Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS146132.roa
File:                     AS146132.roa (raw, json)
Hash identifier:          Eug+f1lAJp4raWGHQHcsGhCgru8SlCoBvwrDmeYmRy0=
Subject key identifier:   9C:34:6A:16:EF:D1:4F:84:1C:A9:A4:9F:50:05:30:0B:A1:FD:A0:9B
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       4B0B7689AF0C31F24B5C20637D11493494D619BA
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS146132.roa
Signing time:             Wed 04 Mar 2026 06:33:50 +0000
ROA not before:           Wed 04 Mar 2026 06:28:50 +0000
ROA not after:            Wed 03 Mar 2027 06:33:50 +0000
asID:                     146132
IP address blocks:        240a:ad9a::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4b:0b:76:89:af:0c:31:f2:4b:5c:20:63:7d:11:49:34:94:d6:19:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:28:50 2026 GMT
            Not After : Mar  3 06:33:50 2027 GMT
        Subject: CN=9C346A16EFD14F841CA9A49F5005300BA1FDA09B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:7b:47:29:91:0d:fa:d4:33:6f:57:37:6b:8e:
                    13:d1:f1:a0:02:60:31:e7:cc:33:f0:10:a1:33:25:
                    88:9b:af:30:36:c2:ff:3e:ba:7f:48:79:31:44:89:
                    ab:00:e4:10:25:8f:2f:7b:cb:32:c1:e3:14:8c:73:
                    1e:8f:3a:fd:6e:73:cd:77:00:13:2f:38:de:6c:ee:
                    25:f4:ba:d9:29:82:a7:4c:79:29:63:85:dc:a3:e1:
                    a0:72:f5:d1:20:24:0d:c0:27:75:f5:01:b2:21:90:
                    51:5f:34:d6:2a:61:a1:14:dc:e4:7f:a4:6f:44:b2:
                    e6:4f:5e:9c:6b:61:b2:4e:f9:12:df:f3:fc:97:cd:
                    2c:44:28:8b:72:54:79:72:9f:4a:8e:dc:da:fd:db:
                    05:0d:ff:59:fe:d6:18:aa:e0:5d:08:f2:da:6c:40:
                    9b:bc:d0:32:64:a5:3e:cf:a6:f5:a7:d6:ba:dc:bf:
                    07:e3:c1:fd:77:8b:15:f3:6f:b7:50:14:21:08:6a:
                    86:d8:10:fc:09:cd:31:7d:5b:6c:0d:57:23:ce:ab:
                    dd:82:e8:8d:57:9f:90:b3:6f:b4:66:cf:3e:fd:c8:
                    00:15:a4:18:75:a5:cd:32:24:3a:45:63:a9:03:90:
                    a3:62:45:8e:e7:6b:cb:be:54:58:ef:ff:72:2d:70:
                    8e:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:34:6A:16:EF:D1:4F:84:1C:A9:A4:9F:50:05:30:0B:A1:FD:A0:9B
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS146132.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:ad9a::/32

    Signature Algorithm: sha256WithRSAEncryption
         41:35:07:e9:bd:50:1a:71:2a:6a:61:c3:8d:27:ee:a1:9a:dd:
         70:bc:26:7f:61:f5:e3:d4:0e:cc:c4:64:ff:24:3a:5d:5a:f2:
         44:0c:7b:ba:49:1f:e7:95:ed:47:81:7f:6f:af:e8:ea:39:5e:
         a9:49:b1:b3:41:21:1b:50:5c:d2:0e:6d:b2:be:d7:3d:f9:ce:
         85:c0:56:c4:8d:af:67:6b:90:4f:21:33:1a:f7:cb:84:1d:ad:
         42:a6:88:d0:6a:ee:db:3d:8d:92:9b:a3:69:4d:cc:32:5a:12:
         61:dd:e6:a7:85:b6:cd:88:02:0c:d5:85:bb:da:cf:82:dc:a9:
         4c:18:72:8c:ca:ee:ab:d2:a3:8b:82:d5:f7:a1:b8:b7:d9:fb:
         f6:69:52:63:f9:ed:af:af:1c:b9:8b:c9:a8:04:59:4f:84:7f:
         cf:d5:b7:b1:8c:24:fa:0f:d7:1b:a2:93:aa:08:bd:ed:5d:dd:
         4a:b2:35:36:0f:53:9a:20:3f:38:ec:a3:00:c3:f3:9c:0e:78:
         a2:95:07:e4:33:c2:0a:6b:e7:4e:51:44:c3:34:87:f8:2c:d6:
         3a:a2:3b:60:11:1c:a7:07:50:27:9a:f8:3c:fa:d5:73:1d:10:
         dc:54:bd:d3:3f:33:67:a3:68:32:bf:b4:52:bc:a6:e5:10:7e:
         ae:9c:62:36
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUSwt2ia8MMfJLXCBjfRFJNJTWGbowDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2Mjg1MFoX
DTI3MDMwMzA2MzM1MFowMzExMC8GA1UEAxMoOUMzNDZBMTZFRkQxNEY4NDFDQTlB
NDlGNTAwNTMwMEJBMUZEQTA5QjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALh7RymRDfrUM29XN2uOE9HxoAJgMefMM/AQoTMliJuvMDbC/z66f0h5MUSJ
qwDkECWPL3vLMsHjFIxzHo86/W5zzXcAEy843mzuJfS62SmCp0x5KWOF3KPhoHL1
0SAkDcAndfUBsiGQUV801iphoRTc5H+kb0Sy5k9enGthsk75Et/z/JfNLEQoi3JU
eXKfSo7c2v3bBQ3/Wf7WGKrgXQjy2mxAm7zQMmSlPs+m9afWuty/B+PB/XeLFfNv
t1AUIQhqhtgQ/AnNMX1bbA1XI86r3YLojVefkLNvtGbPPv3IABWkGHWlzTIkOkVj
qQOQo2JFjudry75UWO//ci1wjkUCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBScNGoW
79FPhByppJ9QBTALof2gmzAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NjEzMi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
rZowDQYJKoZIhvcNAQELBQADggEBAEE1B+m9UBpxKmphw40n7qGa3XC8Jn9h9ePU
DszEZP8kOl1a8kQMe7pJH+eV7UeBf2+v6Oo5XqlJsbNBIRtQXNIObbK+1z35zoXA
VsSNr2drkE8hMxr3y4QdrUKmiNBq7ts9jZKbo2lNzDJaEmHd5qeFts2IAgzVhbva
z4LcqUwYcozK7qvSo4uC1fehuLfZ+/ZpUmP57a+vHLmLyagEWU+Ef8/Vt7GMJPoP
1xuik6oIve1d3UqyNTYPU5ogPzjsowDD85wOeKKVB+Qzwgpr505RRMM0h/gs1jqi
O2ARHKcHUCea+Dz61XMdENxUvdM/M2ejaDK/tFK8puUQfq6cYjY=
-----END CERTIFICATE-----