Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145394.roa
File:                     AS145394.roa (raw, json)
Hash identifier:          Huy6qI0cZyPS0qW6FyCbQjt7BfwgG6q9G/+5k/OPIIM=
Subject key identifier:   4F:72:23:C5:8F:A5:0C:70:E3:AE:BF:B1:73:2D:6D:6D:41:F2:C9:8B
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       51CE70964D13DC5E7E773CF83038D43E98CCE37D
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145394.roa
Signing time:             Wed 04 Mar 2026 06:19:46 +0000
ROA not before:           Wed 04 Mar 2026 06:14:46 +0000
ROA not after:            Wed 03 Mar 2027 06:19:46 +0000
asID:                     145394
IP address blocks:        240a:aab8::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            51:ce:70:96:4d:13:dc:5e:7e:77:3c:f8:30:38:d4:3e:98:cc:e3:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:14:46 2026 GMT
            Not After : Mar  3 06:19:46 2027 GMT
        Subject: CN=4F7223C58FA50C70E3AEBFB1732D6D6D41F2C98B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:31:c4:1d:c1:38:f4:c9:f0:90:98:7d:9b:4f:
                    ef:b1:06:72:da:69:e7:d8:b9:eb:1e:cd:bb:ce:b8:
                    36:3c:05:e0:1a:c6:4a:66:f1:50:7e:2f:dd:96:d2:
                    d9:60:64:0a:9b:dd:6d:fa:d6:b2:fc:9a:0e:f8:57:
                    ce:ce:67:c8:93:e0:a0:be:5d:eb:46:c4:eb:80:c8:
                    62:1f:9b:45:c3:c6:84:3d:82:e0:c1:73:fe:89:e1:
                    75:07:41:89:dc:ab:5e:da:22:fc:8d:3e:a7:6a:df:
                    24:00:13:af:ac:12:d6:6e:51:fa:02:66:44:97:98:
                    93:9c:ba:b4:2d:04:23:51:e0:93:53:7a:69:89:f4:
                    9b:a4:a9:9b:94:ce:31:d7:fa:26:4a:17:4e:89:19:
                    73:da:1d:d6:f8:af:df:a6:71:7f:6e:46:c9:ff:55:
                    3c:51:78:a4:4a:89:49:b1:3a:98:0a:41:bf:4e:90:
                    c1:b6:9d:97:27:c6:df:44:7b:e6:cf:82:87:49:fc:
                    5c:b9:6c:95:2a:8b:1e:6d:49:e7:b1:c8:75:85:3c:
                    d1:32:12:e0:c0:85:43:2f:57:f1:b9:1d:7b:ff:53:
                    f3:42:88:ee:9b:51:f6:63:36:3f:ad:cc:a3:be:d6:
                    68:79:30:a3:56:17:76:36:67:9d:bc:c9:c4:22:3c:
                    35:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:72:23:C5:8F:A5:0C:70:E3:AE:BF:B1:73:2D:6D:6D:41:F2:C9:8B
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145394.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:aab8::/32

    Signature Algorithm: sha256WithRSAEncryption
         ad:1c:7b:e9:44:9e:ab:1c:1d:85:34:24:da:e6:5c:7b:f7:0f:
         af:19:4c:13:1f:7b:8e:81:cb:59:1a:da:98:09:3d:59:33:4e:
         16:c2:e7:2f:cb:8e:35:85:cb:29:0b:33:a4:b6:93:27:01:5d:
         c2:23:c4:a1:9a:3e:04:7f:13:20:ab:a6:a4:e9:60:47:44:83:
         3e:8a:7c:dc:7a:67:56:ae:ea:51:21:53:93:74:7f:8f:0d:7e:
         a5:09:9e:0a:6c:96:ac:f0:bd:f1:4b:5d:62:44:57:1d:9f:08:
         f1:15:bf:8e:c4:eb:61:78:de:d0:29:e3:fe:50:b6:04:6e:0e:
         f4:35:cc:83:9b:3c:ed:bf:63:b9:ba:bc:05:3d:19:8a:ce:30:
         b0:67:0c:c8:56:05:f0:5a:6c:29:9f:84:87:cf:a6:36:cb:4e:
         bc:de:79:e1:21:7f:00:68:59:90:54:8d:7e:10:c0:d3:da:fc:
         3e:ae:36:4c:ac:80:14:3c:11:50:08:4b:b9:35:29:88:d8:74:
         5f:e9:0f:54:bd:e3:b1:55:1b:96:0e:e7:9a:03:3b:93:b8:68:
         c3:90:95:73:c0:6e:ea:54:e6:65:2a:c2:fc:88:b4:87:de:dd:
         15:4d:2d:52:2d:43:c2:c2:f7:bd:ca:a2:75:34:d7:bb:f8:af:
         2d:9d:b6:1b
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUUc5wlk0T3F5+dzz4MDjUPpjM430wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTQ0NloX
DTI3MDMwMzA2MTk0NlowMzExMC8GA1UEAxMoNEY3MjIzQzU4RkE1MEM3MEUzQUVC
RkIxNzMyRDZENkQ0MUYyQzk4QjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMYxxB3BOPTJ8JCYfZtP77EGctpp59i56x7Nu864NjwF4BrGSmbxUH4v3ZbS
2WBkCpvdbfrWsvyaDvhXzs5nyJPgoL5d60bE64DIYh+bRcPGhD2C4MFz/onhdQdB
idyrXtoi/I0+p2rfJAATr6wS1m5R+gJmRJeYk5y6tC0EI1Hgk1N6aYn0m6Spm5TO
Mdf6JkoXTokZc9od1viv36Zxf25Gyf9VPFF4pEqJSbE6mApBv06QwbadlyfG30R7
5s+Ch0n8XLlslSqLHm1J57HIdYU80TIS4MCFQy9X8bkde/9T80KI7ptR9mM2P63M
o77WaHkwo1YXdjZnnbzJxCI8NdsCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBRPciPF
j6UMcOOuv7FzLW1tQfLJizAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTM5NC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
qrgwDQYJKoZIhvcNAQELBQADggEBAK0ce+lEnqscHYU0JNrmXHv3D68ZTBMfe46B
y1ka2pgJPVkzThbC5y/LjjWFyykLM6S2kycBXcIjxKGaPgR/EyCrpqTpYEdEgz6K
fNx6Z1au6lEhU5N0f48NfqUJngpslqzwvfFLXWJEVx2fCPEVv47E62F43tAp4/5Q
tgRuDvQ1zIObPO2/Y7m6vAU9GYrOMLBnDMhWBfBabCmfhIfPpjbLTrzeeeEhfwBo
WZBUjX4QwNPa/D6uNkysgBQ8EVAIS7k1KYjYdF/pD1S947FVG5YO55oDO5O4aMOQ
lXPAbupU5mUqwvyItIfe3RVNLVItQ8LC973KonU017v4ry2dths=
-----END CERTIFICATE-----