Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145257.roa
File:                     AS145257.roa (raw, json)
Hash identifier:          Yb6sfOGSPmL6cdy3z6ooO8zmDABox0F1bC2A+T5s2II=
Subject key identifier:   52:8A:6F:DE:C0:4B:35:B2:78:AF:DC:6B:B0:6F:B4:74:A7:3C:50:2F
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       03741D631CEF807C8AFA13E93F71C8DBFBF1C8EC
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145257.roa
Signing time:             Wed 04 Mar 2026 06:21:13 +0000
ROA not before:           Wed 04 Mar 2026 06:16:13 +0000
ROA not after:            Wed 03 Mar 2027 06:21:13 +0000
asID:                     145257
IP address blocks:        240a:aa2f::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:74:1d:63:1c:ef:80:7c:8a:fa:13:e9:3f:71:c8:db:fb:f1:c8:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:16:13 2026 GMT
            Not After : Mar  3 06:21:13 2027 GMT
        Subject: CN=528A6FDEC04B35B278AFDC6BB06FB474A73C502F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:fa:b9:74:c4:63:4c:f8:99:e0:2e:f9:ed:85:
                    70:80:66:7e:80:15:33:52:9f:d6:51:6d:95:fa:6a:
                    86:94:30:fb:2a:ec:65:ad:a0:27:9e:98:50:80:ad:
                    82:54:76:b7:30:62:b6:86:c0:dd:59:10:13:47:c7:
                    b8:9c:81:16:0c:99:d1:b5:d6:23:0e:01:18:8f:07:
                    4d:02:42:fd:f7:01:b2:38:8b:b0:c4:aa:e0:d3:00:
                    47:0e:50:0e:99:f2:0c:34:90:31:d7:23:82:6b:a5:
                    d4:c7:a6:ee:2f:cc:f0:cd:37:3e:62:cc:6c:9f:7b:
                    aa:09:3e:3f:97:42:9f:3b:9b:fb:c6:3a:33:8f:a3:
                    66:8c:e8:c4:62:ea:e8:3c:cd:8c:27:73:d4:32:36:
                    35:34:54:10:39:08:da:61:af:85:bb:8d:b6:32:4e:
                    30:05:a5:4e:28:ae:f7:3c:60:1b:bd:0e:89:2b:b5:
                    79:4a:86:c3:d1:42:6b:60:fa:8b:8c:9a:31:7a:a7:
                    af:61:16:3c:af:fe:54:bb:06:fe:12:05:7f:cf:1d:
                    e5:71:2a:94:28:14:56:97:c3:b6:2e:70:a9:33:df:
                    a8:33:1f:ee:5e:40:09:57:d5:2c:fd:4f:9a:6a:4f:
                    2a:45:be:4f:d0:f4:8b:58:2c:11:bc:ce:59:c8:d9:
                    36:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:8A:6F:DE:C0:4B:35:B2:78:AF:DC:6B:B0:6F:B4:74:A7:3C:50:2F
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145257.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:aa2f::/32

    Signature Algorithm: sha256WithRSAEncryption
         64:ca:29:31:68:cc:70:6c:70:10:3a:ac:a9:8f:d3:7f:a3:44:
         a1:73:9f:f1:4b:76:df:98:f5:65:68:45:ba:40:5c:4d:f0:2b:
         f0:8d:6a:d1:db:f7:be:68:43:11:e8:a2:43:3b:19:d3:0a:14:
         31:6e:3c:4c:00:e4:c3:05:d9:49:d4:80:59:cf:1a:8f:ff:e6:
         7b:a9:94:5b:c9:ad:6d:87:85:0c:58:87:93:87:53:94:a4:9d:
         1c:d7:da:fe:5e:15:88:26:43:d8:f7:89:47:03:ea:dc:9c:ee:
         9e:23:90:8d:72:ab:61:a1:dc:7f:af:7f:d1:41:3f:88:3c:79:
         c8:21:6b:15:29:fc:bd:87:26:9f:65:dc:85:da:94:90:97:53:
         15:13:da:9d:36:15:83:f6:6a:9e:3f:67:75:57:4c:66:f0:7e:
         8c:01:3f:c8:99:a9:7a:27:b3:77:da:9f:78:6d:8d:79:e8:da:
         5e:e3:13:70:ad:b6:dc:c2:b2:2e:13:90:e6:49:31:9e:0d:c3:
         d5:65:e5:a4:76:ee:28:30:c0:14:ef:83:78:0c:e2:c1:26:5a:
         e5:d6:da:52:1b:b6:7a:ec:bd:dd:ef:1c:93:73:99:6f:9d:fe:
         28:92:63:1f:1d:23:98:39:49:18:d5:cf:92:75:0b:37:54:1a:
         a9:f6:77:7d
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUA3QdYxzvgHyK+hPpP3HI2/vxyOwwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTYxM1oX
DTI3MDMwMzA2MjExM1owMzExMC8GA1UEAxMoNTI4QTZGREVDMDRCMzVCMjc4QUZE
QzZCQjA2RkI0NzRBNzNDNTAyRjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKL6uXTEY0z4meAu+e2FcIBmfoAVM1Kf1lFtlfpqhpQw+yrsZa2gJ56YUICt
glR2tzBitobA3VkQE0fHuJyBFgyZ0bXWIw4BGI8HTQJC/fcBsjiLsMSq4NMARw5Q
DpnyDDSQMdcjgmul1Mem7i/M8M03PmLMbJ97qgk+P5dCnzub+8Y6M4+jZozoxGLq
6DzNjCdz1DI2NTRUEDkI2mGvhbuNtjJOMAWlTiiu9zxgG70OiSu1eUqGw9FCa2D6
i4yaMXqnr2EWPK/+VLsG/hIFf88d5XEqlCgUVpfDti5wqTPfqDMf7l5ACVfVLP1P
mmpPKkW+T9D0i1gsEbzOWcjZNh8CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBRSim/e
wEs1sniv3Guwb7R0pzxQLzAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTI1Ny5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
qi8wDQYJKoZIhvcNAQELBQADggEBAGTKKTFozHBscBA6rKmP03+jRKFzn/FLdt+Y
9WVoRbpAXE3wK/CNatHb975oQxHookM7GdMKFDFuPEwA5MMF2UnUgFnPGo//5nup
lFvJrW2HhQxYh5OHU5SknRzX2v5eFYgmQ9j3iUcD6tyc7p4jkI1yq2Gh3H+vf9FB
P4g8ecghaxUp/L2HJp9l3IXalJCXUxUT2p02FYP2ap4/Z3VXTGbwfowBP8iZqXon
s3fan3htjXno2l7jE3CtttzCsi4TkOZJMZ4Nw9Vl5aR27igwwBTvg3gM4sEmWuXW
2lIbtnrsvd3vHJNzmW+d/iiSYx8dI5g5SRjVz5J1CzdUGqn2d30=
-----END CERTIFICATE-----