd:b5:2d:86:6a:c7:e6:d5:1c:54:fb:9b:02:
                    7a:43:33:a0:17:5b:15:77:4f:d9:78:ba:d4:1a:d3:
                    bc:07:27:23:6e:52:96:db:9f:33:97:ba:59:69:cb:
                    19:e4:44:f4:61:05:ba:66:72:ff:36:ea:f4:47:7c:
                    d5:62:6e:3c:b7:e6:ec:6b:54:84:9b:43:24:45:6d:
                    e1:6b:58:a6:d5:56:6b:bc:cb:76:c3:3f:a4:1b:97:
                    14:15:45:20:00:01:49:d6:15:f3:77:a0:97:35:e3:
                    20:2b:83:6e:be:d2:9b:cc:36:5a:d7:9b:9c:22:7a:
                    92:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:B5:E5:D2:B7:3C:52:4A:F1:E7:8C:B1:66:3C:B6:0F:2A:9E:26:44
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145064.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a96e::/32

    Signature Algorithm: sha256WithRSAEncryption
         92:77:93:c2:62:93:18:e3:68:ae:14:72:24:e6:4b:c6:f1:22:
         96:28:b0:fd:8b:75:fc:5e:f1:6f:25:57:1c:38:e0:d1:ec:9e:
         a3:ed:be:f9:3f:27:d5:19:7e:1e:bb:4d:dd:25:cc:c1:8d:03:
         cb:71:28:fe:2b:27:9b:c5:f1:c0:fd:d2:8e:a2:0b:60:f8:05:
         36:7c:e5:fd:56:61:ab:8d:f3:25:82:c5:ba:39:ae:98:c7:18:
         2f:0a:85:ac:e0:84:47:5d:3d:1c:41:9d:78:5b:8d:e1:2c:d7:
         a1:bb:82:de:81:1d:5d:e0:bb:88:9a:89:44:74:52:36:c2:77:
         be:ee:90:95:a8:08:68:db:be:40:b5:93:3a:82:aa:2e:e1:74:
         08:6b:1f:72:26:81:54:79:a7:c5:4a:c9:3e:11:9c:30:db:a7:
         f1:5b:9d:be:39:cd:b4:6f:fc:82:5e:a7:5d:9f:b8:35:96:12:
         c0:b0:03:70:f9:f7:29:83:71:d7:3f:bd:ae:73:a0:ab:d0:fc:
         39:c9:c9:c3:15:e4:68:88:63:13:73:cf:f6:77:1e:29:c2:7d:
         74:81:79:dc:38:99:bd:1c:ac:16:0d:0d:61:81:08:48:f5:d1:
         ea:5f:0a:8c:3f:93:8d:3c:76:23:6e:6a:43:1f:2f:f2:bb:38:
         ca:15:f5:5f
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUBaNRbKN3s4LzwLO+jcbZOBs1jLIwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTQ0MVoX
DTI3MDMwMzA2MTk0MVowMzExMC8GA1UEAxMoNjNCNUU1RDJCNzNDNTI0QUYxRTc4
Q0IxNjYzQ0I2MEYyQTlFMjY0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJ4E44Z/N6my+8eHVQAmkVswRDyUlvy69nOzb3+7J8uXZLW0ckNjA4qwQcwe
ZrGY1iyxS159/0gCQCkZDGnls+kvk2GQp8aYtRPhuwIgD+IZBa/Vmwajn5fo7Tf5
kR30XWFc+id6LcbPB0OfhQ6c8mkS6DOj883t5DtD00ALNauEl+disPgACz7dtS2G
asfm1RxU+5sCekMzoBdbFXdP2Xi61BrTvAcnI25SltufM5e6WWnLGeRE9GEFumZy
/zbq9Ed81WJuPLfm7GtUhJtDJEVt4WtYptVWa7zLdsM/pBuXFBVFIAABSdYV83eg
lzXjICuDbr7Sm8w2WtebnCJ6kjMCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBRjteXS
tzxSSvHnjLFmPLYPKp4mRDAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTA2NC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
qW4wDQYJKoZIhvcNAQELBQADggEBAJJ3k8JikxjjaK4UciTmS8bxIpYosP2Ldfxe
8W8lVxw44NHsnqPtvvk/J9UZfh67Td0lzMGNA8txKP4rJ5vF8cD90o6iC2D4BTZ8
5f1WYauN8yWCxbo5rpjHGC8KhazghEddPRxBnXhbjeEs16G7gt6BHV3gu4iaiUR0
UjbCd77ukJWoCGjbvkC1kzqCqi7hdAhrH3ImgVR5p8VKyT4RnDDbp/Fbnb45zbRv
/IJep12fuDWWEsCwA3D59ymDcdc/va5zoKvQ/DnJycMV5GiIYxNzz/Z3HinCfXSB
edw4mb0crBYNDWGBCEj10epfCow/k408diNuakMfL/K7OMoV9V8=
-----END CERTIFICATE-----