Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145795.roa
File:                     AS145795.roa (raw, json)
Hash identifier:          BlIqJdTJiZfhkC0kyEouTN+/cMBl2a4rEYWiok6vO/w=
Subject key identifier:   8A:DD:B6:7F:3B:BB:8F:12:57:36:C8:1F:63:C0:B1:22:CF:88:A1:F8
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       2A5EBC319E38537973CD44C5A1B3BF8A1F3276DD
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145795.roa
Signing time:             Wed 04 Mar 2026 06:30:01 +0000
ROA not before:           Wed 04 Mar 2026 06:25:01 +0000
ROA not after:            Wed 03 Mar 2027 06:30:01 +0000
asID:                     145795
IP address blocks:        240a:ac49::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:5e:bc:31:9e:38:53:79:73:cd:44:c5:a1:b3:bf:8a:1f:32:76:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:25:01 2026 GMT
            Not After : Mar  3 06:30:01 2027 GMT
        Subject: CN=8ADDB67F3BBB8F125736C81F63C0B122CF88A1F8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:68:89:c5:a3:cf:b7:a9:fb:e2:81:ce:2f:b1:
                    32:6d:4b:6d:1a:fd:8a:6d:63:77:c1:d7:7a:67:17:
                    ee:40:da:e4:60:91:7e:55:69:e3:8e:1c:6e:fa:a2:
                    60:c8:27:ab:ff:d3:ff:d3:7e:e0:1e:8c:a5:d6:5b:
                    46:79:3e:14:1d:35:29:78:74:10:ca:87:53:e2:3a:
                    23:a7:1a:47:4d:06:35:53:96:29:45:aa:68:5a:46:
                    4d:b5:b2:1e:59:15:e8:e7:0d:2c:a7:d1:e0:0b:96:
                    7c:0c:fd:9d:b5:e4:79:38:92:17:a8:ae:45:71:da:
                    7d:fa:dc:1e:c0:cf:a6:2b:8c:95:09:84:77:dc:06:
                    3d:9a:ee:fa:61:39:0e:5b:d4:88:60:43:d5:85:cb:
                    66:06:2d:f2:ec:9e:72:08:46:fe:fc:34:81:24:4d:
                    8c:c3:be:a3:ab:43:fc:7e:20:c1:0f:4e:ad:5e:95:
                    c2:99:28:62:0d:be:62:dd:ef:e5:62:67:dc:f9:bd:
                    0f:b4:e2:e6:e4:69:1b:9d:21:26:49:dc:08:5e:c4:
                    cb:fb:c1:90:c7:ae:f8:2d:b3:5c:84:70:a3:b6:0e:
                    98:e8:d9:ee:25:70:3a:6c:ed:fe:cf:38:ff:d8:9d:
                    0b:f1:3a:19:4a:6c:03:ab:6b:53:dc:b3:9e:7c:fd:
                    a1:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:DD:B6:7F:3B:BB:8F:12:57:36:C8:1F:63:C0:B1:22:CF:88:A1:F8
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145795.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:ac49::/32

    Signature Algorithm: sha256WithRSAEncryption
         cd:80:b2:a3:40:d2:50:49:63:fc:a5:17:83:d9:0f:f6:9d:98:
         b1:cd:c9:1b:ef:b8:71:7c:6c:48:0a:e1:19:ed:f7:1a:4c:95:
         aa:09:db:55:c9:37:29:18:f1:ad:9a:d4:8f:0a:43:72:35:e0:
         ae:76:86:5f:cf:8b:3d:6c:8b:e3:9a:46:93:38:20:94:f4:8c:
         3a:12:7d:71:93:2f:ad:e9:2f:e5:d6:cb:79:0b:da:0b:8e:e0:
         32:d1:ae:33:e8:1b:fb:13:f6:92:ce:0d:d4:70:91:d9:ad:f0:
         3a:c0:ba:c3:cb:91:6d:46:bf:79:b7:a1:2d:ad:6b:f2:83:c5:
         49:10:a1:6a:34:d3:cc:db:0c:e4:79:19:3f:4f:12:99:4b:5d:
         32:29:82:90:40:e5:b5:6d:c2:04:2b:df:e8:43:92:13:86:7d:
         ff:0f:4f:2a:e5:81:de:df:4d:37:88:84:a5:cc:29:14:84:07:
         0c:1c:c1:de:ff:ac:96:96:fb:7e:f1:d1:11:3b:1b:80:e9:e1:
         db:45:9d:22:dd:b2:3f:12:db:41:d2:db:63:01:47:56:56:8c:
         90:4b:fd:1f:e9:81:cf:a7:e3:c9:f8:27:1e:9d:1a:67:d1:a3:
         fc:7d:40:00:31:9a:d4:ec:34:09:41:56:f1:fe:ce:4a:90:99:
         05:8c:c6:66
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUKl68MZ44U3lzzUTFobO/ih8ydt0wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MjUwMVoX
DTI3MDMwMzA2MzAwMVowMzExMC8GA1UEAxMoOEFEREI2N0YzQkJCOEYxMjU3MzZD
ODFGNjNDMEIxMjJDRjg4QTFGODCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKRoicWjz7ep++KBzi+xMm1LbRr9im1jd8HXemcX7kDa5GCRflVp444cbvqi
YMgnq//T/9N+4B6MpdZbRnk+FB01KXh0EMqHU+I6I6caR00GNVOWKUWqaFpGTbWy
HlkV6OcNLKfR4AuWfAz9nbXkeTiSF6iuRXHaffrcHsDPpiuMlQmEd9wGPZru+mE5
DlvUiGBD1YXLZgYt8uyecghG/vw0gSRNjMO+o6tD/H4gwQ9OrV6VwpkoYg2+Yt3v
5WJn3Pm9D7Ti5uRpG50hJkncCF7Ey/vBkMeu+C2zXIRwo7YOmOjZ7iVwOmzt/s84
/9idC/E6GUpsA6trU9yznnz9of0CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBSK3bZ/
O7uPElc2yB9jwLEiz4ih+DAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTc5NS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
rEkwDQYJKoZIhvcNAQELBQADggEBAM2AsqNA0lBJY/ylF4PZD/admLHNyRvvuHF8
bEgK4Rnt9xpMlaoJ21XJNykY8a2a1I8KQ3I14K52hl/Piz1si+OaRpM4IJT0jDoS
fXGTL63pL+XWy3kL2guO4DLRrjPoG/sT9pLODdRwkdmt8DrAusPLkW1Gv3m3oS2t
a/KDxUkQoWo008zbDOR5GT9PEplLXTIpgpBA5bVtwgQr3+hDkhOGff8PTyrlgd7f
TTeIhKXMKRSEBwwcwd7/rJaW+37x0RE7G4Dp4dtFnSLdsj8S20HS22MBR1ZWjJBL
/R/pgc+n48n4Jx6dGmfRo/x9QAAxmtTsNAlBVvH+zkqQmQWMxmY=
-----END CERTIFICATE-----