Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS146048.roa
File:                     AS146048.roa (raw, json)
Hash identifier:          /wH7eomy2mwyF7Hdje1B9amQhuf5sMqorN6xgOdR6P8=
Subject key identifier:   26:EE:C9:3E:1B:04:7D:7A:5E:D3:58:E2:43:A3:A9:67:30:DF:07:5F
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       4FCA37948BADDED669B4C69750E811BFFA2699DB
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS146048.roa
Signing time:             Wed 04 Mar 2026 06:33:53 +0000
ROA not before:           Wed 04 Mar 2026 06:28:53 +0000
ROA not after:            Wed 03 Mar 2027 06:33:53 +0000
asID:                     146048
IP address blocks:        240a:ad46::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4f:ca:37:94:8b:ad:de:d6:69:b4:c6:97:50:e8:11:bf:fa:26:99:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:28:53 2026 GMT
            Not After : Mar  3 06:33:53 2027 GMT
        Subject: CN=26EEC93E1B047D7A5ED358E243A3A96730DF075F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:e6:f3:7c:61:15:c1:61:35:4d:7f:2e:f9:29:
                    cc:0d:fe:56:d3:01:4f:6b:97:f7:80:6d:98:4b:95:
                    0c:0c:96:77:7a:8a:11:70:cd:ab:a6:26:1b:1e:42:
                    79:5a:be:c1:29:18:2e:d0:bc:2f:83:5b:ae:4e:22:
                    b6:f1:c8:55:eb:d5:94:bb:55:bd:d3:c6:0f:22:9e:
                    27:43:db:93:4b:d1:6b:5c:47:2a:08:c3:10:bc:51:
                    c5:98:35:63:1b:31:a1:d2:25:a6:35:fc:31:12:ec:
                    69:ab:6e:5a:f9:1d:e9:1e:98:f2:75:6e:34:36:ed:
                    63:98:8f:93:10:9e:f3:4f:c4:b7:ed:ba:08:20:75:
                    6f:8a:78:51:e3:05:0c:a1:6a:79:51:99:8a:46:7f:
                    7c:31:c9:8a:48:bd:e0:81:20:17:56:41:c4:e1:97:
                    53:aa:1a:17:13:5f:a1:a2:2b:31:86:0e:90:31:6b:
                    94:bb:ec:f5:36:81:0b:a8:dc:ad:5a:c3:fc:55:ec:
                    75:cd:44:5b:f6:d6:3a:f7:d4:c0:5e:14:18:86:c1:
                    80:b1:e1:33:f6:99:9f:ea:d2:5e:04:cb:66:f8:03:
                    6c:c3:5a:32:46:f1:6a:8c:dd:c0:c0:d5:4c:23:2a:
                    26:52:e7:26:9b:f0:f1:41:ad:0a:44:13:d6:b9:7c:
                    85:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:EE:C9:3E:1B:04:7D:7A:5E:D3:58:E2:43:A3:A9:67:30:DF:07:5F
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS146048.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:ad46::/32

    Signature Algorithm: sha256WithRSAEncryption
         6b:09:36:fd:ad:6f:c6:5b:e7:9b:20:29:09:bf:a1:65:d1:db:
         4f:40:6d:88:07:4b:f5:dc:3a:6a:fb:00:1e:cc:d0:1e:58:11:
         c8:d3:9d:3d:35:90:64:29:dd:7a:80:83:7d:01:ce:1c:66:1d:
         71:c7:c7:04:5d:89:3c:d9:af:ac:b9:68:f1:94:12:5e:40:7a:
         32:64:98:e1:75:2a:1a:53:d1:d4:51:07:d0:44:e9:1c:51:b9:
         10:17:21:29:f2:0f:cf:10:38:33:a3:14:d9:bc:c3:bf:f0:69:
         74:4c:4b:6e:84:f7:19:f6:81:36:11:87:ff:2e:fe:a4:80:24:
         00:0c:38:4b:30:9a:24:91:c6:5d:25:9e:36:9b:89:42:d2:3a:
         38:1f:84:63:fb:86:d9:4c:8b:c1:11:90:4d:eb:6e:57:c7:09:
         b8:54:97:c8:b8:df:ea:1c:6e:d2:ea:ed:39:1a:ba:de:b8:b5:
         6f:c2:04:41:1f:70:e9:e0:5c:56:94:1d:d6:d4:45:87:62:6f:
         9e:c1:24:d6:f9:0c:84:71:b5:f9:29:5d:57:31:c9:86:1f:55:
         f4:e1:4b:6d:8d:80:f0:0b:bc:29:79:64:94:1b:09:85:23:bb:
         66:79:96:02:6b:41:2e:57:46:65:e2:4f:53:3f:f8:79:81:af:
         e6:82:65:0b
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUT8o3lIut3tZptMaXUOgRv/ommdswDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2Mjg1M1oX
DTI3MDMwMzA2MzM1M1owMzExMC8GA1UEAxMoMjZFRUM5M0UxQjA0N0Q3QTVFRDM1
OEUyNDNBM0E5NjczMERGMDc1RjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK7m83xhFcFhNU1/LvkpzA3+VtMBT2uX94BtmEuVDAyWd3qKEXDNq6YmGx5C
eVq+wSkYLtC8L4Nbrk4itvHIVevVlLtVvdPGDyKeJ0Pbk0vRa1xHKgjDELxRxZg1
YxsxodIlpjX8MRLsaatuWvkd6R6Y8nVuNDbtY5iPkxCe80/Et+26CCB1b4p4UeMF
DKFqeVGZikZ/fDHJiki94IEgF1ZBxOGXU6oaFxNfoaIrMYYOkDFrlLvs9TaBC6jc
rVrD/FXsdc1EW/bWOvfUwF4UGIbBgLHhM/aZn+rSXgTLZvgDbMNaMkbxaozdwMDV
TCMqJlLnJpvw8UGtCkQT1rl8hS8CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQm7sk+
GwR9el7TWOJDo6lnMN8HXzAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NjA0OC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
rUYwDQYJKoZIhvcNAQELBQADggEBAGsJNv2tb8Zb55sgKQm/oWXR209AbYgHS/Xc
Omr7AB7M0B5YEcjTnT01kGQp3XqAg30BzhxmHXHHxwRdiTzZr6y5aPGUEl5AejJk
mOF1KhpT0dRRB9BE6RxRuRAXISnyD88QODOjFNm8w7/waXRMS26E9xn2gTYRh/8u
/qSAJAAMOEswmiSRxl0lnjabiULSOjgfhGP7htlMi8ERkE3rblfHCbhUl8i43+oc
btLq7Tkaut64tW/CBEEfcOngXFaUHdbURYdib57BJNb5DIRxtfkpXVcxyYYfVfTh
S22NgPALvCl5ZJQbCYUju2Z5lgJrQS5XRmXiT1M/+HmBr+aCZQs=
-----END CERTIFICATE-----