Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145471.roa
File:                     AS145471.roa (raw, json)
Hash identifier:          qD4KrHbVp751QYpvkDjjEUELAA3BI/rjUaH92aJUFnc=
Subject key identifier:   B7:75:28:1C:32:D0:00:0F:A8:87:08:F1:BE:50:15:C1:AE:A0:4D:57
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       03CDFD618ECFCD68DB3F30655DD4CA6D16960523
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145471.roa
Signing time:             Wed 04 Mar 2026 06:22:19 +0000
ROA not before:           Wed 04 Mar 2026 06:17:19 +0000
ROA not after:            Wed 03 Mar 2027 06:22:19 +0000
asID:                     145471
IP address blocks:        240a:ab05::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:cd:fd:61:8e:cf:cd:68:db:3f:30:65:5d:d4:ca:6d:16:96:05:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:17:19 2026 GMT
            Not After : Mar  3 06:22:19 2027 GMT
        Subject: CN=B775281C32D0000FA88708F1BE5015C1AEA04D57
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:6b:b6:d8:25:d1:bc:8d:93:b4:56:29:41:89:
                    d0:4f:5c:19:73:c3:83:ab:52:80:80:92:7b:5f:17:
                    4c:10:e3:5c:40:53:72:a6:39:b2:0d:70:52:f3:38:
                    c0:8b:70:0e:e6:15:86:36:47:5f:2c:20:97:56:48:
                    48:18:0a:aa:4d:e3:32:df:75:d0:39:17:b9:81:df:
                    8f:b2:52:91:ba:ee:e8:91:4e:35:f5:39:44:68:99:
                    c7:6e:8b:e3:a9:c4:0b:58:fc:be:5e:2e:42:f6:73:
                    ba:51:68:9b:ae:6c:b8:0d:81:d1:4b:15:04:17:df:
                    6d:27:a1:fb:cb:fa:7f:05:9c:61:60:5d:1f:6b:fe:
                    2c:de:fc:96:8b:27:9c:5d:36:69:ef:e4:89:0b:1b:
                    00:63:a2:a0:ac:82:07:9f:a2:c1:7a:b0:76:41:2d:
                    e5:ce:1f:df:b4:40:23:b8:8b:d5:3e:b7:b1:81:17:
                    ea:4a:d8:2e:26:de:d0:eb:ed:e3:57:8f:e7:1d:f8:
                    85:4c:dd:89:4a:8e:9e:8f:8b:91:c8:77:2d:bf:e8:
                    48:c1:20:81:77:9e:f3:3c:66:e6:07:07:5c:39:0c:
                    f9:43:15:65:99:da:e2:61:82:04:a8:1e:68:eb:23:
                    27:ff:75:c0:d3:c0:df:3f:df:fc:ff:38:62:39:1b:
                    53:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:75:28:1C:32:D0:00:0F:A8:87:08:F1:BE:50:15:C1:AE:A0:4D:57
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145471.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:ab05::/32

    Signature Algorithm: sha256WithRSAEncryption
         1b:06:2d:88:64:dc:fc:4a:14:8b:d6:3e:b0:01:6b:68:fa:18:
         35:ce:73:d5:a9:3c:a0:c9:aa:38:df:af:60:30:66:e7:6c:93:
         ed:b7:65:af:db:c6:0e:6d:85:b2:9c:80:49:43:08:d9:de:cc:
         0f:8e:bc:03:22:de:bf:e7:b3:dd:b6:2c:01:50:3b:46:b7:ea:
         da:eb:98:e9:ce:d3:bc:a5:08:ce:38:72:30:a2:92:f4:65:ad:
         8c:5f:54:cc:d8:ef:f0:e3:83:c1:8a:e4:24:5e:f8:82:8a:0c:
         61:a7:f3:25:2b:0e:2b:f2:c4:5e:d4:66:f1:1f:c2:20:58:b3:
         20:8e:b0:e7:bf:a9:98:91:bc:de:ef:52:a1:20:30:32:7c:39:
         40:20:85:b5:cd:f5:d3:65:d9:d9:ce:6f:77:d4:ea:7f:b1:ae:
         62:69:b4:4b:15:97:c2:9a:3f:98:fb:f7:c2:54:cd:aa:72:8f:
         17:0d:80:ac:24:be:d5:0e:e7:1f:e3:b9:c1:94:72:4a:7f:1e:
         65:81:23:39:be:39:20:f5:b9:28:c0:be:54:26:71:20:c5:40:
         fe:90:a1:42:16:3c:de:ff:51:00:dc:7b:2c:7e:cf:ce:24:46:
         31:47:e8:7f:32:61:32:11:f4:2b:76:1d:da:de:29:3e:c7:90:
         d9:6d:01:9f
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUA839YY7PzWjbPzBlXdTKbRaWBSMwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTcxOVoX
DTI3MDMwMzA2MjIxOVowMzExMC8GA1UEAxMoQjc3NTI4MUMzMkQwMDAwRkE4ODcw
OEYxQkU1MDE1QzFBRUEwNEQ1NzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALxrttgl0byNk7RWKUGJ0E9cGXPDg6tSgICSe18XTBDjXEBTcqY5sg1wUvM4
wItwDuYVhjZHXywgl1ZISBgKqk3jMt910DkXuYHfj7JSkbru6JFONfU5RGiZx26L
46nEC1j8vl4uQvZzulFom65suA2B0UsVBBffbSeh+8v6fwWcYWBdH2v+LN78losn
nF02ae/kiQsbAGOioKyCB5+iwXqwdkEt5c4f37RAI7iL1T63sYEX6krYLibe0Ovt
41eP5x34hUzdiUqOno+Lkch3Lb/oSMEggXee8zxm5gcHXDkM+UMVZZna4mGCBKge
aOsjJ/91wNPA3z/f/P84YjkbU2sCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBS3dSgc
MtAAD6iHCPG+UBXBrqBNVzAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTQ3MS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
qwUwDQYJKoZIhvcNAQELBQADggEBABsGLYhk3PxKFIvWPrABa2j6GDXOc9WpPKDJ
qjjfr2AwZudsk+23Za/bxg5thbKcgElDCNnezA+OvAMi3r/ns922LAFQO0a36trr
mOnO07ylCM44cjCikvRlrYxfVMzY7/Djg8GK5CRe+IKKDGGn8yUrDivyxF7UZvEf
wiBYsyCOsOe/qZiRvN7vUqEgMDJ8OUAghbXN9dNl2dnOb3fU6n+xrmJptEsVl8Ka
P5j798JUzapyjxcNgKwkvtUO5x/jucGUckp/HmWBIzm+OSD1uSjAvlQmcSDFQP6Q
oUIWPN7/UQDceyx+z84kRjFH6H8yYTIR9Ct2HdreKT7HkNltAZ8=
-----END CERTIFICATE-----