Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145677.roa
File:                     AS145677.roa (raw, json)
Hash identifier:          UJXE1PqXCsDYdWZMkYnt48rDTRXrESi3kWnTk6WFwHY=
Subject key identifier:   AB:B9:47:53:4A:BC:54:E6:51:7B:91:F9:C3:DD:A0:9C:3E:8F:30:66
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       281B2F1C43DEDAF92EC7E8D32815EAF525915321
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145677.roa
Signing time:             Wed 04 Mar 2026 06:29:46 +0000
ROA not before:           Wed 04 Mar 2026 06:24:46 +0000
ROA not after:            Wed 03 Mar 2027 06:29:46 +0000
asID:                     145677
IP address blocks:        240a:abd3::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:1b:2f:1c:43:de:da:f9:2e:c7:e8:d3:28:15:ea:f5:25:91:53:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:24:46 2026 GMT
            Not After : Mar  3 06:29:46 2027 GMT
        Subject: CN=ABB947534ABC54E6517B91F9C3DDA09C3E8F3066
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:79:63:7e:80:3d:7e:9b:b0:54:3f:b5:5e:a7:
                    89:ce:de:6b:5b:db:19:6e:45:2c:3f:1f:56:86:fa:
                    06:a7:3d:63:ed:b7:c8:5c:cb:92:32:35:a2:90:56:
                    4b:33:8d:60:85:46:f6:49:5c:08:ec:f7:5f:f5:86:
                    1d:01:52:87:eb:c6:30:3f:1d:fa:4f:ea:8d:2a:9a:
                    05:c7:28:5a:47:3b:1f:de:d9:cd:c4:3c:59:20:85:
                    77:f1:35:41:3a:10:f4:99:32:8f:08:ba:c7:da:16:
                    87:d8:55:36:10:e3:2a:6a:90:2a:37:e2:2c:f8:cf:
                    7e:15:f8:11:d4:ab:b4:8e:18:ae:63:49:ac:9c:9d:
                    9f:6a:ab:06:68:b0:b7:47:c1:28:69:83:00:33:dd:
                    45:97:a7:08:82:6b:54:3b:84:3a:37:bd:7b:59:9f:
                    07:3c:12:ce:dd:ae:72:7e:62:9b:b6:d0:94:f6:ae:
                    18:75:60:4b:56:35:b1:2b:fc:85:4a:84:a1:e0:e7:
                    5b:69:fc:32:a6:40:f8:10:46:b0:08:0b:59:6b:28:
                    61:0d:d0:1f:02:b7:1b:ed:22:ea:c1:75:59:b3:33:
                    a9:8e:a3:11:d9:9c:57:bb:d1:5a:70:c7:a6:47:fe:
                    87:38:13:60:c5:3c:48:c5:bb:b5:45:86:ec:42:c2:
                    02:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:B9:47:53:4A:BC:54:E6:51:7B:91:F9:C3:DD:A0:9C:3E:8F:30:66
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145677.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:abd3::/32

    Signature Algorithm: sha256WithRSAEncryption
         9d:30:af:da:34:5b:07:8b:1e:9d:fd:37:ac:f9:6a:83:3c:6b:
         5f:c6:ba:f4:17:3a:2a:7f:9c:0d:3a:29:21:e2:07:43:d1:c3:
         5b:cf:b5:cc:26:a9:99:7f:2f:e9:f8:c1:59:d9:a2:3c:65:6b:
         9c:94:fe:64:5c:07:94:03:3a:e2:89:2d:48:21:7b:76:53:30:
         91:c9:cf:fe:1f:7c:b6:98:3b:9c:29:85:2e:fa:5b:7c:8d:06:
         f8:4a:9d:1a:6d:a7:ec:bf:9c:7e:4d:0c:bf:8c:08:a7:a9:9a:
         d7:5e:0a:80:80:44:95:4c:7b:48:2b:64:4b:fe:2e:89:1d:af:
         4f:56:ed:e3:33:2a:33:ce:09:b6:a0:d0:3e:e8:bc:e3:ce:3d:
         fb:9a:f6:2c:d3:42:6d:a0:b3:26:b7:96:6f:72:6c:60:5d:70:
         bd:12:12:5d:6b:1b:2a:f6:08:20:8a:39:86:94:52:cf:86:8f:
         3e:71:e6:c3:40:9f:8c:56:61:a8:c9:27:6e:46:4e:df:97:5f:
         c4:cb:af:23:fe:92:f1:25:6b:c1:44:d3:a7:70:b7:73:13:32:
         73:56:96:00:dd:fa:0b:3d:4c:21:fe:d2:32:64:b3:60:37:60:
         0d:37:9b:aa:35:c9:b9:f5:63:88:6f:58:f7:dc:82:70:87:43:
         0f:7d:5f:b3
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUKBsvHEPe2vkux+jTKBXq9SWRUyEwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MjQ0NloX
DTI3MDMwMzA2Mjk0NlowMzExMC8GA1UEAxMoQUJCOTQ3NTM0QUJDNTRFNjUxN0I5
MUY5QzNEREEwOUMzRThGMzA2NjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAIh5Y36APX6bsFQ/tV6nic7ea1vbGW5FLD8fVob6Bqc9Y+23yFzLkjI1opBW
SzONYIVG9klcCOz3X/WGHQFSh+vGMD8d+k/qjSqaBccoWkc7H97ZzcQ8WSCFd/E1
QToQ9Jkyjwi6x9oWh9hVNhDjKmqQKjfiLPjPfhX4EdSrtI4YrmNJrJydn2qrBmiw
t0fBKGmDADPdRZenCIJrVDuEOje9e1mfBzwSzt2ucn5im7bQlPauGHVgS1Y1sSv8
hUqEoeDnW2n8MqZA+BBGsAgLWWsoYQ3QHwK3G+0i6sF1WbMzqY6jEdmcV7vRWnDH
pkf+hzgTYMU8SMW7tUWG7ELCApcCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBSruUdT
SrxU5lF7kfnD3aCcPo8wZjAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTY3Ny5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
q9MwDQYJKoZIhvcNAQELBQADggEBAJ0wr9o0WweLHp39N6z5aoM8a1/GuvQXOip/
nA06KSHiB0PRw1vPtcwmqZl/L+n4wVnZojxla5yU/mRcB5QDOuKJLUghe3ZTMJHJ
z/4ffLaYO5wphS76W3yNBvhKnRptp+y/nH5NDL+MCKepmtdeCoCARJVMe0grZEv+
Lokdr09W7eMzKjPOCbag0D7ovOPOPfua9izTQm2gsya3lm9ybGBdcL0SEl1rGyr2
CCCKOYaUUs+Gjz5x5sNAn4xWYajJJ25GTt+XX8TLryP+kvEla8FE06dwt3MTMnNW
lgDd+gs9TCH+0jJks2A3YA03m6o1ybn1Y4hvWPfcgnCHQw99X7M=
-----END CERTIFICATE-----