Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS146083.roa
File:                     AS146083.roa (raw, json)
Hash identifier:          CVuNkfI8E2RJeFOiDMSN8SEMo0Wpd4SDZ9OGCA6NfL0=
Subject key identifier:   EB:CB:08:20:07:27:E3:1F:A7:13:81:37:84:53:01:16:4C:31:90:F8
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       6B9A7CE8DA783DC1139C8CC99EC6C5E7E5F49ED8
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS146083.roa
Signing time:             Wed 04 Mar 2026 06:33:58 +0000
ROA not before:           Wed 04 Mar 2026 06:28:58 +0000
ROA not after:            Wed 03 Mar 2027 06:33:58 +0000
asID:                     146083
IP address blocks:        240a:ad69::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6b:9a:7c:e8:da:78:3d:c1:13:9c:8c:c9:9e:c6:c5:e7:e5:f4:9e:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:28:58 2026 GMT
            Not After : Mar  3 06:33:58 2027 GMT
        Subject: CN=EBCB08200727E31FA7138137845301164C3190F8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:8f:bb:bb:d8:d9:3a:1a:9c:ea:7f:27:b8:dc:
                    eb:ec:72:10:00:91:2a:cf:80:68:b9:1c:21:6a:f6:
                    aa:0c:2c:0a:02:80:b6:1a:5d:8b:a9:ee:8e:34:ec:
                    93:16:62:18:a3:58:7b:1c:f9:c7:c4:18:80:e6:27:
                    70:91:32:cc:5f:4b:04:09:e6:20:f3:0f:2d:83:e5:
                    f3:f0:c9:c1:be:15:3b:b6:21:6f:46:7e:01:b3:d1:
                    02:4f:37:2d:8d:58:e6:57:64:04:ea:9f:6e:2b:e8:
                    52:b5:45:81:27:29:6e:11:b8:4f:ae:99:bb:ff:91:
                    3a:09:5a:76:1c:f5:2a:64:a1:00:0f:00:f5:16:bb:
                    48:8c:a6:1a:5a:bb:1e:e6:c9:44:91:2d:cb:5b:75:
                    8c:a4:c0:46:4b:d3:d0:50:6e:c3:8e:bf:43:1a:d8:
                    16:a8:5c:6d:64:8f:d4:6b:f0:7f:0c:10:97:e5:e3:
                    9e:81:2f:80:10:60:84:5c:8c:58:97:76:d7:16:dd:
                    c4:6b:40:c1:b2:41:70:a2:e2:09:ae:1f:95:6f:6f:
                    66:99:21:23:b1:e7:18:ff:fe:e6:36:8b:27:04:b9:
                    e8:07:18:c9:bd:ad:d0:94:0e:6f:21:91:5d:3b:14:
                    b9:4c:62:3d:66:c6:61:32:a2:60:38:20:8f:24:b7:
                    e1:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:CB:08:20:07:27:E3:1F:A7:13:81:37:84:53:01:16:4C:31:90:F8
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS146083.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:ad69::/32

    Signature Algorithm: sha256WithRSAEncryption
         30:03:11:cb:6e:91:f0:33:67:fc:28:87:87:ba:2a:26:76:df:
         bc:2c:7f:7c:2e:85:6a:2b:1b:f1:44:77:fd:7a:2f:8c:f5:5d:
         d9:5d:1c:fd:f1:95:63:33:61:a2:3b:41:68:14:dd:c9:9a:92:
         75:ab:b9:21:29:08:49:3c:1f:7d:d4:d3:ac:a1:50:3d:71:8a:
         61:81:29:5d:fd:7a:2d:84:7e:0b:79:4e:0a:3d:95:b2:60:88:
         12:06:87:39:3b:1b:c6:92:4d:06:a8:a6:a5:16:9e:ed:d2:d4:
         44:81:f0:92:3c:e3:3f:76:55:28:60:85:0e:b6:90:85:05:e4:
         88:bc:f9:cf:75:7c:2e:54:22:17:76:86:15:40:89:37:ca:17:
         d1:f8:50:76:7b:11:81:85:ff:c1:3c:7e:82:63:eb:3f:d7:24:
         5e:83:84:f9:74:ed:47:2d:6e:a1:1e:28:f6:3b:f2:49:70:1e:
         8f:7a:b5:d4:3f:ce:fa:8c:e7:61:af:36:d2:c7:67:af:1c:d2:
         a4:d0:16:41:8a:c6:fc:f4:84:28:bd:93:6d:83:bb:21:d6:36:
         85:06:6f:86:f2:d5:71:b0:e8:f1:ec:71:cc:9b:9e:b1:d1:56:
         d1:a2:ae:c8:55:a5:c0:f4:58:9b:d4:73:fc:d3:7b:d0:a5:76:
         14:ee:d2:cd
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUa5p86Np4PcETnIzJnsbF5+X0ntgwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2Mjg1OFoX
DTI3MDMwMzA2MzM1OFowMzExMC8GA1UEAxMoRUJDQjA4MjAwNzI3RTMxRkE3MTM4
MTM3ODQ1MzAxMTY0QzMxOTBGODCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMSPu7vY2ToanOp/J7jc6+xyEACRKs+AaLkcIWr2qgwsCgKAthpdi6nujjTs
kxZiGKNYexz5x8QYgOYncJEyzF9LBAnmIPMPLYPl8/DJwb4VO7Yhb0Z+AbPRAk83
LY1Y5ldkBOqfbivoUrVFgScpbhG4T66Zu/+ROgladhz1KmShAA8A9Ra7SIymGlq7
HubJRJEty1t1jKTARkvT0FBuw46/QxrYFqhcbWSP1GvwfwwQl+XjnoEvgBBghFyM
WJd21xbdxGtAwbJBcKLiCa4flW9vZpkhI7HnGP/+5jaLJwS56AcYyb2t0JQObyGR
XTsUuUxiPWbGYTKiYDggjyS34esCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBTrywgg
ByfjH6cTgTeEUwEWTDGQ+DAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NjA4My5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
rWkwDQYJKoZIhvcNAQELBQADggEBADADEctukfAzZ/woh4e6KiZ237wsf3wuhWor
G/FEd/16L4z1XdldHP3xlWMzYaI7QWgU3cmaknWruSEpCEk8H33U06yhUD1ximGB
KV39ei2Efgt5Tgo9lbJgiBIGhzk7G8aSTQaopqUWnu3S1ESB8JI84z92VShghQ62
kIUF5Ii8+c91fC5UIhd2hhVAiTfKF9H4UHZ7EYGF/8E8foJj6z/XJF6DhPl07Uct
bqEeKPY78klwHo96tdQ/zvqM52GvNtLHZ68c0qTQFkGKxvz0hCi9k22DuyHWNoUG
b4by1XGw6PHsccybnrHRVtGirshVpcD0WJvUc/zTe9CldhTu0s0=
-----END CERTIFICATE-----