Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS146023.roa
File:                     AS146023.roa (raw, json)
Hash identifier:          iRjsbpjVoAWphuydAKYO2DxgAzFaFfg8D1Ivqca0GLI=
Subject key identifier:   CB:52:D1:C0:5B:0C:FD:E2:BC:79:67:11:31:FD:B3:4A:0D:A1:70:00
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       7B6C84FEC1AC27CF1CC2753253830A3D8F1DDD88
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS146023.roa
Signing time:             Wed 04 Mar 2026 06:33:54 +0000
ROA not before:           Wed 04 Mar 2026 06:28:54 +0000
ROA not after:            Wed 03 Mar 2027 06:33:54 +0000
asID:                     146023
IP address blocks:        240a:ad2d::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7b:6c:84:fe:c1:ac:27:cf:1c:c2:75:32:53:83:0a:3d:8f:1d:dd:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:28:54 2026 GMT
            Not After : Mar  3 06:33:54 2027 GMT
        Subject: CN=CB52D1C05B0CFDE2BC79671131FDB34A0DA17000
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:02:f9:c5:1e:9c:56:2c:e8:f7:13:e7:dd:63:
                    cb:a3:7b:39:c7:f2:14:f5:92:c8:d6:e6:e3:0d:e7:
                    fc:9b:43:e0:a8:55:59:0e:2e:a4:76:52:6d:33:0d:
                    33:ce:fb:ec:56:ba:63:e5:f4:67:93:fb:64:c2:3a:
                    61:bf:2d:34:b8:26:ec:68:62:b9:16:5f:85:18:35:
                    45:d1:b0:c7:89:a4:54:d7:3a:db:02:79:1a:86:8b:
                    7b:f1:39:d2:29:6e:a1:e1:4a:38:4d:ef:e5:26:c9:
                    37:cf:fe:23:37:5b:f0:c2:84:97:53:80:0c:0e:08:
                    7b:50:f0:ad:85:30:75:29:79:ab:34:16:4a:94:20:
                    9a:a4:f5:01:d9:02:a8:59:82:61:f4:e0:24:ec:b6:
                    60:72:3c:69:b2:14:77:66:4c:a4:44:3f:56:73:74:
                    00:63:df:eb:4a:e8:57:02:30:0a:d9:9f:d9:8b:27:
                    47:88:37:94:11:b6:41:35:ba:a8:08:3d:68:82:76:
                    ce:42:40:b7:a8:dc:49:04:b5:ce:21:c3:c8:4a:70:
                    40:37:89:ee:6d:8e:cf:f4:4c:1d:2f:87:3a:ae:81:
                    a2:65:b5:e0:96:02:1d:2d:e1:5c:9b:ea:c7:dc:68:
                    ce:c7:d9:a4:69:25:30:e0:12:80:7b:cf:9d:6a:a0:
                    f8:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:52:D1:C0:5B:0C:FD:E2:BC:79:67:11:31:FD:B3:4A:0D:A1:70:00
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS146023.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:ad2d::/32

    Signature Algorithm: sha256WithRSAEncryption
         6f:8b:bc:dc:e7:8e:8a:84:cd:15:8c:76:70:b1:45:4c:da:91:
         02:38:41:43:61:f0:9d:b7:a3:9d:9e:e4:e3:ba:00:27:7e:79:
         42:0a:57:a0:ea:bd:d2:96:a9:6b:64:3b:88:a7:c3:5c:17:06:
         7e:17:49:9a:a1:58:c1:a6:da:ae:62:1e:a0:04:5e:4a:ad:fd:
         95:7b:50:31:33:db:34:7d:3f:e7:59:95:ef:82:44:d9:23:7c:
         40:d2:4b:15:02:1f:8e:db:9b:82:75:e8:d6:7e:1c:82:a8:e3:
         b8:8e:e5:d1:56:23:e3:2f:98:5d:a2:85:a7:b4:7b:49:ef:7a:
         b0:fb:ee:cc:53:ae:93:a1:e7:22:76:7a:9d:4e:ea:79:88:51:
         94:aa:06:9b:af:ab:c4:15:19:b7:06:cf:ec:42:47:3f:d5:d7:
         ef:38:81:8a:ff:f8:3e:1d:a5:54:7c:bc:5e:9b:86:40:97:0b:
         23:6a:a8:3e:94:6d:38:08:fd:5c:25:fa:78:53:e2:a4:ba:a9:
         5f:3e:a4:f7:f0:a9:06:a6:cf:a0:18:3d:2f:66:2d:4e:0b:89:
         5f:21:5c:0c:52:a1:d1:1f:12:8a:fa:26:b2:3e:df:d2:cf:3c:
         bc:66:64:93:2b:48:95:04:e2:74:9b:c5:a5:91:46:7f:01:72:
         ef:80:95:3d
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUe2yE/sGsJ88cwnUyU4MKPY8d3YgwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2Mjg1NFoX
DTI3MDMwMzA2MzM1NFowMzExMC8GA1UEAxMoQ0I1MkQxQzA1QjBDRkRFMkJDNzk2
NzExMzFGREIzNEEwREExNzAwMDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK4C+cUenFYs6PcT591jy6N7OcfyFPWSyNbm4w3n/JtD4KhVWQ4upHZSbTMN
M8777Fa6Y+X0Z5P7ZMI6Yb8tNLgm7GhiuRZfhRg1RdGwx4mkVNc62wJ5GoaLe/E5
0iluoeFKOE3v5SbJN8/+Izdb8MKEl1OADA4Ie1DwrYUwdSl5qzQWSpQgmqT1AdkC
qFmCYfTgJOy2YHI8abIUd2ZMpEQ/VnN0AGPf60roVwIwCtmf2YsnR4g3lBG2QTW6
qAg9aIJ2zkJAt6jcSQS1ziHDyEpwQDeJ7m2Oz/RMHS+HOq6BomW14JYCHS3hXJvq
x9xozsfZpGklMOASgHvPnWqg+KMCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBTLUtHA
Wwz94rx5ZxEx/bNKDaFwADAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NjAyMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
rS0wDQYJKoZIhvcNAQELBQADggEBAG+LvNznjoqEzRWMdnCxRUzakQI4QUNh8J23
o52e5OO6ACd+eUIKV6DqvdKWqWtkO4inw1wXBn4XSZqhWMGm2q5iHqAEXkqt/ZV7
UDEz2zR9P+dZle+CRNkjfEDSSxUCH47bm4J16NZ+HIKo47iO5dFWI+MvmF2ihae0
e0nverD77sxTrpOh5yJ2ep1O6nmIUZSqBpuvq8QVGbcGz+xCRz/V1+84gYr/+D4d
pVR8vF6bhkCXCyNqqD6UbTgI/Vwl+nhT4qS6qV8+pPfwqQamz6AYPS9mLU4LiV8h
XAxSodEfEor6JrI+39LPPLxmZJMrSJUE4nSbxaWRRn8Bcu+AlT0=
-----END CERTIFICATE-----