Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145229.roa
File:                     AS145229.roa (raw, json)
Hash identifier:          9LMZTi2+9olL7MlRpXUQ8V2uXunO6AEmhF1bEugqVPY=
Subject key identifier:   E2:7C:9A:97:8E:20:56:BA:D2:20:07:C5:44:4B:37:0D:E5:F1:6D:3A
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       7C711C9A9DB1340432E09A53A78CE3B17D5BB03B
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145229.roa
Signing time:             Wed 04 Mar 2026 06:20:49 +0000
ROA not before:           Wed 04 Mar 2026 06:15:49 +0000
ROA not after:            Wed 03 Mar 2027 06:20:49 +0000
asID:                     145229
IP address blocks:        240a:aa13::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:71:1c:9a:9d:b1:34:04:32:e0:9a:53:a7:8c:e3:b1:7d:5b:b0:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:15:49 2026 GMT
            Not After : Mar  3 06:20:49 2027 GMT
        Subject: CN=E27C9A978E2056BAD22007C5444B370DE5F16D3A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:9a:80:e4:05:f1:c1:9e:2d:35:b1:61:fb:0d:
                    b2:5c:f6:81:c6:6e:30:cc:94:b9:9e:8c:d8:c9:52:
                    f4:0e:d7:c1:c4:6f:62:e7:0d:e2:df:5c:41:8e:a1:
                    59:c5:42:3c:ec:6a:2d:e3:53:bc:c6:ba:9f:c9:17:
                    a4:a9:bc:6f:9b:d2:95:6b:24:28:0e:7a:fd:70:57:
                    b1:dd:df:3c:f5:fe:47:69:6d:73:95:ca:55:26:7b:
                    80:ba:92:ab:8c:68:86:7f:e3:7d:21:a8:fa:64:ad:
                    13:39:eb:c2:cd:1c:a3:15:de:84:58:5c:8b:77:e5:
                    62:06:35:30:d2:4b:81:5a:50:27:0c:75:90:18:d1:
                    1f:95:25:4e:2b:57:90:76:3c:a3:63:99:2f:6d:3f:
                    eb:58:7b:ef:10:4c:ac:c8:c5:bd:86:13:34:83:64:
                    a6:23:d5:1c:89:bd:0c:da:82:2c:7d:3c:99:28:d3:
                    dd:84:17:60:af:07:54:1a:5e:a1:e3:4d:21:82:95:
                    cb:42:bd:19:c3:63:00:82:a3:19:d9:26:33:6c:10:
                    22:29:a1:12:93:15:e5:43:00:37:d9:d6:00:41:fc:
                    4c:94:71:3e:ff:fe:13:76:4f:e2:44:3d:a8:42:8f:
                    0e:89:90:e2:8d:77:29:43:bd:37:14:f7:58:b1:e7:
                    72:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:7C:9A:97:8E:20:56:BA:D2:20:07:C5:44:4B:37:0D:E5:F1:6D:3A
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145229.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:aa13::/32

    Signature Algorithm: sha256WithRSAEncryption
         60:ae:c3:ba:94:c3:62:6d:06:b3:f5:23:9a:60:48:5b:3e:a5:
         5d:4c:09:6e:e6:ca:0b:98:aa:c1:1d:ef:0d:fc:b3:ac:b2:50:
         d7:b5:62:97:aa:4a:c8:e0:5e:6e:85:60:e6:7c:db:bc:ba:c1:
         67:04:25:79:3e:6d:ea:e1:e9:9d:1d:7b:3c:f1:e7:95:ec:19:
         e6:5d:f4:fc:60:99:04:b5:84:df:7b:08:fa:52:06:47:c1:f3:
         dd:71:61:f7:69:fc:b6:29:dc:89:37:f0:4f:3b:f7:7e:59:7c:
         54:1d:05:8c:1f:88:58:58:9e:5b:84:eb:b3:8a:e1:d9:f0:28:
         6e:7d:60:07:d6:a3:56:f1:65:3f:41:ac:6b:58:13:7a:86:08:
         37:ea:da:62:79:f4:21:0a:a1:a5:12:53:1e:be:ce:3a:e2:d6:
         8c:83:91:6b:91:de:dd:94:ae:f6:39:73:4e:ec:80:8a:bd:58:
         1d:ff:75:87:f9:68:b3:c7:b0:77:e3:25:30:db:c0:52:6b:2b:
         ee:1b:a5:26:58:81:1c:1c:3d:f9:93:3a:9a:59:9c:39:96:65:
         11:8b:28:41:a2:a6:b2:f0:4b:62:21:8c:d8:57:72:92:0b:f5:
         9c:7d:7b:cc:e2:41:2a:7d:b8:fa:59:70:eb:81:6b:3e:71:47:
         f3:0f:b9:78
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUfHEcmp2xNAQy4JpTp4zjsX1bsDswDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTU0OVoX
DTI3MDMwMzA2MjA0OVowMzExMC8GA1UEAxMoRTI3QzlBOTc4RTIwNTZCQUQyMjAw
N0M1NDQ0QjM3MERFNUYxNkQzQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKqagOQF8cGeLTWxYfsNslz2gcZuMMyUuZ6M2MlS9A7XwcRvYucN4t9cQY6h
WcVCPOxqLeNTvMa6n8kXpKm8b5vSlWskKA56/XBXsd3fPPX+R2ltc5XKVSZ7gLqS
q4xohn/jfSGo+mStEznrws0coxXehFhci3flYgY1MNJLgVpQJwx1kBjRH5UlTitX
kHY8o2OZL20/61h77xBMrMjFvYYTNINkpiPVHIm9DNqCLH08mSjT3YQXYK8HVBpe
oeNNIYKVy0K9GcNjAIKjGdkmM2wQIimhEpMV5UMAN9nWAEH8TJRxPv/+E3ZP4kQ9
qEKPDomQ4o13KUO9NxT3WLHnckECAwEAAaOCAcUwggHBMB0GA1UdDgQWBBTifJqX
jiBWutIgB8VESzcN5fFtOjAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTIyOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
qhMwDQYJKoZIhvcNAQELBQADggEBAGCuw7qUw2JtBrP1I5pgSFs+pV1MCW7myguY
qsEd7w38s6yyUNe1YpeqSsjgXm6FYOZ827y6wWcEJXk+berh6Z0dezzx55XsGeZd
9PxgmQS1hN97CPpSBkfB891xYfdp/LYp3Ik38E87935ZfFQdBYwfiFhYnluE67OK
4dnwKG59YAfWo1bxZT9BrGtYE3qGCDfq2mJ59CEKoaUSUx6+zjri1oyDkWuR3t2U
rvY5c07sgIq9WB3/dYf5aLPHsHfjJTDbwFJrK+4bpSZYgRwcPfmTOppZnDmWZRGL
KEGiprLwS2IhjNhXcpIL9Zx9e8ziQSp9uPpZcOuBaz5xR/MPuXg=
-----END CERTIFICATE-----