Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145522.roa
File:                     AS145522.roa (raw, json)
Hash identifier:          hzZGNiRANzG0EhvYxlWkQotXb9Xekhl2rsqCGzqOo24=
Subject key identifier:   07:27:80:85:68:AA:CD:09:38:21:E8:1A:9B:AB:8B:95:65:FF:62:61
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       72DD55EF8FFE5EE68C0891C31BAF79044968AB8E
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145522.roa
Signing time:             Wed 04 Mar 2026 06:29:37 +0000
ROA not before:           Wed 04 Mar 2026 06:24:37 +0000
ROA not after:            Wed 03 Mar 2027 06:29:37 +0000
asID:                     145522
IP address blocks:        240a:ab38::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            72:dd:55:ef:8f:fe:5e:e6:8c:08:91:c3:1b:af:79:04:49:68:ab:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:24:37 2026 GMT
            Not After : Mar  3 06:29:37 2027 GMT
        Subject: CN=0727808568AACD093821E81A9BAB8B9565FF6261
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:cb:77:80:09:c1:da:5a:b8:e0:20:de:14:40:
                    b1:7a:07:5f:51:5b:7b:58:96:a0:ba:62:94:cd:99:
                    3e:b1:64:0d:07:2a:56:4b:ba:57:20:4b:1e:9f:e2:
                    00:27:9e:2f:0b:78:da:9f:05:95:29:18:48:9f:3b:
                    1f:14:a8:f0:3b:45:5d:e3:62:0f:1f:63:36:d0:3c:
                    cb:74:19:c6:ef:a8:39:27:7d:ca:49:d7:d1:68:57:
                    96:7f:aa:0e:23:30:69:cf:05:bc:40:a2:8d:91:9b:
                    0f:a3:76:dc:3a:57:26:05:5b:28:b2:11:62:50:b4:
                    db:d4:e4:7f:87:fc:2d:9f:45:f4:59:b6:9b:13:0a:
                    98:9c:b3:5c:db:ae:b8:02:8e:50:54:d1:c5:cf:e3:
                    36:52:7e:1b:45:c2:8a:db:fe:30:93:66:1c:33:48:
                    23:02:c0:f6:2f:66:a1:90:c3:d0:0c:e2:3a:43:91:
                    5d:fd:d6:3d:fb:32:e5:8e:68:d6:ad:76:6f:28:f9:
                    2c:c0:7b:33:97:12:2f:44:68:dd:78:6b:5b:3f:f8:
                    67:c2:2a:dc:63:27:a1:28:f3:2f:11:0e:9d:9e:48:
                    84:74:29:b3:e0:58:c9:0b:11:ea:2b:94:04:dd:6b:
                    e0:28:07:5d:79:00:63:6a:fc:ae:69:25:a7:ab:4e:
                    81:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:27:80:85:68:AA:CD:09:38:21:E8:1A:9B:AB:8B:95:65:FF:62:61
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145522.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:ab38::/32

    Signature Algorithm: sha256WithRSAEncryption
         d8:0d:6b:f5:20:6e:7a:36:4a:c0:90:4e:a8:af:df:87:c7:60:
         72:b5:b9:73:d9:a5:02:25:1d:1c:72:c3:97:6b:4b:cd:53:25:
         46:94:5c:74:82:06:04:43:f0:51:fb:ce:50:52:07:8d:34:9f:
         94:78:98:56:64:d6:f7:44:0e:e6:e0:01:96:f9:c6:cc:bf:55:
         94:e1:1a:47:7f:a3:08:3c:5a:17:4a:0e:19:64:a0:28:cd:03:
         01:53:63:46:78:4f:78:8b:5d:2e:f5:bb:cf:9e:50:81:3d:3d:
         c4:04:95:ce:2f:40:a4:d5:e1:eb:27:82:2d:a6:1d:59:8e:cd:
         89:2a:9d:32:bd:3e:ae:f7:c5:38:7a:aa:18:59:ac:b4:a2:51:
         4c:9a:d9:6d:d1:f9:e8:75:ef:47:f2:a0:9c:c6:a4:31:23:2c:
         ff:8d:aa:c0:8a:f9:35:be:86:0d:83:63:50:43:9f:79:8d:6e:
         ed:c5:51:e4:ca:15:e1:d9:26:92:ad:b1:c0:d6:23:40:e5:69:
         91:da:f5:13:61:dc:17:f9:31:a3:46:0f:a5:ad:d4:f5:7a:21:
         20:fe:85:fe:19:ad:4d:fe:7d:83:e4:2d:94:41:70:13:01:6b:
         a8:93:ac:ff:a1:d9:60:1e:aa:65:86:28:c1:f4:24:10:e8:0a:
         46:65:5a:e1
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUct1V74/+XuaMCJHDG695BEloq44wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MjQzN1oX
DTI3MDMwMzA2MjkzN1owMzExMC8GA1UEAxMoMDcyNzgwODU2OEFBQ0QwOTM4MjFF
ODFBOUJBQjhCOTU2NUZGNjI2MTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAN7Ld4AJwdpauOAg3hRAsXoHX1Fbe1iWoLpilM2ZPrFkDQcqVku6VyBLHp/i
ACeeLwt42p8FlSkYSJ87HxSo8DtFXeNiDx9jNtA8y3QZxu+oOSd9yknX0WhXln+q
DiMwac8FvECijZGbD6N23DpXJgVbKLIRYlC029Tkf4f8LZ9F9Fm2mxMKmJyzXNuu
uAKOUFTRxc/jNlJ+G0XCitv+MJNmHDNIIwLA9i9moZDD0AziOkORXf3WPfsy5Y5o
1q12byj5LMB7M5cSL0Ro3XhrWz/4Z8Iq3GMnoSjzLxEOnZ5IhHQps+BYyQsR6iuU
BN1r4CgHXXkAY2r8rmklp6tOgT0CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQHJ4CF
aKrNCTgh6Bqbq4uVZf9iYTAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTUyMi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
qzgwDQYJKoZIhvcNAQELBQADggEBANgNa/Ugbno2SsCQTqiv34fHYHK1uXPZpQIl
HRxyw5drS81TJUaUXHSCBgRD8FH7zlBSB400n5R4mFZk1vdEDubgAZb5xsy/VZTh
Gkd/owg8WhdKDhlkoCjNAwFTY0Z4T3iLXS71u8+eUIE9PcQElc4vQKTV4esngi2m
HVmOzYkqnTK9Pq73xTh6qhhZrLSiUUya2W3R+eh170fyoJzGpDEjLP+NqsCK+TW+
hg2DY1BDn3mNbu3FUeTKFeHZJpKtscDWI0DlaZHa9RNh3Bf5MaNGD6Wt1PV6ISD+
hf4ZrU3+fYPkLZRBcBMBa6iTrP+h2WAeqmWGKMH0JBDoCkZlWuE=
-----END CERTIFICATE-----