Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145706.roa
File:                     AS145706.roa (raw, json)
Hash identifier:          PWt5JMEgPTHKSR2kIyAUGm2x6Uqf049fRjdmmfZTMUg=
Subject key identifier:   B1:36:36:24:AD:0C:89:47:BB:24:AF:02:00:A7:99:51:FC:48:8A:A0
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       5484D55565727C7DCE49158935A3F7D1C16FAED0
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145706.roa
Signing time:             Wed 04 Mar 2026 06:30:25 +0000
ROA not before:           Wed 04 Mar 2026 06:25:25 +0000
ROA not after:            Wed 03 Mar 2027 06:30:25 +0000
asID:                     145706
IP address blocks:        240a:abf0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            54:84:d5:55:65:72:7c:7d:ce:49:15:89:35:a3:f7:d1:c1:6f:ae:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:25:25 2026 GMT
            Not After : Mar  3 06:30:25 2027 GMT
        Subject: CN=B1363624AD0C8947BB24AF0200A79951FC488AA0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:14:8a:c5:07:a6:45:5c:3e:55:8f:85:14:56:
                    0f:cd:ae:7b:7d:c7:f6:af:db:e0:4e:a8:8e:bd:e6:
                    b6:5d:00:0f:cf:e5:53:2c:87:eb:a9:b6:d1:ff:25:
                    e3:14:48:14:17:37:ec:c9:66:47:ea:f7:d1:b3:f6:
                    2b:52:60:70:57:3c:0e:ef:57:b7:2c:b0:0d:b2:4c:
                    58:5a:42:47:87:92:43:5b:8c:0a:be:66:79:57:28:
                    dd:6e:a3:16:37:96:13:52:28:01:17:90:5c:d4:32:
                    ca:27:4d:ad:6f:cc:bf:81:cd:3b:2a:3d:fa:ae:d5:
                    5b:14:9e:50:92:20:75:af:52:e6:6d:14:d3:7c:c8:
                    c6:12:48:f5:a7:51:36:dd:2b:0e:b7:16:a6:47:7b:
                    0d:34:40:68:aa:05:aa:da:88:46:90:89:b4:0d:9b:
                    45:5a:2b:db:67:a4:cc:ed:05:7b:b0:9b:f7:ad:7b:
                    3c:b8:54:81:58:78:b1:8e:90:a1:9a:5c:ae:d0:d1:
                    e4:f2:0c:a4:3c:34:8b:b3:ac:a4:be:cd:8a:95:db:
                    1a:25:74:28:71:79:6a:fe:26:54:cf:b1:83:7d:38:
                    1a:e4:83:f7:a6:38:ba:09:cf:50:27:4c:5a:35:b2:
                    d5:6d:e6:a5:97:c6:01:23:3f:88:e4:df:8f:4e:51:
                    06:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:36:36:24:AD:0C:89:47:BB:24:AF:02:00:A7:99:51:FC:48:8A:A0
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145706.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:abf0::/32

    Signature Algorithm: sha256WithRSAEncryption
         3e:65:93:67:0a:4d:23:89:05:8b:9d:09:04:31:53:dc:4f:bb:
         b9:c0:b7:a7:ff:6a:20:a1:ca:91:29:82:bc:ed:26:cf:9d:f8:
         04:66:cb:c9:a8:26:d3:dc:e0:91:1c:16:40:06:38:27:e6:f0:
         49:5a:6c:71:38:82:48:58:8e:9b:c4:11:e2:00:75:37:66:1c:
         08:e8:34:33:a4:02:c9:b8:5b:8f:ff:8f:f4:1e:fb:14:14:b4:
         d0:53:eb:ad:b0:81:b9:d7:95:fc:fe:5a:1a:07:6e:ae:b7:dd:
         97:56:1b:6b:c8:1a:8f:10:97:66:f6:16:63:e9:72:69:3c:3e:
         b7:b0:d7:af:16:a2:be:b0:6a:e0:65:08:37:87:1d:ed:b4:61:
         13:74:b9:48:cd:8e:10:4d:d9:3b:eb:28:a5:eb:10:67:76:b3:
         cc:29:18:e4:7f:9a:07:27:ce:65:7a:ce:21:5a:1a:40:e4:0a:
         6b:19:4b:57:af:76:87:08:32:8e:d7:27:49:78:16:0f:58:1c:
         1b:7c:39:f9:74:e3:98:e7:e3:10:67:6e:8d:5e:16:d1:eb:78:
         c2:c2:60:a8:7b:ab:85:8c:50:25:8d:f9:2c:de:76:92:a0:a0:
         45:fa:5d:2a:e1:7b:4a:a2:72:50:c2:22:0b:47:f1:40:51:2c:
         18:16:29:d3
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUVITVVWVyfH3OSRWJNaP30cFvrtAwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MjUyNVoX
DTI3MDMwMzA2MzAyNVowMzExMC8GA1UEAxMoQjEzNjM2MjRBRDBDODk0N0JCMjRB
RjAyMDBBNzk5NTFGQzQ4OEFBMDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK4UisUHpkVcPlWPhRRWD82ue33H9q/b4E6ojr3mtl0AD8/lUyyH66m20f8l
4xRIFBc37MlmR+r30bP2K1JgcFc8Du9XtyywDbJMWFpCR4eSQ1uMCr5meVco3W6j
FjeWE1IoAReQXNQyyidNrW/Mv4HNOyo9+q7VWxSeUJIgda9S5m0U03zIxhJI9adR
Nt0rDrcWpkd7DTRAaKoFqtqIRpCJtA2bRVor22ekzO0Fe7Cb9617PLhUgVh4sY6Q
oZpcrtDR5PIMpDw0i7OspL7NipXbGiV0KHF5av4mVM+xg304GuSD96Y4ugnPUCdM
WjWy1W3mpZfGASM/iOTfj05RBuMCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBSxNjYk
rQyJR7skrwIAp5lR/EiKoDAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTcwNi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
q/AwDQYJKoZIhvcNAQELBQADggEBAD5lk2cKTSOJBYudCQQxU9xPu7nAt6f/aiCh
ypEpgrztJs+d+ARmy8moJtPc4JEcFkAGOCfm8ElabHE4gkhYjpvEEeIAdTdmHAjo
NDOkAsm4W4//j/Qe+xQUtNBT662wgbnXlfz+WhoHbq633ZdWG2vIGo8Ql2b2FmPp
cmk8Prew168Wor6wauBlCDeHHe20YRN0uUjNjhBN2TvrKKXrEGd2s8wpGOR/mgcn
zmV6ziFaGkDkCmsZS1evdocIMo7XJ0l4Fg9YHBt8Ofl045jn4xBnbo1eFtHreMLC
YKh7q4WMUCWN+SzedpKgoEX6XSrhe0qiclDCIgtH8UBRLBgWKdM=
-----END CERTIFICATE-----