Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS146114.roa
File:                     AS146114.roa (raw, json)
Hash identifier:          e1tVLQ1IdCMArVXe0jwfSsz3fkRKxzVrK6iT/p0Uoz4=
Subject key identifier:   96:66:CB:C5:05:57:7A:54:47:D2:10:82:8B:E0:72:0B:D1:C3:BB:14
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       37B3E013F5EF63C11FF1482C2FFBAD8AFE703432
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS146114.roa
Signing time:             Wed 04 Mar 2026 06:34:32 +0000
ROA not before:           Wed 04 Mar 2026 06:29:32 +0000
ROA not after:            Wed 03 Mar 2027 06:34:32 +0000
asID:                     146114
IP address blocks:        240a:ad88::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:b3:e0:13:f5:ef:63:c1:1f:f1:48:2c:2f:fb:ad:8a:fe:70:34:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:29:32 2026 GMT
            Not After : Mar  3 06:34:32 2027 GMT
        Subject: CN=9666CBC505577A5447D210828BE0720BD1C3BB14
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:6c:7c:ff:81:1d:bb:e5:db:e5:9d:44:6c:72:
                    4e:c6:26:d6:25:e9:c0:72:19:65:0a:69:a2:57:c1:
                    27:c8:fb:1d:ff:d0:d1:30:81:10:99:3b:9f:80:da:
                    8f:78:61:dd:9a:20:cc:0f:ec:27:8a:66:0f:c2:2a:
                    92:b7:fc:f0:7c:90:49:cc:3d:75:27:87:20:ea:df:
                    d2:93:d0:c7:ae:5f:2a:88:8a:5c:48:11:61:c6:31:
                    aa:53:d7:de:27:bd:2d:23:dc:06:19:e3:62:08:07:
                    40:aa:15:ee:03:c3:3c:2e:ab:52:c7:3c:b2:2e:33:
                    e4:8e:ab:61:c3:9c:8f:5c:11:23:0e:86:20:af:46:
                    a1:68:17:f9:8a:9a:0a:13:05:c0:ca:c7:46:c6:94:
                    15:13:20:f5:9e:9b:f1:36:b6:52:07:e6:e5:1f:0d:
                    8f:10:50:67:51:b4:3d:ee:d2:13:0c:bd:92:20:ea:
                    97:cc:0d:dc:0e:3d:53:a2:c6:33:ce:08:1e:3a:0d:
                    62:ed:fc:e9:9d:45:85:72:83:b0:a7:5c:50:d0:80:
                    14:24:55:43:a3:9a:cf:37:28:8c:0a:33:78:80:0a:
                    51:97:46:84:24:5b:2d:d9:59:35:18:09:a9:f8:62:
                    86:a4:02:c6:a7:a3:15:66:fe:02:3b:88:13:d9:f1:
                    f5:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:66:CB:C5:05:57:7A:54:47:D2:10:82:8B:E0:72:0B:D1:C3:BB:14
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS146114.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:ad88::/32

    Signature Algorithm: sha256WithRSAEncryption
         11:fc:d7:3e:dd:a1:12:20:e4:b5:79:70:6f:5f:df:29:e2:bc:
         63:d4:e7:f9:3b:15:e9:2e:85:f8:62:57:ea:ee:e9:5f:9a:a2:
         cc:30:68:ed:4d:a0:82:b2:ff:01:f4:bf:37:d4:f2:1d:a3:a1:
         bf:d6:22:51:f8:4d:aa:54:f0:c0:8e:c8:0e:90:2a:9f:92:ba:
         70:aa:cd:f0:b5:ab:0f:0c:f2:27:4e:8e:87:a6:01:6a:e5:dd:
         1d:d0:89:6c:9a:7a:89:b3:09:4a:d6:3c:f4:1f:9e:2f:08:42:
         e3:61:00:e3:cf:d3:28:a6:a2:43:5c:5c:f2:2e:20:ce:6d:87:
         10:15:92:bc:0b:0d:fc:2a:68:f6:48:26:f4:0b:12:cd:bd:b9:
         e9:fa:fc:36:d3:54:b7:3d:e3:f5:72:10:d5:5d:e7:6d:97:35:
         20:31:d5:3d:da:75:95:61:4e:04:0b:51:cf:d4:22:39:ae:87:
         55:08:da:6f:f2:09:fc:30:13:88:73:40:56:67:5f:02:16:3c:
         34:64:5b:69:0b:87:05:c1:b6:37:fd:ee:f8:1c:d4:c8:2d:8f:
         08:6d:e7:50:1e:a4:42:5f:59:a8:b7:19:be:55:c2:34:51:00:
         b8:5c:07:78:fc:34:70:9a:8e:40:be:58:db:43:90:d6:fd:62:
         d6:e0:53:d6
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUN7PgE/XvY8Ef8UgsL/utiv5wNDIwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MjkzMloX
DTI3MDMwMzA2MzQzMlowMzExMC8GA1UEAxMoOTY2NkNCQzUwNTU3N0E1NDQ3RDIx
MDgyOEJFMDcyMEJEMUMzQkIxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMtsfP+BHbvl2+WdRGxyTsYm1iXpwHIZZQppolfBJ8j7Hf/Q0TCBEJk7n4Da
j3hh3ZogzA/sJ4pmD8Iqkrf88HyQScw9dSeHIOrf0pPQx65fKoiKXEgRYcYxqlPX
3ie9LSPcBhnjYggHQKoV7gPDPC6rUsc8si4z5I6rYcOcj1wRIw6GIK9GoWgX+Yqa
ChMFwMrHRsaUFRMg9Z6b8Ta2Ugfm5R8NjxBQZ1G0Pe7SEwy9kiDql8wN3A49U6LG
M84IHjoNYu386Z1FhXKDsKdcUNCAFCRVQ6OazzcojAozeIAKUZdGhCRbLdlZNRgJ
qfhihqQCxqejFWb+AjuIE9nx9cECAwEAAaOCAcUwggHBMB0GA1UdDgQWBBSWZsvF
BVd6VEfSEIKL4HIL0cO7FDAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NjExNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
rYgwDQYJKoZIhvcNAQELBQADggEBABH81z7doRIg5LV5cG9f3ynivGPU5/k7Feku
hfhiV+ru6V+aoswwaO1NoIKy/wH0vzfU8h2job/WIlH4TapU8MCOyA6QKp+SunCq
zfC1qw8M8idOjoemAWrl3R3QiWyaeomzCUrWPPQfni8IQuNhAOPP0yimokNcXPIu
IM5thxAVkrwLDfwqaPZIJvQLEs29uen6/DbTVLc94/VyENVd522XNSAx1T3adZVh
TgQLUc/UIjmuh1UI2m/yCfwwE4hzQFZnXwIWPDRkW2kLhwXBtjf97vgc1Mgtjwht
51AepEJfWai3Gb5VwjRRALhcB3j8NHCajkC+WNtDkNb9YtbgU9Y=
-----END CERTIFICATE-----