Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145730.roa
File:                     AS145730.roa (raw, json)
Hash identifier:          QiGnFW3DNXCtv+UXgGLGOv9894VqydeY1Be/tD0hem8=
Subject key identifier:   DF:EC:8C:EA:84:A7:04:42:02:62:44:4E:8B:87:E6:40:CC:78:BC:D8
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       3452795CAE7637EE9EBFB794E2103CBF2767750F
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145730.roa
Signing time:             Wed 04 Mar 2026 06:30:45 +0000
ROA not before:           Wed 04 Mar 2026 06:25:45 +0000
ROA not after:            Wed 03 Mar 2027 06:30:45 +0000
asID:                     145730
IP address blocks:        240a:ac08::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:52:79:5c:ae:76:37:ee:9e:bf:b7:94:e2:10:3c:bf:27:67:75:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:25:45 2026 GMT
            Not After : Mar  3 06:30:45 2027 GMT
        Subject: CN=DFEC8CEA84A704420262444E8B87E640CC78BCD8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:e1:1a:2d:e3:7e:33:3f:34:1d:31:20:be:5c:
                    95:56:5e:f5:f9:79:3b:a9:23:6a:52:d5:cb:c1:72:
                    f1:e6:a2:08:20:55:93:cc:d9:58:ae:0e:8b:c5:25:
                    18:82:00:ff:2b:93:de:9d:68:ff:67:d7:a8:30:ce:
                    23:ed:ae:2e:68:ef:f5:a8:3b:0e:de:93:5d:05:58:
                    f6:11:40:99:1d:04:24:b1:7f:10:d9:a3:f6:dc:35:
                    02:2b:6a:36:b0:e3:6c:a6:97:ec:67:fb:f5:5b:9f:
                    bb:d2:83:af:3d:84:49:6a:0f:ce:6e:9b:48:4e:50:
                    38:d0:d8:89:60:e4:2d:82:6e:3e:d5:7c:d5:2c:03:
                    84:4c:0d:93:fc:7c:36:f4:f1:69:de:43:dd:dc:48:
                    8e:47:67:e4:17:63:a6:fd:88:1e:78:2c:e4:65:68:
                    60:55:12:ad:1e:85:da:1b:f8:0d:6f:23:0a:6b:8b:
                    f1:32:bb:b4:c1:10:ae:31:9e:81:bf:cd:eb:89:c6:
                    cc:b2:8e:7c:d1:27:01:71:2f:6a:71:11:1f:a3:26:
                    ea:36:7b:a2:fd:84:be:68:e4:60:9b:89:8c:6c:d2:
                    d1:ea:af:3f:e2:d9:c9:b7:fc:6d:d3:67:2f:47:5f:
                    43:a2:53:17:21:80:01:0c:a0:54:bb:17:ef:92:a4:
                    e1:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:EC:8C:EA:84:A7:04:42:02:62:44:4E:8B:87:E6:40:CC:78:BC:D8
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145730.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:ac08::/32

    Signature Algorithm: sha256WithRSAEncryption
         2d:38:a0:98:56:3b:c8:20:ef:1f:26:d2:49:21:ce:f7:83:32:
         39:64:d6:64:52:62:f5:b8:a3:ec:d0:5d:22:19:ed:1b:1c:b1:
         75:f7:39:92:dd:23:e5:c6:19:37:16:c6:b0:39:73:21:e7:d1:
         c5:fb:da:8a:0e:7a:5a:74:d4:19:2e:e3:c8:3b:b7:39:fa:89:
         d4:e8:d2:0c:28:6f:a4:d5:c3:c6:11:69:cd:32:e0:73:da:20:
         c8:0a:88:a8:78:02:0a:83:36:e8:2a:ab:40:40:2b:bc:14:bb:
         04:26:e3:2a:11:85:05:58:11:b5:61:bd:e3:1e:c9:ff:a3:b0:
         21:23:39:f4:d5:3c:0c:c5:fc:1e:1b:6b:4b:ae:52:99:dc:45:
         50:31:2e:91:ec:44:27:6c:b8:98:d7:42:3b:c4:bc:8c:6d:82:
         6d:27:bc:a2:7f:6e:14:42:65:d0:c8:de:b5:6a:66:61:86:16:
         62:bb:63:0c:83:f1:6e:13:ed:d8:b0:db:9b:a1:47:e2:3e:a9:
         09:ba:61:78:83:f6:40:38:01:51:d1:f6:63:8c:2e:6a:df:e7:
         eb:25:5f:dc:12:68:f4:06:f1:14:20:bd:2f:59:81:f4:61:9e:
         0a:95:32:cb:56:8b:62:49:8d:17:9a:05:36:0a:77:bd:2e:d3:
         40:e8:b5:2e
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUNFJ5XK52N+6ev7eU4hA8vydndQ8wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MjU0NVoX
DTI3MDMwMzA2MzA0NVowMzExMC8GA1UEAxMoREZFQzhDRUE4NEE3MDQ0MjAyNjI0
NDRFOEI4N0U2NDBDQzc4QkNEODCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL7hGi3jfjM/NB0xIL5clVZe9fl5O6kjalLVy8Fy8eaiCCBVk8zZWK4Oi8Ul
GIIA/yuT3p1o/2fXqDDOI+2uLmjv9ag7Dt6TXQVY9hFAmR0EJLF/ENmj9tw1Aitq
NrDjbKaX7Gf79Vufu9KDrz2ESWoPzm6bSE5QONDYiWDkLYJuPtV81SwDhEwNk/x8
NvTxad5D3dxIjkdn5Bdjpv2IHngs5GVoYFUSrR6F2hv4DW8jCmuL8TK7tMEQrjGe
gb/N64nGzLKOfNEnAXEvanERH6Mm6jZ7ov2EvmjkYJuJjGzS0eqvP+LZybf8bdNn
L0dfQ6JTFyGAAQygVLsX75Kk4f8CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBTf7Izq
hKcEQgJiRE6Lh+ZAzHi82DAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTczMC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
rAgwDQYJKoZIhvcNAQELBQADggEBAC04oJhWO8gg7x8m0kkhzveDMjlk1mRSYvW4
o+zQXSIZ7RscsXX3OZLdI+XGGTcWxrA5cyHn0cX72ooOelp01Bku48g7tzn6idTo
0gwob6TVw8YRac0y4HPaIMgKiKh4AgqDNugqq0BAK7wUuwQm4yoRhQVYEbVhveMe
yf+jsCEjOfTVPAzF/B4ba0uuUpncRVAxLpHsRCdsuJjXQjvEvIxtgm0nvKJ/bhRC
ZdDI3rVqZmGGFmK7YwyD8W4T7diw25uhR+I+qQm6YXiD9kA4AVHR9mOMLmrf5+sl
X9wSaPQG8RQgvS9ZgfRhngqVMstWi2JJjReaBTYKd70u00DotS4=
-----END CERTIFICATE-----