Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS146055.roa
File:                     AS146055.roa (raw, json)
Hash identifier:          8smK6jy1vdw20LzC321+9z/Chy2E5zQmLtypcNjDj+0=
Subject key identifier:   23:2E:96:15:57:CB:B3:BC:01:80:76:BD:18:BA:E0:A0:31:D5:27:DD
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       23757B7C22087963576D176DE6E0165D9A31C35B
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS146055.roa
Signing time:             Wed 04 Mar 2026 06:34:18 +0000
ROA not before:           Wed 04 Mar 2026 06:29:18 +0000
ROA not after:            Wed 03 Mar 2027 06:34:18 +0000
asID:                     146055
IP address blocks:        240a:ad4d::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            23:75:7b:7c:22:08:79:63:57:6d:17:6d:e6:e0:16:5d:9a:31:c3:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:29:18 2026 GMT
            Not After : Mar  3 06:34:18 2027 GMT
        Subject: CN=232E961557CBB3BC018076BD18BAE0A031D527DD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:5c:f2:18:3d:f8:78:93:ff:a7:ba:56:1a:5c:
                    79:1f:1f:bc:9b:ea:33:22:eb:33:45:e7:bf:57:11:
                    c2:4e:d5:a1:7e:34:82:f9:ad:02:0a:ec:4a:45:85:
                    36:e8:9c:87:36:2a:92:90:c2:f4:09:96:c2:e3:ec:
                    06:b2:50:19:90:f2:a9:25:20:ac:b3:cd:f3:37:0a:
                    e5:cd:a2:de:34:4e:58:b2:c1:05:4a:ca:9f:a5:60:
                    14:1e:9b:62:9c:e9:7a:6f:f7:00:5d:a0:74:8d:76:
                    86:d2:7c:46:ec:4d:b3:63:80:f0:fd:96:33:1f:97:
                    bd:69:29:cc:55:12:08:88:b3:9d:ed:a6:d6:96:4d:
                    cc:6b:c6:4e:a0:53:0f:e4:10:bc:73:c3:c8:3e:35:
                    13:b5:af:74:65:b4:b8:3b:02:f4:97:52:7e:1b:19:
                    18:11:84:a1:89:fb:02:ab:6a:2a:e2:c9:ca:97:5e:
                    dd:ad:3e:9f:58:27:41:a8:4c:a4:d8:65:ae:49:a0:
                    27:fd:8e:7b:74:af:71:ad:c8:2e:5c:cf:c7:7c:90:
                    56:78:d3:3b:aa:f4:b3:14:0b:e6:ea:c4:69:d9:ba:
                    69:10:c9:d3:e3:3c:7b:03:7c:75:1f:c4:64:2d:1b:
                    bf:e1:68:48:02:74:86:a9:48:8e:85:5c:07:de:79:
                    45:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:2E:96:15:57:CB:B3:BC:01:80:76:BD:18:BA:E0:A0:31:D5:27:DD
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS146055.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:ad4d::/32

    Signature Algorithm: sha256WithRSAEncryption
         1a:ba:89:58:ae:23:f3:45:3b:bf:5a:d9:ec:db:87:09:4d:1c:
         7a:04:f3:51:f2:80:ef:b4:2f:c1:38:8d:e4:4b:31:58:53:c4:
         97:ab:2a:80:d9:09:76:c4:ee:69:6a:32:29:7d:e0:4a:1e:21:
         8d:30:69:fe:74:8f:34:9b:3e:ee:d6:d3:ce:29:07:ab:37:8a:
         7e:3f:aa:46:be:37:87:4e:0c:de:86:59:19:3b:5b:0b:2a:ca:
         7c:ca:1a:91:3f:60:e8:f3:d9:df:c9:f4:7e:77:e3:42:ff:7f:
         c9:1f:9a:26:05:dc:4a:d8:10:6b:d5:72:e9:df:17:b2:5c:63:
         40:73:95:d2:ab:71:84:cc:be:8b:0c:cb:3c:61:6c:8b:ac:35:
         3e:25:27:7c:4c:9e:fa:b0:9c:53:b8:7a:46:02:ad:c7:79:49:
         e2:49:3b:18:e2:46:48:b3:ce:76:80:66:0f:52:80:ff:cb:6b:
         64:e0:3b:d2:3a:8d:ae:44:98:d5:ed:be:06:6b:65:cb:40:c1:
         79:22:7f:ed:15:82:14:37:b9:c3:80:0e:28:d5:88:51:e8:4e:
         cf:cc:7d:fe:03:08:e2:12:0e:b7:cc:95:6b:9d:42:68:8d:2b:
         99:21:6b:b4:16:c7:d7:99:a1:85:6d:b6:e6:0a:ce:fc:76:b6:
         04:f3:e4:fa
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUI3V7fCIIeWNXbRdt5uAWXZoxw1swDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MjkxOFoX
DTI3MDMwMzA2MzQxOFowMzExMC8GA1UEAxMoMjMyRTk2MTU1N0NCQjNCQzAxODA3
NkJEMThCQUUwQTAzMUQ1MjdERDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK9c8hg9+HiT/6e6VhpceR8fvJvqMyLrM0Xnv1cRwk7VoX40gvmtAgrsSkWF
NuichzYqkpDC9AmWwuPsBrJQGZDyqSUgrLPN8zcK5c2i3jROWLLBBUrKn6VgFB6b
Ypzpem/3AF2gdI12htJ8RuxNs2OA8P2WMx+XvWkpzFUSCIizne2m1pZNzGvGTqBT
D+QQvHPDyD41E7WvdGW0uDsC9JdSfhsZGBGEoYn7AqtqKuLJypde3a0+n1gnQahM
pNhlrkmgJ/2Oe3Svca3ILlzPx3yQVnjTO6r0sxQL5urEadm6aRDJ0+M8ewN8dR/E
ZC0bv+FoSAJ0hqlIjoVcB955RXcCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQjLpYV
V8uzvAGAdr0YuuCgMdUn3TAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NjA1NS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
rU0wDQYJKoZIhvcNAQELBQADggEBABq6iViuI/NFO79a2ezbhwlNHHoE81HygO+0
L8E4jeRLMVhTxJerKoDZCXbE7mlqMil94EoeIY0waf50jzSbPu7W084pB6s3in4/
qka+N4dODN6GWRk7WwsqynzKGpE/YOjz2d/J9H5340L/f8kfmiYF3ErYEGvVcunf
F7JcY0BzldKrcYTMvosMyzxhbIusNT4lJ3xMnvqwnFO4ekYCrcd5SeJJOxjiRkiz
znaAZg9SgP/La2TgO9I6ja5EmNXtvgZrZctAwXkif+0VghQ3ucOADijViFHoTs/M
ff4DCOISDrfMlWudQmiNK5kha7QWx9eZoYVttuYKzvx2tgTz5Po=
-----END CERTIFICATE-----