Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145233.roa
File:                     AS145233.roa (raw, json)
Hash identifier:          yEOHG2O9yWwSRVZL75W8W2qvCr8iVCgflPDcN+jDrxI=
Subject key identifier:   53:DF:A0:54:26:B5:41:38:D7:82:62:7E:71:BD:4A:6C:0D:38:AC:F5
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       20ACADC48088BCB7421DADF444D5CE7181DAC737
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145233.roa
Signing time:             Wed 04 Mar 2026 06:19:27 +0000
ROA not before:           Wed 04 Mar 2026 06:14:27 +0000
ROA not after:            Wed 03 Mar 2027 06:19:27 +0000
asID:                     145233
IP address blocks:        240a:aa17::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:ac:ad:c4:80:88:bc:b7:42:1d:ad:f4:44:d5:ce:71:81:da:c7:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:14:27 2026 GMT
            Not After : Mar  3 06:19:27 2027 GMT
        Subject: CN=53DFA05426B54138D782627E71BD4A6C0D38ACF5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:43:17:c0:a6:8e:0a:e7:e8:e3:42:b2:73:75:
                    b9:2c:bb:89:5a:6b:b9:a9:18:a2:40:ff:28:bc:63:
                    3f:17:5c:01:80:cf:ad:60:b3:83:0b:31:38:7a:e6:
                    28:c7:98:ce:8d:34:71:48:bf:a8:ad:fa:96:31:82:
                    24:c8:e5:a7:4f:61:1d:c4:1a:ea:99:96:29:6d:99:
                    cd:d5:d8:65:da:f4:a4:08:93:c2:10:94:2d:15:8e:
                    7b:61:78:b7:00:b5:62:08:e5:a0:11:a4:26:3c:8e:
                    da:20:78:44:90:86:84:95:c7:be:08:46:51:84:31:
                    23:f6:0d:dc:4c:31:71:69:ab:96:07:b9:1d:b8:b2:
                    63:0e:f8:47:44:2b:07:ba:1b:b6:99:4f:88:34:71:
                    51:ba:05:4b:de:8c:dd:8b:60:17:0e:ea:ce:39:c5:
                    24:6b:c5:54:f1:bc:b0:36:89:ef:7b:44:a5:3f:b9:
                    60:1b:65:a2:4d:de:3a:98:bc:33:86:be:35:67:69:
                    4a:75:c9:47:81:8f:f9:c6:43:87:ee:5c:bd:2d:e3:
                    ae:97:9a:a8:16:0c:d0:d4:84:f2:22:df:a0:6d:29:
                    ae:36:de:81:d4:bf:76:0c:ac:02:e2:84:fe:18:6a:
                    8a:47:65:c5:ec:4b:1e:54:55:b5:09:88:2f:85:f8:
                    71:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:DF:A0:54:26:B5:41:38:D7:82:62:7E:71:BD:4A:6C:0D:38:AC:F5
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145233.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:aa17::/32

    Signature Algorithm: sha256WithRSAEncryption
         77:de:06:f0:c5:da:54:2a:a3:76:8c:a7:6d:fc:df:e4:30:c1:
         40:70:42:c0:21:bf:b3:96:14:56:bc:27:80:e3:d2:a7:fc:f8:
         21:68:77:bb:12:0e:f6:e5:bc:d6:e4:b4:c6:e2:c9:18:0d:1f:
         39:83:c0:4a:5a:d9:24:91:b5:b3:58:15:00:d9:d6:16:d1:66:
         c1:94:51:e4:1a:19:9a:ff:e0:39:34:b4:df:ec:71:2b:9e:b3:
         30:1a:f7:da:a6:85:03:ca:5a:f1:61:3f:18:c1:bc:9e:1e:80:
         83:0c:cc:f2:08:6f:40:5b:8b:bf:2c:a9:f8:83:06:70:5a:1a:
         08:0e:9d:86:c7:01:6a:6a:45:4b:7e:54:af:5c:00:06:b4:85:
         29:6a:17:3d:16:3d:7f:25:2a:34:98:95:a7:f9:56:aa:9e:8d:
         10:14:9b:dd:01:c8:39:25:69:c4:bb:70:3d:08:0a:07:12:a5:
         0c:94:a7:f2:cf:29:d2:66:4c:b4:49:35:66:79:e9:cc:98:5b:
         ff:22:37:45:e3:67:9b:1c:cb:2a:0d:10:2c:a7:c0:91:22:b5:
         58:be:86:dd:c5:47:70:8a:e6:31:73:8d:df:a4:76:4a:a0:c9:
         1d:52:fc:8a:08:43:e3:f6:c4:54:07:d6:d6:4d:de:70:0d:2a:
         e7:95:d7:36
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUIKytxICIvLdCHa30RNXOcYHaxzcwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTQyN1oX
DTI3MDMwMzA2MTkyN1owMzExMC8GA1UEAxMoNTNERkEwNTQyNkI1NDEzOEQ3ODI2
MjdFNzFCRDRBNkMwRDM4QUNGNTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALpDF8Cmjgrn6ONCsnN1uSy7iVpruakYokD/KLxjPxdcAYDPrWCzgwsxOHrm
KMeYzo00cUi/qK36ljGCJMjlp09hHcQa6pmWKW2ZzdXYZdr0pAiTwhCULRWOe2F4
twC1YgjloBGkJjyO2iB4RJCGhJXHvghGUYQxI/YN3EwxcWmrlge5HbiyYw74R0Qr
B7obtplPiDRxUboFS96M3YtgFw7qzjnFJGvFVPG8sDaJ73tEpT+5YBtlok3eOpi8
M4a+NWdpSnXJR4GP+cZDh+5cvS3jrpeaqBYM0NSE8iLfoG0prjbegdS/dgysAuKE
/hhqikdlxexLHlRVtQmIL4X4cZcCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBRT36BU
JrVBONeCYn5xvUpsDTis9TAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTIzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
qhcwDQYJKoZIhvcNAQELBQADggEBAHfeBvDF2lQqo3aMp2383+QwwUBwQsAhv7OW
FFa8J4Dj0qf8+CFod7sSDvblvNbktMbiyRgNHzmDwEpa2SSRtbNYFQDZ1hbRZsGU
UeQaGZr/4Dk0tN/scSueszAa99qmhQPKWvFhPxjBvJ4egIMMzPIIb0Bbi78sqfiD
BnBaGggOnYbHAWpqRUt+VK9cAAa0hSlqFz0WPX8lKjSYlaf5VqqejRAUm90ByDkl
acS7cD0ICgcSpQyUp/LPKdJmTLRJNWZ56cyYW/8iN0XjZ5scyyoNECynwJEitVi+
ht3FR3CK5jFzjd+kdkqgyR1S/IoIQ+P2xFQH1tZN3nANKueV1zY=
-----END CERTIFICATE-----