Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145631.roa
File:                     AS145631.roa (raw, json)
Hash identifier:          me8Hs3wMSd39jEfJLFulwMrEog/h7f6tG9YMMx4ctSU=
Subject key identifier:   C3:83:7B:B4:E0:19:30:06:B9:89:B1:3C:F1:41:54:14:DA:E3:71:CD
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       4F6281070BFF8E718130076A1D13EA8E4B9BBE88
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145631.roa
Signing time:             Wed 04 Mar 2026 06:30:22 +0000
ROA not before:           Wed 04 Mar 2026 06:25:22 +0000
ROA not after:            Wed 03 Mar 2027 06:30:22 +0000
asID:                     145631
IP address blocks:        240a:aba5::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4f:62:81:07:0b:ff:8e:71:81:30:07:6a:1d:13:ea:8e:4b:9b:be:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:25:22 2026 GMT
            Not After : Mar  3 06:30:22 2027 GMT
        Subject: CN=C3837BB4E0193006B989B13CF1415414DAE371CD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:95:81:b4:e1:6a:d2:cf:35:8b:12:7c:da:09:
                    db:15:d4:de:44:f6:a9:0a:e2:a0:1a:d0:a5:08:d0:
                    cd:24:75:3e:07:fc:24:9f:53:f8:5a:43:98:40:64:
                    97:83:e1:24:fc:1b:7f:c4:0c:97:9b:62:fd:a8:b8:
                    d0:5e:7d:bb:ed:cd:c2:a7:e8:b1:60:78:fb:c8:9a:
                    a4:04:66:74:06:b8:75:03:60:db:e4:a6:68:e3:51:
                    d5:a6:63:a9:dc:bb:ed:62:12:99:27:89:6f:e5:d3:
                    34:61:6f:9f:12:50:d5:77:98:a6:74:94:e6:c4:34:
                    4c:85:d4:81:d6:1f:83:27:42:63:e6:48:f8:8b:fa:
                    d4:b3:0b:68:52:8c:46:c2:66:cb:46:b1:b9:2a:5a:
                    95:76:84:ce:6e:d1:4d:ec:4e:c1:e8:63:be:97:46:
                    f7:73:32:3e:4d:51:82:8f:63:9e:d0:a3:cb:2b:21:
                    75:e1:44:1e:14:2b:9e:4b:9a:d0:da:d5:c1:dc:db:
                    b0:ae:de:42:e0:83:b5:8f:b1:51:27:2b:d0:3a:51:
                    e7:59:41:04:19:6a:a1:c3:84:20:13:db:9e:54:a3:
                    2e:90:6f:50:80:84:7c:33:a4:66:4a:25:f8:0a:e6:
                    5f:79:b3:fc:65:e5:cb:fb:ee:6c:66:a5:82:2a:e4:
                    c6:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:83:7B:B4:E0:19:30:06:B9:89:B1:3C:F1:41:54:14:DA:E3:71:CD
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145631.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:aba5::/32

    Signature Algorithm: sha256WithRSAEncryption
         6c:51:e1:4c:09:f4:d4:be:a7:60:b6:1b:67:9d:46:d6:2d:06:
         55:ba:c9:8c:72:2b:54:a6:0e:f4:6b:53:d3:89:c6:3f:b2:86:
         49:54:7e:0d:ec:2c:9a:69:ac:5a:1f:4a:f9:04:09:6b:c1:46:
         92:ea:1e:42:2f:b9:dd:50:3b:21:3f:75:04:a6:00:da:3d:61:
         cc:12:20:cd:2d:87:98:fd:39:33:2c:09:d1:0e:33:81:c3:81:
         ea:af:fa:a4:a9:ba:9d:a3:ff:d9:c9:ac:01:9d:91:2b:30:a8:
         1c:b7:e1:22:9f:4f:a8:76:16:e9:3c:40:2c:c0:77:42:65:33:
         51:a5:11:63:93:62:f2:51:3d:48:20:88:aa:a1:ef:d5:4f:72:
         4e:41:47:4a:24:dc:c6:30:32:43:1f:5f:83:84:ca:74:2a:eb:
         92:8e:02:a5:b1:f2:08:dd:e2:2e:c1:ae:b2:e5:9c:a1:47:13:
         42:9f:ad:df:27:bb:dc:15:0d:1d:a2:e6:23:a8:e1:a6:16:cd:
         ae:38:64:8b:e0:43:24:4f:f2:1a:26:2a:54:2f:28:ef:f7:1e:
         15:27:63:24:76:91:4d:e1:9e:b6:15:f9:30:63:8d:49:78:80:
         ea:30:2b:dd:ce:1d:cb:c9:48:29:bc:c4:41:db:d6:d4:1b:a6:
         47:b1:eb:42
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUT2KBBwv/jnGBMAdqHRPqjkubvogwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MjUyMloX
DTI3MDMwMzA2MzAyMlowMzExMC8GA1UEAxMoQzM4MzdCQjRFMDE5MzAwNkI5ODlC
MTNDRjE0MTU0MTREQUUzNzFDRDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKSVgbThatLPNYsSfNoJ2xXU3kT2qQrioBrQpQjQzSR1Pgf8JJ9T+FpDmEBk
l4PhJPwbf8QMl5ti/ai40F59u+3NwqfosWB4+8iapARmdAa4dQNg2+SmaONR1aZj
qdy77WISmSeJb+XTNGFvnxJQ1XeYpnSU5sQ0TIXUgdYfgydCY+ZI+Iv61LMLaFKM
RsJmy0axuSpalXaEzm7RTexOwehjvpdG93MyPk1Rgo9jntCjyyshdeFEHhQrnkua
0NrVwdzbsK7eQuCDtY+xUScr0DpR51lBBBlqocOEIBPbnlSjLpBvUICEfDOkZkol
+ArmX3mz/GXly/vubGalgirkxjkCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBTDg3u0
4BkwBrmJsTzxQVQU2uNxzTAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTYzMS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
q6UwDQYJKoZIhvcNAQELBQADggEBAGxR4UwJ9NS+p2C2G2edRtYtBlW6yYxyK1Sm
DvRrU9OJxj+yhklUfg3sLJpprFofSvkECWvBRpLqHkIvud1QOyE/dQSmANo9YcwS
IM0th5j9OTMsCdEOM4HDgeqv+qSpup2j/9nJrAGdkSswqBy34SKfT6h2Fuk8QCzA
d0JlM1GlEWOTYvJRPUggiKqh79VPck5BR0ok3MYwMkMfX4OEynQq65KOAqWx8gjd
4i7BrrLlnKFHE0Kfrd8nu9wVDR2i5iOo4aYWza44ZIvgQyRP8homKlQvKO/3HhUn
YyR2kU3hnrYV+TBjjUl4gOowK93OHcvJSCm8xEHb1tQbpkex60I=
-----END CERTIFICATE-----