Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145075.roa
File:                     AS145075.roa (raw, json)
Hash identifier:          F7mdTlZm/WAmHQwMrbv5fgQ/er29Mz6I7/2fNAjZyJU=
Subject key identifier:   7E:FE:6D:F0:A0:FE:81:2B:2F:71:16:26:62:B2:11:5A:65:2B:F0:4C
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       054FDA73F7B8ADA964A30BD558F1DD4FFAE89137
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145075.roa
Signing time:             Wed 04 Mar 2026 06:19:40 +0000
ROA not before:           Wed 04 Mar 2026 06:14:40 +0000
ROA not after:            Wed 03 Mar 2027 06:19:40 +0000
asID:                     145075
IP address blocks:        240a:a979::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            05:4f:da:73:f7:b8:ad:a9:64:a3:0b:d5:58:f1:dd:4f:fa:e8:91:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:14:40 2026 GMT
            Not After : Mar  3 06:19:40 2027 GMT
        Subject: CN=7EFE6DF0A0FE812B2F71162662B2115A652BF04C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:6f:ab:67:7e:46:18:49:7e:75:8f:4b:dc:f9:
                    aa:74:9e:d7:61:6f:32:a2:53:63:53:92:c5:82:dc:
                    62:a5:5d:1f:ef:5e:de:5e:30:70:b5:6a:8b:d4:a4:
                    01:b7:d0:36:ae:ce:44:de:80:2c:28:d7:74:15:20:
                    1e:b0:d0:28:39:47:3f:be:08:65:89:a4:c1:b4:45:
                    56:b4:db:74:0a:3c:af:3d:e2:a4:5a:25:54:eb:ea:
                    38:e6:f9:47:c8:a7:9c:48:73:17:12:9b:01:d7:a2:
                    7d:42:29:de:de:05:0e:33:1d:e2:f9:fd:c3:d1:b7:
                    39:e0:7a:29:27:dc:77:c3:b2:36:be:c0:c1:b4:6d:
                    07:da:a6:63:e8:5f:4c:8e:43:85:48:75:26:53:9f:
                    a9:58:6f:10:b2:a3:47:a9:54:73:43:0d:a6:57:b7:
                    32:21:13:53:fb:5f:bd:ac:34:74:09:bd:34:f9:fc:
                    31:5a:0a:92:a3:76:99:66:67:7d:b7:35:ad:18:50:
                    54:c0:9f:99:06:5a:8e:d0:1e:7e:0d:73:76:57:e9:
                    54:c6:ff:61:3a:7c:e2:65:30:b1:60:72:56:fa:ef:
                    dc:bc:b2:5c:0e:cd:6d:50:07:d9:77:31:ff:c5:cd:
                    21:d7:cd:89:41:44:bc:3e:15:34:d9:51:fd:47:4b:
                    da:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:FE:6D:F0:A0:FE:81:2B:2F:71:16:26:62:B2:11:5A:65:2B:F0:4C
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145075.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a979::/32

    Signature Algorithm: sha256WithRSAEncryption
         85:5f:69:52:bd:b1:c1:d9:38:01:20:d6:0f:ad:6f:78:81:87:
         c4:38:51:75:18:b2:13:92:3e:ff:cf:cd:a6:f6:cf:4c:bc:22:
         a0:f4:d2:c4:94:3f:b5:b2:57:1a:c3:1e:e1:bc:e6:09:c2:c3:
         6b:28:18:cb:b4:8b:d1:a1:b9:de:99:71:7b:3d:d3:d2:49:09:
         a7:71:81:3e:a6:b0:f6:ea:86:e3:02:76:29:fc:ef:93:a3:a8:
         cc:9e:98:3a:05:e8:9f:49:3e:04:25:90:ba:ec:76:8c:4a:47:
         60:27:48:e6:9c:59:02:f8:32:26:98:05:71:e5:bc:d2:27:91:
         4b:07:e9:59:d7:0b:98:53:5a:ec:3a:14:76:83:3b:be:08:e8:
         ec:fe:1b:bd:81:c5:63:0e:76:7e:67:1e:0b:de:04:84:d3:8f:
         9c:9d:87:ef:87:b2:08:7e:65:ee:bc:ab:d2:33:1e:1b:b2:7f:
         fc:ff:2f:5d:63:b0:b7:a7:38:84:e1:c1:b0:0f:1b:3b:44:b7:
         5a:e0:8f:37:71:54:c5:07:b9:d8:50:e0:3e:46:17:a4:32:86:
         59:34:5d:c1:f5:c2:be:8c:2a:de:ec:c0:4c:8b:bb:14:f8:04:
         70:7b:26:7a:f7:a4:ef:73:0c:ab:aa:c1:50:cd:d7:09:77:cd:
         45:e1:5c:4d
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUBU/ac/e4ralkowvVWPHdT/rokTcwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTQ0MFoX
DTI3MDMwMzA2MTk0MFowMzExMC8GA1UEAxMoN0VGRTZERjBBMEZFODEyQjJGNzEx
NjI2NjJCMjExNUE2NTJCRjA0QzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJ5vq2d+RhhJfnWPS9z5qnSe12FvMqJTY1OSxYLcYqVdH+9e3l4wcLVqi9Sk
AbfQNq7ORN6ALCjXdBUgHrDQKDlHP74IZYmkwbRFVrTbdAo8rz3ipFolVOvqOOb5
R8innEhzFxKbAdeifUIp3t4FDjMd4vn9w9G3OeB6KSfcd8OyNr7AwbRtB9qmY+hf
TI5DhUh1JlOfqVhvELKjR6lUc0MNple3MiETU/tfvaw0dAm9NPn8MVoKkqN2mWZn
fbc1rRhQVMCfmQZajtAefg1zdlfpVMb/YTp84mUwsWByVvrv3LyyXA7NbVAH2Xcx
/8XNIdfNiUFEvD4VNNlR/UdL2kUCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBR+/m3w
oP6BKy9xFiZishFaZSvwTDAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTA3NS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
qXkwDQYJKoZIhvcNAQELBQADggEBAIVfaVK9scHZOAEg1g+tb3iBh8Q4UXUYshOS
Pv/Pzab2z0y8IqD00sSUP7WyVxrDHuG85gnCw2soGMu0i9Ghud6ZcXs909JJCadx
gT6msPbqhuMCdin875OjqMyemDoF6J9JPgQlkLrsdoxKR2AnSOacWQL4MiaYBXHl
vNInkUsH6VnXC5hTWuw6FHaDO74I6Oz+G72BxWMOdn5nHgveBITTj5ydh++Hsgh+
Ze68q9IzHhuyf/z/L11jsLenOIThwbAPGztEt1rgjzdxVMUHudhQ4D5GF6Qyhlk0
XcH1wr6MKt7swEyLuxT4BHB7Jnr3pO9zDKuqwVDN1wl3zUXhXE0=
-----END CERTIFICATE-----