Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145680.roa
File:                     AS145680.roa (raw, json)
Hash identifier:          wHiCUC6y+VNzvG7D93VyqhAoqcFzm8dC/qXroZZEl8Y=
Subject key identifier:   31:F5:D5:66:2E:53:A9:D3:D9:44:A0:09:F8:E7:7D:E5:51:BE:68:86
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       2E053203AE6DF4E61DAFEE923FDB09633E62C94F
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145680.roa
Signing time:             Wed 04 Mar 2026 06:30:54 +0000
ROA not before:           Wed 04 Mar 2026 06:25:54 +0000
ROA not after:            Wed 03 Mar 2027 06:30:54 +0000
asID:                     145680
IP address blocks:        240a:abd6::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2e:05:32:03:ae:6d:f4:e6:1d:af:ee:92:3f:db:09:63:3e:62:c9:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:25:54 2026 GMT
            Not After : Mar  3 06:30:54 2027 GMT
        Subject: CN=31F5D5662E53A9D3D944A009F8E77DE551BE6886
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:87:f4:5a:40:90:23:6f:27:fb:98:11:ad:58:
                    b3:8a:06:5c:7a:49:7a:06:80:1e:6a:ce:62:ec:47:
                    2f:4a:6d:0f:33:a8:ba:dd:01:98:f8:3f:d5:34:29:
                    5c:f1:7b:c0:86:cb:fb:17:82:3e:73:af:de:27:db:
                    75:ea:6a:ac:98:dd:0a:82:b8:d4:44:ca:b4:87:21:
                    56:37:f9:e2:05:96:bb:92:44:81:56:bc:94:9e:63:
                    c8:a3:ab:59:93:a7:c6:1c:b9:13:b8:0d:3e:aa:09:
                    c2:47:ad:04:c6:dd:a6:4d:11:21:88:bb:3f:00:3b:
                    4e:62:ad:ea:fe:79:87:dc:f3:7d:d1:e1:c1:8b:60:
                    ca:71:d3:7a:11:4a:74:73:cb:1a:0c:1c:54:4b:df:
                    1e:6b:b8:b8:7e:fe:1e:21:a5:c5:92:6d:fd:0c:36:
                    4a:d1:a9:62:dc:d0:55:de:96:6f:b8:5a:4d:3a:6e:
                    37:61:96:10:e9:5a:10:c4:09:96:c7:d2:2e:0c:56:
                    d5:8f:7a:a9:65:cc:97:06:a3:f1:bf:13:7d:77:38:
                    ed:51:76:7f:02:18:52:a2:66:2d:f5:bc:36:d6:d4:
                    5d:8b:c5:4d:6a:8d:8d:d7:be:b9:1b:35:7e:08:9a:
                    73:da:82:a8:98:bf:b2:1a:e2:0a:ee:92:88:22:e4:
                    81:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:F5:D5:66:2E:53:A9:D3:D9:44:A0:09:F8:E7:7D:E5:51:BE:68:86
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145680.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:abd6::/32

    Signature Algorithm: sha256WithRSAEncryption
         22:17:8e:b6:38:04:f3:99:df:28:f4:bc:9c:c2:3f:ec:4b:a2:
         d0:96:c7:be:60:d8:f9:6c:44:ef:5b:ef:45:76:13:81:67:18:
         37:08:57:1f:f0:72:6c:77:98:3f:c5:b5:3a:f3:4a:8c:8a:6c:
         ca:10:d2:eb:cb:ca:31:ab:0d:4f:bc:f7:70:a3:3c:3d:2c:1e:
         e1:6c:1d:aa:a3:6a:ac:1c:fb:df:4a:14:2c:1d:58:23:67:cb:
         45:aa:f5:2f:0e:39:54:a7:be:7c:27:34:b6:ad:b8:39:6a:b6:
         06:e9:e6:45:aa:7e:b4:57:f0:4f:b6:a8:78:b1:36:e9:fd:b2:
         ff:d4:59:b4:f6:dc:c4:43:23:f9:56:09:7b:5c:1d:1e:46:33:
         80:7c:04:0f:f5:47:09:4b:bd:58:73:98:a7:29:3e:c9:3f:91:
         13:76:22:cd:c7:50:7f:b6:7d:4b:31:da:4a:ad:48:5d:a9:50:
         ca:08:9b:ef:36:09:03:62:b1:d0:b2:8f:e4:45:0d:bd:2c:9b:
         df:0f:e8:4c:fb:bf:15:69:f9:f5:e9:75:1e:01:c3:bd:e1:fd:
         bd:3d:29:d5:51:d2:fc:31:6c:0d:0e:2f:fc:ad:8a:cb:fe:77:
         6c:eb:26:8c:3c:08:a5:43:20:ab:d1:e6:de:47:49:54:f3:73:
         cf:6e:ef:68
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIULgUyA65t9OYdr+6SP9sJYz5iyU8wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MjU1NFoX
DTI3MDMwMzA2MzA1NFowMzExMC8GA1UEAxMoMzFGNUQ1NjYyRTUzQTlEM0Q5NDRB
MDA5RjhFNzdERTU1MUJFNjg4NjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKOH9FpAkCNvJ/uYEa1Ys4oGXHpJegaAHmrOYuxHL0ptDzOout0BmPg/1TQp
XPF7wIbL+xeCPnOv3ifbdepqrJjdCoK41ETKtIchVjf54gWWu5JEgVa8lJ5jyKOr
WZOnxhy5E7gNPqoJwketBMbdpk0RIYi7PwA7TmKt6v55h9zzfdHhwYtgynHTehFK
dHPLGgwcVEvfHmu4uH7+HiGlxZJt/Qw2StGpYtzQVd6Wb7haTTpuN2GWEOlaEMQJ
lsfSLgxW1Y96qWXMlwaj8b8TfXc47VF2fwIYUqJmLfW8NtbUXYvFTWqNjde+uRs1
fgiac9qCqJi/shriCu6SiCLkgZUCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQx9dVm
LlOp09lEoAn4533lUb5ohjAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTY4MC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
q9YwDQYJKoZIhvcNAQELBQADggEBACIXjrY4BPOZ3yj0vJzCP+xLotCWx75g2Pls
RO9b70V2E4FnGDcIVx/wcmx3mD/FtTrzSoyKbMoQ0uvLyjGrDU+893CjPD0sHuFs
Haqjaqwc+99KFCwdWCNny0Wq9S8OOVSnvnwnNLatuDlqtgbp5kWqfrRX8E+2qHix
Nun9sv/UWbT23MRDI/lWCXtcHR5GM4B8BA/1RwlLvVhzmKcpPsk/kRN2Is3HUH+2
fUsx2kqtSF2pUMoIm+82CQNisdCyj+RFDb0sm98P6Ez7vxVp+fXpdR4Bw73h/b09
KdVR0vwxbA0OL/ytisv+d2zrJow8CKVDIKvR5t5HSVTzc89u72g=
-----END CERTIFICATE-----