Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145235.roa
File:                     AS145235.roa (raw, json)
Hash identifier:          rPZUqrzHG4CUmS2tupTzJ5wTrYOyYqlAF7P5KJgUM30=
Subject key identifier:   AF:70:17:30:A3:43:1F:9B:00:2F:9B:D2:24:CC:9A:A7:0D:5F:95:BB
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       0649232F2D21C35A266E68ECAC4C866CE9DBEF57
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145235.roa
Signing time:             Wed 04 Mar 2026 06:19:35 +0000
ROA not before:           Wed 04 Mar 2026 06:14:35 +0000
ROA not after:            Wed 03 Mar 2027 06:19:35 +0000
asID:                     145235
IP address blocks:        240a:aa19::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            06:49:23:2f:2d:21:c3:5a:26:6e:68:ec:ac:4c:86:6c:e9:db:ef:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:14:35 2026 GMT
            Not After : Mar  3 06:19:35 2027 GMT
        Subject: CN=AF701730A3431F9B002F9BD224CC9AA70D5F95BB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:56:cd:27:7e:5b:02:e6:9f:6d:6f:59:3c:fb:
                    3b:f1:47:03:58:77:48:e1:9a:25:99:21:2b:1d:f2:
                    9c:70:8e:af:02:03:e1:96:c0:7f:58:2c:90:62:f4:
                    75:69:18:12:64:1b:73:d0:f9:ea:63:df:02:be:41:
                    db:bc:58:3b:55:11:a8:11:84:3f:4e:3f:80:00:c0:
                    13:77:71:65:1b:01:15:9e:a7:cd:a4:98:ff:0d:71:
                    83:fb:a5:17:47:61:8d:7b:ff:7a:8e:82:1f:d3:3a:
                    4f:e1:bd:4b:d1:46:a0:99:77:12:15:67:57:5c:e2:
                    1d:ac:43:1a:d0:26:83:12:44:e0:fe:5a:46:34:80:
                    96:a6:48:03:ca:d2:75:5e:85:ab:19:1d:6f:05:0e:
                    c7:79:36:8a:73:f8:27:43:dd:bb:94:10:98:5d:28:
                    61:af:df:1c:d4:1d:49:27:0d:2d:fe:16:d2:4e:84:
                    55:97:7d:12:75:0f:72:a1:0d:dd:e3:15:18:69:72:
                    65:ba:8e:c7:fe:c2:d8:f8:37:0d:7f:31:88:f1:4b:
                    a3:ad:ad:d7:f4:e4:0e:c6:e9:c6:58:37:c7:99:91:
                    04:a8:5c:fd:01:6e:f0:8d:ef:92:fa:22:46:2d:9d:
                    94:80:d2:ba:99:7b:2f:ba:62:71:b2:7d:b5:cc:e9:
                    77:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:70:17:30:A3:43:1F:9B:00:2F:9B:D2:24:CC:9A:A7:0D:5F:95:BB
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145235.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:aa19::/32

    Signature Algorithm: sha256WithRSAEncryption
         5d:f8:d3:b4:d7:13:99:3e:f8:11:3a:fa:c2:6f:a2:d7:98:48:
         83:2a:bd:1a:b5:1b:2f:99:b6:54:60:d9:ee:5b:37:01:9b:6f:
         44:0e:f2:c0:f5:9f:be:3c:32:14:29:6f:31:3b:ae:6e:7f:b6:
         9c:98:98:0b:10:15:18:5b:e1:39:21:63:eb:24:40:e4:cd:79:
         e5:9f:19:5e:3a:a4:a1:39:9d:c1:5d:c9:fe:6c:1a:90:dd:b4:
         34:2f:5d:37:6c:26:8a:b4:e8:8f:39:28:31:1d:9d:88:4a:ed:
         65:f1:f0:c6:42:1d:f8:12:7f:d1:25:5a:d8:63:2a:a7:d7:46:
         05:a3:9c:ad:57:56:19:af:3c:ee:7e:d7:0e:42:7d:a9:30:26:
         ff:c4:02:a7:6f:38:45:8d:f8:d8:9f:14:2b:8b:76:85:1d:80:
         04:f5:ae:cf:cc:3d:3a:7f:63:69:c0:4d:d6:ae:23:e4:42:fd:
         5f:f9:21:6c:f8:89:dd:7a:3d:56:63:3d:a9:90:e1:03:78:76:
         14:44:75:d6:27:2d:bd:fb:b3:4c:d9:77:62:62:c9:70:fc:94:
         e9:1b:ce:9f:04:e8:41:09:0b:5d:79:7c:64:29:80:8c:a2:cf:
         b7:0d:36:3d:d6:75:1b:54:95:0f:e5:6d:24:18:cd:03:f1:47:
         3a:97:ce:96
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUBkkjLy0hw1ombmjsrEyGbOnb71cwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTQzNVoX
DTI3MDMwMzA2MTkzNVowMzExMC8GA1UEAxMoQUY3MDE3MzBBMzQzMUY5QjAwMkY5
QkQyMjRDQzlBQTcwRDVGOTVCQjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK5WzSd+WwLmn21vWTz7O/FHA1h3SOGaJZkhKx3ynHCOrwID4ZbAf1gskGL0
dWkYEmQbc9D56mPfAr5B27xYO1URqBGEP04/gADAE3dxZRsBFZ6nzaSY/w1xg/ul
F0dhjXv/eo6CH9M6T+G9S9FGoJl3EhVnV1ziHaxDGtAmgxJE4P5aRjSAlqZIA8rS
dV6FqxkdbwUOx3k2inP4J0Pdu5QQmF0oYa/fHNQdSScNLf4W0k6EVZd9EnUPcqEN
3eMVGGlyZbqOx/7C2Pg3DX8xiPFLo62t1/TkDsbpxlg3x5mRBKhc/QFu8I3vkvoi
Ri2dlIDSupl7L7picbJ9tczpd8UCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBSvcBcw
o0MfmwAvm9IkzJqnDV+VuzAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTIzNS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
qhkwDQYJKoZIhvcNAQELBQADggEBAF3407TXE5k++BE6+sJvoteYSIMqvRq1Gy+Z
tlRg2e5bNwGbb0QO8sD1n748MhQpbzE7rm5/tpyYmAsQFRhb4TkhY+skQOTNeeWf
GV46pKE5ncFdyf5sGpDdtDQvXTdsJoq06I85KDEdnYhK7WXx8MZCHfgSf9ElWthj
KqfXRgWjnK1XVhmvPO5+1w5CfakwJv/EAqdvOEWN+NifFCuLdoUdgAT1rs/MPTp/
Y2nATdauI+RC/V/5IWz4id16PVZjPamQ4QN4dhREddYnLb37s0zZd2JiyXD8lOkb
zp8E6EEJC115fGQpgIyiz7cNNj3WdRtUlQ/lbSQYzQPxRzqXzpY=
-----END CERTIFICATE-----