Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145362.roa
File:                     AS145362.roa (raw, json)
Hash identifier:          nKuZsy6CJ8vprTMk2ajtYlay4BJaQo/yTENYwf/JivA=
Subject key identifier:   D9:DC:77:AD:73:6A:47:EC:34:55:6F:F1:3E:1C:FE:E7:49:93:70:9F
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       51EC1B29CBC4DC952894B448B15AA43DCA03D796
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145362.roa
Signing time:             Wed 04 Mar 2026 06:21:09 +0000
ROA not before:           Wed 04 Mar 2026 06:16:09 +0000
ROA not after:            Wed 03 Mar 2027 06:21:09 +0000
asID:                     145362
IP address blocks:        240a:aa98::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            51:ec:1b:29:cb:c4:dc:95:28:94:b4:48:b1:5a:a4:3d:ca:03:d7:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:16:09 2026 GMT
            Not After : Mar  3 06:21:09 2027 GMT
        Subject: CN=D9DC77AD736A47EC34556FF13E1CFEE74993709F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:d1:ae:75:2e:d0:77:35:42:f0:54:64:87:32:
                    ca:67:ed:b1:aa:3a:73:8f:6d:4a:8e:7f:13:02:3b:
                    34:a2:39:ca:84:99:e8:07:86:30:59:65:0f:9c:56:
                    80:e5:96:b3:dc:73:af:27:9c:00:0a:51:13:d8:be:
                    4d:67:e9:2e:ad:c8:ad:b2:97:d4:ee:b2:39:fb:ce:
                    8d:b4:fc:82:56:e1:be:15:42:aa:21:32:ca:7b:05:
                    2c:10:94:94:a7:58:94:d0:be:46:5d:a4:5e:42:5a:
                    93:2c:45:d0:66:dd:69:12:9a:8f:ff:b5:f4:72:39:
                    c5:eb:8c:88:f3:d3:35:53:c2:8b:38:c5:32:f1:b0:
                    e8:22:5c:20:40:03:38:13:8f:d4:98:65:0d:de:74:
                    15:36:fc:73:32:23:da:a7:72:9b:2e:36:34:e2:e8:
                    c8:49:94:7b:db:4f:8c:8a:f9:95:78:1e:d5:97:bf:
                    06:d6:b6:82:bd:5f:34:96:a3:ea:6b:ec:ef:62:7b:
                    79:ee:a9:a5:8a:53:d9:1f:10:26:ac:4c:94:e0:b3:
                    6a:fa:c2:35:c5:39:5e:9b:49:4d:0f:00:48:af:34:
                    bb:22:89:8a:34:49:e8:43:54:4b:ee:2e:6f:94:7a:
                    4c:78:f0:f7:38:dc:df:79:c3:71:f6:61:6e:48:90:
                    2f:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:DC:77:AD:73:6A:47:EC:34:55:6F:F1:3E:1C:FE:E7:49:93:70:9F
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145362.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:aa98::/32

    Signature Algorithm: sha256WithRSAEncryption
         d7:40:de:a7:46:5e:50:a2:20:b8:7b:91:3a:d9:8b:81:73:6b:
         c4:bd:ce:8b:bf:1a:76:6c:bb:11:10:99:2b:0d:5e:53:f5:51:
         a0:e0:47:10:cd:1a:63:e4:77:cc:55:d9:6a:8b:11:d0:12:cf:
         17:38:07:5a:89:c3:b9:07:a7:1a:73:1b:0e:02:0f:4a:07:97:
         37:ca:77:d3:fe:d9:cb:27:1f:0e:d4:9f:5b:27:19:e6:19:96:
         49:f6:89:08:bd:e0:37:68:19:ad:55:83:c1:38:f6:fd:a1:78:
         a7:36:96:c3:a5:fd:4e:de:a5:0f:7f:c0:06:7e:87:74:ea:c5:
         9f:ed:32:69:44:70:bf:7b:c3:64:47:02:1b:ea:73:03:1d:d3:
         d1:61:68:d0:40:47:48:ec:37:98:d7:63:8b:93:3c:20:aa:91:
         20:bc:82:ee:bb:a2:d4:e4:15:e8:13:1f:50:75:59:72:d8:c1:
         2f:3f:ed:c4:67:c2:5c:a6:d4:e2:b3:b0:7c:ec:57:2a:d2:42:
         b2:2f:c3:9a:30:ae:be:4e:a5:1c:fd:20:4b:c6:b3:4d:b5:73:
         ac:4d:aa:76:3e:70:19:1d:24:36:b8:fa:1e:4c:52:40:d9:99:
         c2:91:aa:87:29:fd:9a:31:b6:cb:e9:24:08:7f:b9:ff:57:d4:
         19:f7:04:e2
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUUewbKcvE3JUolLRIsVqkPcoD15YwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTYwOVoX
DTI3MDMwMzA2MjEwOVowMzExMC8GA1UEAxMoRDlEQzc3QUQ3MzZBNDdFQzM0NTU2
RkYxM0UxQ0ZFRTc0OTkzNzA5RjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMbRrnUu0Hc1QvBUZIcyymftsao6c49tSo5/EwI7NKI5yoSZ6AeGMFllD5xW
gOWWs9xzryecAApRE9i+TWfpLq3IrbKX1O6yOfvOjbT8glbhvhVCqiEyynsFLBCU
lKdYlNC+Rl2kXkJakyxF0GbdaRKaj/+19HI5xeuMiPPTNVPCizjFMvGw6CJcIEAD
OBOP1JhlDd50FTb8czIj2qdymy42NOLoyEmUe9tPjIr5lXge1Ze/Bta2gr1fNJaj
6mvs72J7ee6ppYpT2R8QJqxMlOCzavrCNcU5XptJTQ8ASK80uyKJijRJ6ENUS+4u
b5R6THjw9zjc33nDcfZhbkiQL2UCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBTZ3Het
c2pH7DRVb/E+HP7nSZNwnzAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTM2Mi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
qpgwDQYJKoZIhvcNAQELBQADggEBANdA3qdGXlCiILh7kTrZi4Fza8S9zou/GnZs
uxEQmSsNXlP1UaDgRxDNGmPkd8xV2WqLEdASzxc4B1qJw7kHpxpzGw4CD0oHlzfK
d9P+2csnHw7Un1snGeYZlkn2iQi94DdoGa1Vg8E49v2heKc2lsOl/U7epQ9/wAZ+
h3TqxZ/tMmlEcL97w2RHAhvqcwMd09FhaNBAR0jsN5jXY4uTPCCqkSC8gu67otTk
FegTH1B1WXLYwS8/7cRnwlym1OKzsHzsVyrSQrIvw5owrr5OpRz9IEvGs021c6xN
qnY+cBkdJDa4+h5MUkDZmcKRqocp/ZoxtsvpJAh/uf9X1Bn3BOI=
-----END CERTIFICATE-----