Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145093.roa
File:                     AS145093.roa (raw, json)
Hash identifier:          0hJlmAdOE6bTMMFlv9yISKymi4wNosyshlvMRmyF+t8=
Subject key identifier:   29:03:84:55:85:34:60:24:DA:34:C2:88:86:AC:16:79:22:19:1B:74
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       2DC43CE62CE7C1C7B8B9D7387687B330C3B60015
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145093.roa
Signing time:             Wed 04 Mar 2026 06:22:11 +0000
ROA not before:           Wed 04 Mar 2026 06:17:11 +0000
ROA not after:            Wed 03 Mar 2027 06:22:11 +0000
asID:                     145093
IP address blocks:        240a:a98b::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2d:c4:3c:e6:2c:e7:c1:c7:b8:b9:d7:38:76:87:b3:30:c3:b6:00:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:17:11 2026 GMT
            Not After : Mar  3 06:22:11 2027 GMT
        Subject: CN=2903845585346024DA34C28886AC167922191B74
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:07:a8:eb:e2:a1:96:44:b7:43:e9:96:6a:98:
                    0f:ad:7a:dd:22:d1:fb:33:8a:0b:89:b5:05:c3:7c:
                    41:e4:d5:70:b5:7a:fe:58:7a:f6:2d:cd:77:62:1a:
                    42:67:ff:a6:4d:2e:af:4a:1a:3a:dc:3b:a2:43:b1:
                    15:68:15:02:8f:d8:f8:0e:5d:d9:09:4e:90:19:99:
                    5b:b3:45:f7:78:42:07:54:47:82:c7:06:02:a4:39:
                    c5:bf:3f:8a:35:6d:98:17:49:b5:9b:04:e4:3f:be:
                    54:f3:5b:17:48:23:c7:fc:08:27:b4:41:77:dd:07:
                    56:33:01:e5:de:00:49:c7:82:14:b4:2d:8f:c9:15:
                    f8:a9:7f:d1:95:b1:61:0f:d4:82:56:d0:c4:e8:ac:
                    11:a2:e1:ed:b8:d9:64:fe:88:23:41:99:0a:2a:b3:
                    1c:b6:d9:35:ad:8a:5f:58:82:37:8e:7d:00:59:f8:
                    45:3c:bd:61:90:82:c9:aa:5a:7e:38:7e:10:2d:92:
                    30:d4:58:b9:6d:96:cd:dd:36:94:eb:8f:36:a8:d0:
                    87:51:04:d5:8f:8a:45:36:cc:4f:e3:89:da:85:57:
                    e3:d8:28:2d:32:41:65:db:63:28:85:41:44:d2:d7:
                    6a:32:22:d2:3f:29:90:07:f6:25:e3:60:50:0e:12:
                    c1:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:03:84:55:85:34:60:24:DA:34:C2:88:86:AC:16:79:22:19:1B:74
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145093.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a98b::/32

    Signature Algorithm: sha256WithRSAEncryption
         16:d9:ed:27:15:e0:67:08:21:11:6c:05:7b:0d:02:3d:70:2e:
         af:6f:37:45:79:c0:e8:27:3b:09:68:34:f6:9e:13:94:56:09:
         61:5f:55:52:5b:73:d7:0b:a3:c3:db:20:14:61:8f:62:f7:9f:
         09:d4:0b:b6:28:de:b4:be:cc:54:e9:cc:d5:e8:e7:c1:b7:a1:
         65:c0:41:75:eb:8d:f7:4b:80:27:50:10:6f:1f:3a:b9:28:00:
         ed:b2:af:65:26:9f:7e:7b:b4:c9:cb:39:f6:15:1e:70:37:bf:
         90:0c:b3:65:d1:df:23:88:e6:5a:77:60:63:df:72:0c:58:fd:
         9e:1a:0f:db:43:3a:fa:36:99:a1:e5:b0:0f:3d:46:1a:48:55:
         6f:4f:6b:fd:53:5a:6c:0d:d5:c6:0a:47:4f:88:db:f5:cc:47:
         e6:25:93:88:02:0d:30:67:b7:ec:03:92:f1:26:55:01:5a:cc:
         08:c5:89:fa:d7:d2:25:27:5b:36:89:e1:ca:1b:be:3b:34:59:
         4c:a5:48:49:3e:b4:b8:38:9c:7a:a2:64:c5:57:92:31:d6:74:
         a1:b3:e2:76:5e:c9:43:2b:9d:1c:cd:7d:41:24:dc:3a:50:09:
         b7:f2:52:e1:c2:31:4b:af:65:aa:68:40:66:90:09:e5:ea:53:
         a0:f7:72:98
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIULcQ85iznwce4udc4doezMMO2ABUwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTcxMVoX
DTI3MDMwMzA2MjIxMVowMzExMC8GA1UEAxMoMjkwMzg0NTU4NTM0NjAyNERBMzRD
Mjg4ODZBQzE2NzkyMjE5MUI3NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMcHqOvioZZEt0PplmqYD6163SLR+zOKC4m1BcN8QeTVcLV6/lh69i3Nd2Ia
Qmf/pk0ur0oaOtw7okOxFWgVAo/Y+A5d2QlOkBmZW7NF93hCB1RHgscGAqQ5xb8/
ijVtmBdJtZsE5D++VPNbF0gjx/wIJ7RBd90HVjMB5d4ASceCFLQtj8kV+Kl/0ZWx
YQ/UglbQxOisEaLh7bjZZP6II0GZCiqzHLbZNa2KX1iCN459AFn4RTy9YZCCyapa
fjh+EC2SMNRYuW2Wzd02lOuPNqjQh1EE1Y+KRTbMT+OJ2oVX49goLTJBZdtjKIVB
RNLXajIi0j8pkAf2JeNgUA4SwXkCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQpA4RV
hTRgJNo0woiGrBZ5IhkbdDAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTA5My5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
qYswDQYJKoZIhvcNAQELBQADggEBABbZ7ScV4GcIIRFsBXsNAj1wLq9vN0V5wOgn
OwloNPaeE5RWCWFfVVJbc9cLo8PbIBRhj2L3nwnUC7Yo3rS+zFTpzNXo58G3oWXA
QXXrjfdLgCdQEG8fOrkoAO2yr2Umn357tMnLOfYVHnA3v5AMs2XR3yOI5lp3YGPf
cgxY/Z4aD9tDOvo2maHlsA89RhpIVW9Pa/1TWmwN1cYKR0+I2/XMR+Ylk4gCDTBn
t+wDkvEmVQFazAjFifrX0iUnWzaJ4cobvjs0WUylSEk+tLg4nHqiZMVXkjHWdKGz
4nZeyUMrnRzNfUEk3DpQCbfyUuHCMUuvZapoQGaQCeXqU6D3cpg=
-----END CERTIFICATE-----