Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145169.roa
File:                     AS145169.roa (raw, json)
Hash identifier:          WRhHaXmMoV1CJrwsc5lut4/bNm/gKyZLG0+vLXUGhwI=
Subject key identifier:   A9:23:FA:E7:8B:B0:C0:FD:7B:38:93:FF:09:ED:6E:7C:A2:28:57:3F
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       06D38B04F38E6C87D3F5B3D1188F338C540DB1B6
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145169.roa
Signing time:             Wed 04 Mar 2026 06:21:10 +0000
ROA not before:           Wed 04 Mar 2026 06:16:10 +0000
ROA not after:            Wed 03 Mar 2027 06:21:10 +0000
asID:                     145169
IP address blocks:        240a:a9d7::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            06:d3:8b:04:f3:8e:6c:87:d3:f5:b3:d1:18:8f:33:8c:54:0d:b1:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:16:10 2026 GMT
            Not After : Mar  3 06:21:10 2027 GMT
        Subject: CN=A923FAE78BB0C0FD7B3893FF09ED6E7CA228573F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:6b:5b:87:cb:dd:27:5e:ba:7a:8d:1f:27:28:
                    65:dd:b0:7d:81:bb:b7:2c:9f:d4:a1:76:7d:ac:05:
                    58:dd:8a:62:90:e4:65:2b:10:02:5f:a3:ad:a1:e6:
                    71:39:64:56:4b:8b:b9:75:c3:ba:98:b1:45:e0:e1:
                    74:4d:93:7a:b8:bc:6b:b5:85:78:28:6e:87:1c:98:
                    c2:4f:3e:3d:49:1e:dd:94:25:17:1f:1f:96:3b:a2:
                    1f:d4:92:4f:90:6e:b4:0d:5c:24:24:7a:b3:5f:53:
                    e2:ec:30:0d:44:b8:d7:b0:a5:37:ab:db:82:59:54:
                    7a:b8:20:8e:5d:b3:36:e9:2d:05:01:5e:53:f9:2b:
                    e0:d6:95:a9:eb:c4:d4:8e:b2:ad:51:93:c9:c6:4d:
                    d9:22:0c:0d:d9:70:7c:12:b5:4f:ae:2e:66:4c:bf:
                    30:39:09:c6:62:c7:74:29:ae:54:9d:5c:b3:80:16:
                    05:96:d5:d4:d3:01:e2:3e:11:f3:9d:22:b0:89:3a:
                    f2:a6:16:f1:31:02:7c:a7:7e:03:19:7d:5c:e3:fc:
                    c3:6c:7f:cc:40:a8:fa:ce:26:26:bf:b4:59:f1:96:
                    e1:a0:34:ab:94:50:1b:ed:7c:18:52:2c:6c:8b:e3:
                    bd:da:a1:b9:3f:3c:9f:39:d2:7a:af:85:62:74:6f:
                    59:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:23:FA:E7:8B:B0:C0:FD:7B:38:93:FF:09:ED:6E:7C:A2:28:57:3F
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145169.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a9d7::/32

    Signature Algorithm: sha256WithRSAEncryption
         1b:05:20:46:5e:b3:33:e9:ad:c2:85:fd:b3:84:73:c5:43:1e:
         ff:fd:28:98:c1:f3:45:48:53:d5:1f:e3:49:e6:78:40:1d:bd:
         83:98:19:14:42:5f:60:70:6f:e3:c3:85:d5:47:b3:f7:0a:cf:
         78:74:8b:8c:93:67:3d:26:2c:e4:5e:2b:d3:91:33:72:f8:08:
         7e:57:2d:9a:b7:fc:d8:3f:fb:68:41:9e:28:47:ca:2a:03:92:
         82:34:fd:86:13:7c:76:13:19:f3:4f:5d:67:0b:18:c3:f0:eb:
         bf:7c:57:df:d2:bf:d2:0b:63:ef:1c:5f:97:63:17:cb:00:3c:
         20:ed:34:0b:f7:c9:22:e9:62:6d:f1:a6:60:7e:8b:2d:db:60:
         c1:30:f4:d5:a0:03:19:8b:ee:d4:ae:a8:43:05:b1:0a:92:71:
         a1:26:ad:d0:05:49:7e:3b:83:fe:37:b5:7b:23:6e:2c:88:2a:
         12:6d:02:5f:08:34:e0:73:0c:14:97:ff:ef:81:0a:21:f9:39:
         8e:ce:33:e1:7c:e4:f8:26:0a:c2:c2:a1:8e:9c:80:ea:12:f4:
         21:53:ab:09:7a:b1:d0:71:b4:56:50:18:2a:bc:e0:35:af:07:
         8c:f6:9a:63:3a:65:12:5a:b9:bf:1f:3c:e3:70:29:fe:29:ee:
         28:b9:8f:b0
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUBtOLBPOObIfT9bPRGI8zjFQNsbYwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTYxMFoX
DTI3MDMwMzA2MjExMFowMzExMC8GA1UEAxMoQTkyM0ZBRTc4QkIwQzBGRDdCMzg5
M0ZGMDlFRDZFN0NBMjI4NTczRjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALRrW4fL3SdeunqNHycoZd2wfYG7tyyf1KF2fawFWN2KYpDkZSsQAl+jraHm
cTlkVkuLuXXDupixReDhdE2Teri8a7WFeChuhxyYwk8+PUke3ZQlFx8fljuiH9SS
T5ButA1cJCR6s19T4uwwDUS417ClN6vbgllUerggjl2zNuktBQFeU/kr4NaVqevE
1I6yrVGTycZN2SIMDdlwfBK1T64uZky/MDkJxmLHdCmuVJ1cs4AWBZbV1NMB4j4R
850isIk68qYW8TECfKd+Axl9XOP8w2x/zECo+s4mJr+0WfGW4aA0q5RQG+18GFIs
bIvjvdqhuT88nznSeq+FYnRvWR8CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBSpI/rn
i7DA/Xs4k/8J7W58oihXPzAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTE2OS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
qdcwDQYJKoZIhvcNAQELBQADggEBABsFIEZeszPprcKF/bOEc8VDHv/9KJjB80VI
U9Uf40nmeEAdvYOYGRRCX2Bwb+PDhdVHs/cKz3h0i4yTZz0mLOReK9ORM3L4CH5X
LZq3/Ng/+2hBnihHyioDkoI0/YYTfHYTGfNPXWcLGMPw6798V9/Sv9ILY+8cX5dj
F8sAPCDtNAv3ySLpYm3xpmB+iy3bYMEw9NWgAxmL7tSuqEMFsQqScaEmrdAFSX47
g/43tXsjbiyIKhJtAl8INOBzDBSX/++BCiH5OY7OM+F85PgmCsLCoY6cgOoS9CFT
qwl6sdBxtFZQGCq84DWvB4z2mmM6ZRJaub8fPONwKf4p7ii5j7A=
-----END CERTIFICATE-----