Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS146018.roa
File:                     AS146018.roa (raw, json)
Hash identifier:          gbfi/6Xc/tVmjFf+YTxRQeXNlRzzIJ+oOdl77sk0/1M=
Subject key identifier:   71:1E:A0:04:54:00:32:D8:A8:48:FF:CC:DF:1F:A6:18:E6:14:59:A8
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       2AD7FE1BFD2DFD34B051814A123D587CAF9FDCC8
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS146018.roa
Signing time:             Wed 04 Mar 2026 06:34:02 +0000
ROA not before:           Wed 04 Mar 2026 06:29:02 +0000
ROA not after:            Wed 03 Mar 2027 06:34:02 +0000
asID:                     146018
IP address blocks:        240a:ad28::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:d7:fe:1b:fd:2d:fd:34:b0:51:81:4a:12:3d:58:7c:af:9f:dc:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:29:02 2026 GMT
            Not After : Mar  3 06:34:02 2027 GMT
        Subject: CN=711EA004540032D8A848FFCCDF1FA618E61459A8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:9e:27:82:57:c3:9c:55:50:f9:e3:f4:5d:1d:
                    72:ae:a9:54:85:08:30:5f:6f:70:81:71:c8:ef:40:
                    50:04:d8:62:73:47:02:03:6b:18:be:40:0f:89:d7:
                    15:63:5a:4c:f0:8b:ef:3c:80:35:35:f4:20:d4:c4:
                    73:90:ac:54:3b:12:75:35:a8:8a:e6:e2:8a:b3:7e:
                    7e:ee:92:f1:14:ef:73:2c:0b:ca:2c:c1:01:e9:d9:
                    7c:2a:68:84:1d:97:a8:f2:09:4d:9d:ce:1f:70:e6:
                    41:8b:50:44:15:22:28:3c:9f:09:9c:f6:52:e9:87:
                    5e:b4:b6:ac:07:86:12:3c:a2:53:3f:e7:e0:89:2d:
                    c3:ee:fe:7d:b0:4f:ee:ee:54:ac:67:0c:17:67:3e:
                    d0:33:98:d8:8a:8a:d1:7e:4e:46:18:14:9d:83:ae:
                    d4:5b:6d:a9:a4:ab:80:85:90:19:5c:9f:04:18:bf:
                    ac:58:4d:4e:5c:db:03:8e:31:f2:47:57:cd:fd:90:
                    01:50:c0:2c:5b:b7:b1:9c:8c:07:1c:95:63:85:23:
                    61:26:f1:26:18:3c:6f:b7:95:dc:e6:42:e9:c1:71:
                    c9:29:5e:dc:2e:29:03:34:cc:5f:2f:57:63:96:33:
                    8d:c4:8b:30:6b:62:ab:63:04:e3:d1:7b:ec:9e:7b:
                    f8:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:1E:A0:04:54:00:32:D8:A8:48:FF:CC:DF:1F:A6:18:E6:14:59:A8
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS146018.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:ad28::/32

    Signature Algorithm: sha256WithRSAEncryption
         53:5f:70:a0:fe:09:4d:5c:78:4b:44:eb:4b:31:0a:b0:06:3f:
         9f:0b:f8:5e:9f:89:80:40:f2:56:fb:79:14:e5:ae:c2:d6:c3:
         b3:83:6a:8c:22:a6:38:a6:d7:79:c4:ab:fc:89:33:1b:80:bb:
         d7:32:6a:04:46:47:29:2b:cf:34:2f:4b:5c:28:ca:b6:8d:4b:
         7a:3f:27:40:30:9f:c4:b9:4f:e3:1d:1a:11:52:41:e7:2e:cb:
         e7:7e:60:98:c3:e2:46:f0:af:b6:31:bd:cf:6d:a3:0a:ff:0c:
         36:06:20:d7:49:92:00:a9:be:4a:2b:c7:df:ba:05:5c:1a:57:
         bf:10:61:0a:6f:6e:d5:5f:3e:29:49:d0:1d:ee:28:df:d1:62:
         3a:25:ed:15:5a:62:0d:c3:e2:bb:1f:2c:b7:af:61:9b:a1:7d:
         46:96:72:58:d9:e1:ec:75:f7:76:a6:fb:17:dd:59:3a:cb:61:
         10:19:b8:f9:53:ea:1c:bb:c5:d1:0e:44:fd:87:2d:4a:8f:b2:
         dc:cd:e3:5f:93:b2:29:84:63:9d:17:de:90:a3:8e:92:5f:f2:
         f6:b2:ff:81:ac:4e:cd:28:16:8f:59:2c:56:9d:85:43:e8:2b:
         e4:e4:4c:cb:33:88:56:a7:91:9c:47:6f:8a:0e:f0:8c:89:80:
         66:b1:5e:52
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUKtf+G/0t/TSwUYFKEj1YfK+f3MgwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MjkwMloX
DTI3MDMwMzA2MzQwMlowMzExMC8GA1UEAxMoNzExRUEwMDQ1NDAwMzJEOEE4NDhG
RkNDREYxRkE2MThFNjE0NTlBODCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK+eJ4JXw5xVUPnj9F0dcq6pVIUIMF9vcIFxyO9AUATYYnNHAgNrGL5AD4nX
FWNaTPCL7zyANTX0INTEc5CsVDsSdTWoiubiirN+fu6S8RTvcywLyizBAenZfCpo
hB2XqPIJTZ3OH3DmQYtQRBUiKDyfCZz2UumHXrS2rAeGEjyiUz/n4Iktw+7+fbBP
7u5UrGcMF2c+0DOY2IqK0X5ORhgUnYOu1FttqaSrgIWQGVyfBBi/rFhNTlzbA44x
8kdXzf2QAVDALFu3sZyMBxyVY4UjYSbxJhg8b7eV3OZC6cFxySle3C4pAzTMXy9X
Y5YzjcSLMGtiq2ME49F77J57+B0CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBRxHqAE
VAAy2KhI/8zfH6YY5hRZqDAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NjAxOC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
rSgwDQYJKoZIhvcNAQELBQADggEBAFNfcKD+CU1ceEtE60sxCrAGP58L+F6fiYBA
8lb7eRTlrsLWw7ODaowipjim13nEq/yJMxuAu9cyagRGRykrzzQvS1woyraNS3o/
J0Awn8S5T+MdGhFSQecuy+d+YJjD4kbwr7Yxvc9towr/DDYGINdJkgCpvkorx9+6
BVwaV78QYQpvbtVfPilJ0B3uKN/RYjol7RVaYg3D4rsfLLevYZuhfUaWcljZ4ex1
93am+xfdWTrLYRAZuPlT6hy7xdEORP2HLUqPstzN41+TsimEY50X3pCjjpJf8vay
/4GsTs0oFo9ZLFadhUPoK+TkTMsziFankZxHb4oO8IyJgGaxXlI=
-----END CERTIFICATE-----