Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145747.roa
File:                     AS145747.roa (raw, json)
Hash identifier:          EyNmyza/le5t2Kf+JTnLCk3CR1AB7PasWTLaDVf7NWw=
Subject key identifier:   3D:83:74:5F:80:FD:D6:40:7E:FE:64:D7:03:14:6B:80:BC:8C:7A:A4
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       297481DC26EBF16083B2640512EB1FBDDB5F0309
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145747.roa
Signing time:             Wed 04 Mar 2026 06:30:03 +0000
ROA not before:           Wed 04 Mar 2026 06:25:03 +0000
ROA not after:            Wed 03 Mar 2027 06:30:03 +0000
asID:                     145747
IP address blocks:        240a:ac19::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            29:74:81:dc:26:eb:f1:60:83:b2:64:05:12:eb:1f:bd:db:5f:03:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:25:03 2026 GMT
            Not After : Mar  3 06:30:03 2027 GMT
        Subject: CN=3D83745F80FDD6407EFE64D703146B80BC8C7AA4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:6b:3f:40:dd:1b:04:16:6a:27:50:fc:0b:86:
                    30:da:b7:0f:eb:5e:60:3e:2d:86:c7:74:01:6b:6c:
                    69:ea:f9:41:a2:e7:e1:e9:54:0f:44:23:45:9f:4c:
                    b8:41:f7:db:8f:47:00:73:c7:0f:82:94:3e:27:3c:
                    1f:87:41:eb:36:57:0b:40:77:ca:a5:43:b2:8e:98:
                    9d:f8:74:3a:23:30:08:42:8f:d4:79:37:80:55:7a:
                    c9:f4:b9:8d:2c:fd:49:40:ac:d0:d9:3e:9f:e6:2b:
                    be:23:2b:2f:6e:de:e4:f0:5d:75:cc:39:7a:d9:a0:
                    7d:c1:a1:a4:11:13:06:79:fb:60:84:e0:3a:1b:d4:
                    4f:fd:a0:1a:ab:5d:69:c0:94:53:ab:bc:1d:e3:83:
                    02:e7:d8:be:2d:ea:93:35:8c:9c:31:0c:0a:a9:51:
                    6d:6a:77:e8:75:15:2f:83:8f:58:3f:17:16:c0:28:
                    05:61:65:15:20:f8:7a:f9:d1:aa:3e:81:02:5e:c3:
                    7a:dd:ea:b3:58:59:59:14:9f:9e:f7:8e:39:1b:f8:
                    0b:d3:85:6c:c4:4f:1b:d5:12:5a:f3:fa:12:84:7e:
                    3b:cd:c6:87:2b:07:95:66:62:a1:3d:fe:ae:69:4f:
                    6c:ee:2d:5f:5c:2b:42:7a:cb:f8:7f:7c:2c:cf:ef:
                    2b:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:83:74:5F:80:FD:D6:40:7E:FE:64:D7:03:14:6B:80:BC:8C:7A:A4
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145747.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:ac19::/32

    Signature Algorithm: sha256WithRSAEncryption
         3d:f3:ed:80:3e:c9:51:69:f8:63:50:11:76:ec:ee:57:bc:d2:
         78:69:e0:23:5a:bd:48:18:4d:08:e3:f4:dc:34:60:a7:81:61:
         d8:31:dd:39:a1:ff:5d:ea:c5:78:ba:f7:03:ed:26:a7:a5:e8:
         28:de:86:52:d3:bf:36:a4:d2:31:bb:b1:d8:33:a0:01:79:de:
         99:d6:76:05:12:2b:c1:dc:10:54:f6:2a:97:06:69:ca:99:6b:
         07:d1:5f:a8:fb:ce:9b:43:cf:43:01:21:24:0b:ce:c6:11:a8:
         52:49:f5:65:47:58:18:72:28:66:cf:03:34:d6:25:34:f4:78:
         81:5b:04:82:9a:98:a6:9a:c5:5b:72:b7:f1:82:90:f6:3f:ee:
         ae:28:95:7b:03:0e:2f:33:f1:4a:a3:2f:14:9e:29:6c:8f:e4:
         e4:d0:6c:f9:de:5c:9b:86:d6:7b:d5:fc:72:cb:51:f7:bb:21:
         2a:c2:4d:86:2f:8d:b8:63:ac:0c:0e:11:62:98:88:f2:9c:df:
         ad:a2:83:ca:6d:03:0b:2a:99:70:dd:c2:49:3a:1a:9e:ed:a6:
         b9:a7:e9:1d:cb:84:32:71:29:0d:b8:88:7e:8d:27:11:0c:8e:
         f3:e9:6e:64:96:eb:ec:0e:ec:f2:e5:17:0b:a0:d3:4b:52:35:
         f0:f9:a2:88
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUKXSB3Cbr8WCDsmQFEusfvdtfAwkwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MjUwM1oX
DTI3MDMwMzA2MzAwM1owMzExMC8GA1UEAxMoM0Q4Mzc0NUY4MEZERDY0MDdFRkU2
NEQ3MDMxNDZCODBCQzhDN0FBNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAM1rP0DdGwQWaidQ/AuGMNq3D+teYD4thsd0AWtsaer5QaLn4elUD0QjRZ9M
uEH3249HAHPHD4KUPic8H4dB6zZXC0B3yqVDso6Ynfh0OiMwCEKP1Hk3gFV6yfS5
jSz9SUCs0Nk+n+YrviMrL27e5PBddcw5etmgfcGhpBETBnn7YITgOhvUT/2gGqtd
acCUU6u8HeODAufYvi3qkzWMnDEMCqlRbWp36HUVL4OPWD8XFsAoBWFlFSD4evnR
qj6BAl7Det3qs1hZWRSfnveOORv4C9OFbMRPG9USWvP6EoR+O83GhysHlWZioT3+
rmlPbO4tX1wrQnrL+H98LM/vKzECAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQ9g3Rf
gP3WQH7+ZNcDFGuAvIx6pDAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTc0Ny5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
rBkwDQYJKoZIhvcNAQELBQADggEBAD3z7YA+yVFp+GNQEXbs7le80nhp4CNavUgY
TQjj9Nw0YKeBYdgx3Tmh/13qxXi69wPtJqel6CjehlLTvzak0jG7sdgzoAF53pnW
dgUSK8HcEFT2KpcGacqZawfRX6j7zptDz0MBISQLzsYRqFJJ9WVHWBhyKGbPAzTW
JTT0eIFbBIKamKaaxVtyt/GCkPY/7q4olXsDDi8z8UqjLxSeKWyP5OTQbPneXJuG
1nvV/HLLUfe7ISrCTYYvjbhjrAwOEWKYiPKc362ig8ptAwsqmXDdwkk6Gp7tprmn
6R3LhDJxKQ24iH6NJxEMjvPpbmSW6+wO7PLlFwug00tSNfD5oog=
-----END CERTIFICATE-----