Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS146133.roa
File:                     AS146133.roa (raw, json)
Hash identifier:          I6pmIPwUr8lqSyHjWRrU/EVAaBJnlmAjCuzUW3EJ9K8=
Subject key identifier:   A7:9E:62:9A:CA:83:CB:3D:FA:91:4C:FA:77:8A:A8:9B:9F:7D:35:1E
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       47CDD939F1A9005073D04E0EDDEA734F788291F3
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS146133.roa
Signing time:             Wed 04 Mar 2026 06:34:16 +0000
ROA not before:           Wed 04 Mar 2026 06:29:16 +0000
ROA not after:            Wed 03 Mar 2027 06:34:16 +0000
asID:                     146133
IP address blocks:        240a:ad9b::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:cd:d9:39:f1:a9:00:50:73:d0:4e:0e:dd:ea:73:4f:78:82:91:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:29:16 2026 GMT
            Not After : Mar  3 06:34:16 2027 GMT
        Subject: CN=A79E629ACA83CB3DFA914CFA778AA89B9F7D351E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:33:20:5b:86:65:e7:b4:d9:51:25:01:91:3e:
                    cf:39:ae:61:f4:80:f9:0c:f0:90:00:3a:fc:65:95:
                    d9:cb:fb:f0:a1:6d:16:30:21:07:bb:61:b5:1c:1a:
                    1f:03:85:69:e5:57:3c:b0:27:53:90:c6:cc:8d:04:
                    0e:a1:df:f0:b4:c9:38:76:d4:e0:ee:dd:bb:56:0f:
                    be:63:21:b1:d7:a0:0a:8f:c4:73:60:f1:51:e9:cc:
                    86:11:33:0d:34:80:cd:32:88:19:fb:11:61:45:fe:
                    90:ff:6d:bb:06:58:23:0d:c2:3c:3e:62:43:2f:94:
                    4a:c1:2f:80:81:35:5c:51:90:04:cb:f3:98:7e:c8:
                    cc:13:32:56:80:86:1f:b0:de:b8:57:dc:3f:01:a2:
                    5e:26:fa:6a:d9:16:13:a3:66:06:9d:3d:36:fe:a7:
                    1c:dd:74:5f:ce:48:ec:c3:f6:30:b2:f4:df:88:55:
                    59:f1:09:78:fd:43:62:97:1b:81:0f:d2:68:30:ad:
                    f2:28:f3:f3:7c:93:cb:03:1c:0c:c8:56:03:71:46:
                    2f:78:d5:81:4e:e9:27:ac:b6:6a:6d:f9:35:07:89:
                    e3:fe:00:de:dc:e9:75:88:0b:9e:67:a3:00:2e:b8:
                    63:83:34:77:4a:e2:e0:55:14:c1:a5:ae:6b:51:a9:
                    1b:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:9E:62:9A:CA:83:CB:3D:FA:91:4C:FA:77:8A:A8:9B:9F:7D:35:1E
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS146133.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:ad9b::/32

    Signature Algorithm: sha256WithRSAEncryption
         69:9a:ad:ad:7a:8b:7c:0c:ab:b2:3e:3f:92:79:e9:23:0c:a5:
         28:ef:9c:49:56:72:f3:e9:5f:87:81:bb:0e:f0:83:03:d9:50:
         18:e7:de:b9:3b:18:67:f4:b0:11:6d:b6:b2:fa:34:a6:03:f3:
         1d:9f:2a:d5:79:fe:63:fa:54:27:8b:64:91:bd:07:d7:a7:eb:
         58:ac:c4:1a:b1:c6:84:34:c8:4a:dd:ab:fb:7e:e6:e3:6f:74:
         58:1a:db:0d:46:7f:2f:2f:63:61:4d:77:d0:c0:a3:67:2e:3c:
         31:5b:29:db:9d:d2:de:96:34:fc:cc:4a:f8:df:e9:92:29:bb:
         12:66:c4:e3:34:67:ad:96:36:41:18:3f:53:18:54:59:03:2b:
         25:67:d4:f5:57:cc:f0:f7:9f:56:85:ea:27:b5:ef:68:c1:a3:
         54:a5:9e:0a:c4:f2:82:02:24:23:29:71:de:32:7b:85:f0:17:
         dd:be:52:63:25:e9:89:86:69:2e:69:41:cb:cd:86:39:76:b6:
         60:63:50:73:73:a7:54:16:d4:08:6c:77:e3:c2:05:fa:f0:b6:
         d9:f6:47:67:79:41:ec:07:9f:e8:98:3a:90:b0:22:aa:c7:c2:
         90:02:f1:aa:9d:56:6c:82:f7:07:c4:e7:16:f5:9c:c0:f3:7b:
         c1:b0:25:a5
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUR83ZOfGpAFBz0E4O3epzT3iCkfMwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MjkxNloX
DTI3MDMwMzA2MzQxNlowMzExMC8GA1UEAxMoQTc5RTYyOUFDQTgzQ0IzREZBOTE0
Q0ZBNzc4QUE4OUI5RjdEMzUxRTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKczIFuGZee02VElAZE+zzmuYfSA+QzwkAA6/GWV2cv78KFtFjAhB7thtRwa
HwOFaeVXPLAnU5DGzI0EDqHf8LTJOHbU4O7du1YPvmMhsdegCo/Ec2DxUenMhhEz
DTSAzTKIGfsRYUX+kP9tuwZYIw3CPD5iQy+USsEvgIE1XFGQBMvzmH7IzBMyVoCG
H7DeuFfcPwGiXib6atkWE6NmBp09Nv6nHN10X85I7MP2MLL034hVWfEJeP1DYpcb
gQ/SaDCt8ijz83yTywMcDMhWA3FGL3jVgU7pJ6y2am35NQeJ4/4A3tzpdYgLnmej
AC64Y4M0d0ri4FUUwaWua1GpG4ECAwEAAaOCAcUwggHBMB0GA1UdDgQWBBSnnmKa
yoPLPfqRTPp3iqibn301HjAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NjEzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
rZswDQYJKoZIhvcNAQELBQADggEBAGmara16i3wMq7I+P5J56SMMpSjvnElWcvPp
X4eBuw7wgwPZUBjn3rk7GGf0sBFttrL6NKYD8x2fKtV5/mP6VCeLZJG9B9en61is
xBqxxoQ0yErdq/t+5uNvdFga2w1Gfy8vY2FNd9DAo2cuPDFbKdud0t6WNPzMSvjf
6ZIpuxJmxOM0Z62WNkEYP1MYVFkDKyVn1PVXzPD3n1aF6ie172jBo1SlngrE8oIC
JCMpcd4ye4XwF92+UmMl6YmGaS5pQcvNhjl2tmBjUHNzp1QW1Ahsd+PCBfrwttn2
R2d5QewHn+iYOpCwIqrHwpAC8aqdVmyC9wfE5xb1nMDze8GwJaU=
-----END CERTIFICATE-----