Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS145843.roa
File:                     AS145843.roa (raw, json)
Hash identifier:          lJb3xIVqEYygQ6jX6qB95kaYDnv8OwOAhmfkWajg1cc=
Subject key identifier:   CF:5B:22:28:7B:79:6E:FB:75:1A:D5:86:91:FF:85:C9:B6:87:E4:D5
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       033A6B7FCD2BC566F5A5D8A6291EBB433F866E80
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS145843.roa
Signing time:             Wed 04 Mar 2026 06:30:00 +0000
ROA not before:           Wed 04 Mar 2026 06:25:00 +0000
ROA not after:            Wed 03 Mar 2027 06:30:00 +0000
asID:                     145843
IP address blocks:        240a:ac79::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:3a:6b:7f:cd:2b:c5:66:f5:a5:d8:a6:29:1e:bb:43:3f:86:6e:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:25:00 2026 GMT
            Not After : Mar  3 06:30:00 2027 GMT
        Subject: CN=CF5B22287B796EFB751AD58691FF85C9B687E4D5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:d8:0f:41:36:26:ef:f9:37:78:d5:85:27:bf:
                    04:17:35:82:5b:69:ad:e6:ba:cb:e7:d8:89:c1:e2:
                    d6:4f:b0:7d:44:00:8a:a1:a3:91:da:6e:0a:ac:02:
                    57:aa:71:a8:c5:6d:8f:cc:be:18:10:fe:d2:9e:d0:
                    75:e3:aa:c9:72:cb:45:ca:7d:f4:99:ac:3e:cd:a3:
                    06:a6:a7:db:ed:7e:1e:9b:fd:d5:a0:83:4e:2a:9c:
                    26:71:80:6e:3e:20:09:9a:2a:d6:76:9f:08:5a:47:
                    8b:44:af:35:03:1a:6e:c9:70:8f:28:be:21:11:c2:
                    e2:76:dc:ed:2d:71:86:7e:08:15:76:d8:cb:76:69:
                    f0:94:5f:ee:a4:47:cb:db:70:c5:0a:4b:8e:0f:43:
                    aa:23:5b:a4:a3:3f:6c:89:92:24:7d:e1:66:ea:27:
                    38:e0:c0:78:f0:9f:2e:9a:ab:d2:b2:fe:7b:0f:f9:
                    a8:3d:89:6f:8e:bb:9e:25:65:4c:0f:72:34:ad:64:
                    bb:31:63:b9:04:0f:47:f4:89:f9:e3:11:d1:82:ae:
                    94:7e:d5:25:5b:45:ff:e0:15:c1:c0:6c:78:13:cb:
                    fb:3c:8c:11:ae:b2:ea:8c:e1:ab:2a:53:5d:33:58:
                    fc:ec:dd:ba:ca:3c:fd:18:97:ad:4c:87:92:ef:34:
                    af:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:5B:22:28:7B:79:6E:FB:75:1A:D5:86:91:FF:85:C9:B6:87:E4:D5
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS145843.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:ac79::/32

    Signature Algorithm: sha256WithRSAEncryption
         79:73:9b:b3:63:27:5c:2b:a6:fd:3f:d8:06:2f:fe:df:ee:ba:
         2c:07:56:6c:f0:7f:1a:34:b2:4e:b4:a6:fa:1f:77:95:4c:39:
         c5:68:ca:3c:5b:f1:90:d7:27:16:30:c5:d8:33:f0:c2:6b:b0:
         99:47:f4:35:88:ca:62:c4:0a:40:3d:8c:22:fb:da:ec:0d:1e:
         a0:eb:d1:9e:85:ac:f4:12:6c:4f:2a:69:0e:eb:fb:a9:96:ce:
         b9:7e:ec:b2:af:2a:57:13:5d:c5:db:76:44:d5:00:2a:c2:53:
         71:59:fe:12:42:85:1c:57:b5:fc:39:3c:d8:b4:5d:46:bd:bb:
         cc:5c:4a:e3:d4:3f:54:90:1a:ae:60:01:d1:8a:3a:5a:47:e3:
         52:ea:1e:d0:e0:89:3a:a9:66:af:b4:5f:b6:14:3d:a9:a5:f7:
         12:b8:93:c5:df:25:c3:03:7d:61:34:59:f1:37:ee:86:c6:8e:
         cb:bf:e0:f1:29:2e:8e:d3:cb:c2:d3:b7:6b:a7:21:2e:fd:6e:
         19:4d:f2:7d:34:64:ad:74:45:72:3e:9b:60:ca:f8:d2:d8:f9:
         b6:fa:8b:f4:7f:b7:f6:aa:7f:56:72:ce:1b:10:be:05:25:c1:
         79:52:0e:08:0b:ca:70:6b:bc:73:b7:58:6c:98:fd:67:c2:05:
         86:1c:df:b4
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUAzprf80rxWb1pdimKR67Qz+GboAwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MjUwMFoX
DTI3MDMwMzA2MzAwMFowMzExMC8GA1UEAxMoQ0Y1QjIyMjg3Qjc5NkVGQjc1MUFE
NTg2OTFGRjg1QzlCNjg3RTRENTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANXYD0E2Ju/5N3jVhSe/BBc1gltprea6y+fYicHi1k+wfUQAiqGjkdpuCqwC
V6pxqMVtj8y+GBD+0p7QdeOqyXLLRcp99JmsPs2jBqan2+1+Hpv91aCDTiqcJnGA
bj4gCZoq1nafCFpHi0SvNQMabslwjyi+IRHC4nbc7S1xhn4IFXbYy3Zp8JRf7qRH
y9twxQpLjg9DqiNbpKM/bImSJH3hZuonOODAePCfLpqr0rL+ew/5qD2Jb467niVl
TA9yNK1kuzFjuQQPR/SJ+eMR0YKulH7VJVtF/+AVwcBseBPL+zyMEa6y6ozhqypT
XTNY/Ozduso8/RiXrUyHku80r6ECAwEAAaOCAcUwggHBMB0GA1UdDgQWBBTPWyIo
e3lu+3Ua1YaR/4XJtofk1TAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NTg0My5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
rHkwDQYJKoZIhvcNAQELBQADggEBAHlzm7NjJ1wrpv0/2AYv/t/uuiwHVmzwfxo0
sk60pvofd5VMOcVoyjxb8ZDXJxYwxdgz8MJrsJlH9DWIymLECkA9jCL72uwNHqDr
0Z6FrPQSbE8qaQ7r+6mWzrl+7LKvKlcTXcXbdkTVACrCU3FZ/hJChRxXtfw5PNi0
XUa9u8xcSuPUP1SQGq5gAdGKOlpH41LqHtDgiTqpZq+0X7YUPaml9xK4k8XfJcMD
fWE0WfE37obGjsu/4PEpLo7Ty8LTt2unIS79bhlN8n00ZK10RXI+m2DK+NLY+bb6
i/R/t/aqf1ZyzhsQvgUlwXlSDggLynBrvHO3WGyY/WfCBYYc37Q=
-----END CERTIFICATE-----