Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS146068.roa
File:                     AS146068.roa (raw, json)
Hash identifier:          x/BDhfVGAXNY1Plv5Ljap+fWZfI5l0hjSiL4Shho/e0=
Subject key identifier:   E7:E0:7B:D0:F2:37:5C:B3:D7:3F:B1:CB:32:32:56:0E:65:C6:10:21
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       618263AF0BB34D35F3317D417D35FC2FCEE7421D
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS146068.roa
Signing time:             Wed 04 Mar 2026 06:34:03 +0000
ROA not before:           Wed 04 Mar 2026 06:29:03 +0000
ROA not after:            Wed 03 Mar 2027 06:34:03 +0000
asID:                     146068
IP address blocks:        240a:ad5a::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:82:63:af:0b:b3:4d:35:f3:31:7d:41:7d:35:fc:2f:ce:e7:42:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:29:03 2026 GMT
            Not After : Mar  3 06:34:03 2027 GMT
        Subject: CN=E7E07BD0F2375CB3D73FB1CB3232560E65C61021
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:34:60:bd:ea:80:39:90:1c:5f:01:a3:38:61:
                    4f:f9:81:4c:3d:75:ed:6d:dd:f2:b6:41:d8:e9:c5:
                    fd:c3:ac:6e:c9:d6:0b:a7:a4:aa:5a:c7:74:c5:37:
                    d6:59:cf:28:2f:fc:1b:06:f3:ce:df:32:8d:de:59:
                    8b:3b:74:8e:ea:1a:d7:01:db:81:56:b7:dd:d4:95:
                    f3:d8:d0:14:b9:1f:e4:59:4f:cb:ec:b2:33:71:4e:
                    94:8c:db:14:36:d2:1b:08:c3:69:a3:11:05:51:ff:
                    08:62:24:34:3f:05:63:1c:b7:6c:62:d8:8b:09:e1:
                    a9:84:37:04:04:cb:f2:b3:8d:54:81:7b:49:c6:ed:
                    31:4b:23:dc:f1:69:f6:5d:8b:40:67:ef:94:81:ab:
                    5f:55:e1:67:7e:8d:3a:b2:a9:60:af:33:e2:96:3b:
                    3f:7b:b5:57:99:ea:d0:89:ef:ee:08:03:9f:a1:57:
                    66:78:fe:90:04:98:2a:fe:6e:42:ef:a6:b1:44:e7:
                    c9:0f:88:67:1f:4c:fb:c5:e2:56:bd:dd:0e:b6:73:
                    3b:db:37:b9:ef:55:f0:f5:24:ef:9f:f3:bb:0b:4d:
                    80:9e:e3:c4:35:11:66:df:df:71:62:c9:b8:cd:b8:
                    35:91:b0:62:33:0c:e7:33:db:b7:fc:82:fa:84:d1:
                    c9:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:E0:7B:D0:F2:37:5C:B3:D7:3F:B1:CB:32:32:56:0E:65:C6:10:21
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS146068.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:ad5a::/32

    Signature Algorithm: sha256WithRSAEncryption
         06:3f:fc:b8:ca:c1:4b:35:c3:41:5b:20:27:0a:65:77:3e:00:
         3a:30:26:9c:9e:4a:8c:22:8b:95:4c:36:87:8c:35:e0:27:e7:
         52:f0:2c:6b:4a:50:df:a4:87:f4:b4:6a:93:99:3d:c4:af:8a:
         d9:6a:94:60:64:c6:81:73:ad:c7:d4:dc:41:d5:e5:37:cd:9d:
         e1:9c:49:af:c0:1f:2e:5f:23:24:c5:b3:15:c9:46:df:fb:aa:
         14:bf:4c:5e:44:f3:ee:93:51:28:a5:86:81:d7:8f:15:e4:22:
         f1:d7:a2:97:4f:80:71:a4:00:5d:a0:6e:87:61:07:64:20:d5:
         27:9e:5c:0b:88:40:52:71:0c:5a:93:27:cb:e7:f2:b8:3e:be:
         7a:2a:14:6f:51:59:13:5d:fc:0b:0e:01:e4:4f:99:dc:2e:8e:
         a5:d1:ba:65:f8:84:27:22:ad:fa:4f:78:a8:d5:a4:ca:d4:e5:
         0e:7e:b0:0a:1c:f5:44:2b:fb:8a:9f:74:32:3f:3b:d5:8c:3e:
         4f:15:d2:a7:f5:3a:e7:92:7b:23:81:79:26:23:f8:44:75:f8:
         8c:ab:34:89:e8:d0:80:75:80:11:9b:df:92:34:c4:aa:a2:3d:
         af:51:23:c3:55:06:6f:98:2c:72:5f:9b:c2:2f:c3:c9:12:c4:
         f8:55:7e:d4
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUYYJjrwuzTTXzMX1BfTX8L87nQh0wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MjkwM1oX
DTI3MDMwMzA2MzQwM1owMzExMC8GA1UEAxMoRTdFMDdCRDBGMjM3NUNCM0Q3M0ZC
MUNCMzIzMjU2MEU2NUM2MTAyMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJ00YL3qgDmQHF8BozhhT/mBTD117W3d8rZB2OnF/cOsbsnWC6ekqlrHdMU3
1lnPKC/8Gwbzzt8yjd5Zizt0juoa1wHbgVa33dSV89jQFLkf5FlPy+yyM3FOlIzb
FDbSGwjDaaMRBVH/CGIkND8FYxy3bGLYiwnhqYQ3BATL8rONVIF7ScbtMUsj3PFp
9l2LQGfvlIGrX1XhZ36NOrKpYK8z4pY7P3u1V5nq0Inv7ggDn6FXZnj+kASYKv5u
Qu+msUTnyQ+IZx9M+8XiVr3dDrZzO9s3ue9V8PUk75/zuwtNgJ7jxDURZt/fcWLJ
uM24NZGwYjMM5zPbt/yC+oTRyb0CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBTn4HvQ
8jdcs9c/scsyMlYOZcYQITAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NjA2OC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
rVowDQYJKoZIhvcNAQELBQADggEBAAY//LjKwUs1w0FbICcKZXc+ADowJpyeSowi
i5VMNoeMNeAn51LwLGtKUN+kh/S0apOZPcSvitlqlGBkxoFzrcfU3EHV5TfNneGc
Sa/AHy5fIyTFsxXJRt/7qhS/TF5E8+6TUSilhoHXjxXkIvHXopdPgHGkAF2gbodh
B2Qg1SeeXAuIQFJxDFqTJ8vn8rg+vnoqFG9RWRNd/AsOAeRPmdwujqXRumX4hCci
rfpPeKjVpMrU5Q5+sAoc9UQr+4qfdDI/O9WMPk8V0qf1OueSeyOBeSYj+ER1+Iyr
NIno0IB1gBGb35I0xKqiPa9RI8NVBm+YLHJfm8Ivw8kSxPhVftQ=
-----END CERTIFICATE-----