Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS146142.roa
File:                     AS146142.roa (raw, json)
Hash identifier:          TY5UE3RAMlWCl+f6isIFhEsEgkGF0dO4By5H6STlwJQ=
Subject key identifier:   E5:47:DB:9E:50:BF:2F:48:38:61:22:D6:5C:24:59:8E:B9:D5:09:24
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       29A5184CA60A8E8231274257FEAF559ED321D8F6
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS146142.roa
Signing time:             Wed 04 Mar 2026 06:33:36 +0000
ROA not before:           Wed 04 Mar 2026 06:28:36 +0000
ROA not after:            Wed 03 Mar 2027 06:33:36 +0000
asID:                     146142
IP address blocks:        240a:ada4::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            29:a5:18:4c:a6:0a:8e:82:31:27:42:57:fe:af:55:9e:d3:21:d8:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:28:36 2026 GMT
            Not After : Mar  3 06:33:36 2027 GMT
        Subject: CN=E547DB9E50BF2F48386122D65C24598EB9D50924
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:09:c0:12:82:af:fd:77:59:ae:18:a9:0c:74:
                    e8:87:0e:a4:b7:db:f6:a0:7d:68:a2:dd:34:8b:f7:
                    fa:55:9b:cb:f4:5d:f5:c5:24:de:61:87:b5:d2:db:
                    5f:53:6d:a0:40:58:69:96:40:9f:c6:8d:c1:12:82:
                    5a:ae:f4:1a:e1:1e:48:68:2a:53:c4:30:e9:cc:e8:
                    b6:bf:24:33:74:a3:d0:8b:73:aa:51:cc:5f:a6:13:
                    19:bc:5a:98:ec:11:67:90:9b:9e:cd:ad:22:58:fe:
                    02:d7:83:75:d9:e8:ec:8b:b3:f3:29:c7:65:8f:c3:
                    3b:c8:ff:c3:4f:3d:2a:bc:74:ed:89:3e:da:1e:30:
                    63:31:44:79:0c:ad:98:f7:7d:50:8e:0a:24:d1:84:
                    74:3b:b1:76:cd:45:8a:28:ce:b0:2e:5e:2a:a9:74:
                    9c:78:76:ed:3a:3b:64:11:76:c5:a8:b9:d9:33:a9:
                    65:a4:77:c9:7e:5e:fd:e7:29:a7:ca:02:8c:40:99:
                    6a:a3:c0:02:4c:de:7e:40:61:a5:c0:e3:fb:d9:60:
                    72:e3:77:aa:96:7a:ac:dc:e9:ab:75:56:a8:47:1a:
                    e1:01:f1:6a:cd:f5:15:1a:71:b3:4a:85:bb:af:1c:
                    3c:2c:6e:96:ab:c7:22:0a:d7:a3:7a:57:87:de:57:
                    bc:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:47:DB:9E:50:BF:2F:48:38:61:22:D6:5C:24:59:8E:B9:D5:09:24
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS146142.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:ada4::/32

    Signature Algorithm: sha256WithRSAEncryption
         42:6e:e3:47:36:0a:ef:ae:2d:7a:e8:7a:cd:2a:05:ac:13:f3:
         0f:6b:9a:d4:ca:f6:7d:c6:14:57:47:66:75:69:af:b4:d5:75:
         c3:be:2e:2a:bf:44:2d:af:df:b4:0a:9f:5b:bc:60:27:0d:a1:
         cd:30:f9:0b:15:be:8d:4f:71:ab:1b:05:b8:3c:aa:71:a1:06:
         3d:05:31:01:bc:2b:f5:46:9d:c4:55:43:7e:9b:a3:9a:8b:bc:
         a5:dd:49:d2:3c:4d:35:dc:f6:16:8b:2a:07:97:be:d0:a3:a4:
         98:af:10:cb:91:96:98:3a:ab:53:47:00:25:8c:5e:9e:87:9d:
         52:6d:a3:02:24:3e:b0:97:86:ff:6e:26:56:d7:7f:40:bd:94:
         04:15:25:2c:dd:7d:c5:bc:5a:d2:0a:c8:54:bb:88:10:3c:58:
         f2:d7:88:47:68:2d:9c:03:33:a4:be:2c:9d:fa:33:ee:de:8a:
         7e:00:9e:3d:12:34:56:80:92:19:e3:74:66:d7:21:28:50:bd:
         83:6d:fe:55:f8:3b:44:c8:0b:63:cb:cc:a9:68:f7:d7:ce:4d:
         fd:f0:89:6f:a6:e9:84:d2:a4:8a:95:dc:47:72:68:ff:86:ce:
         45:33:9c:4e:09:a1:49:79:a7:29:da:53:74:08:05:c5:6c:f0:
         a4:94:63:7c
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUKaUYTKYKjoIxJ0JX/q9VntMh2PYwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MjgzNloX
DTI3MDMwMzA2MzMzNlowMzExMC8GA1UEAxMoRTU0N0RCOUU1MEJGMkY0ODM4NjEy
MkQ2NUMyNDU5OEVCOUQ1MDkyNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAM0JwBKCr/13Wa4YqQx06IcOpLfb9qB9aKLdNIv3+lWby/Rd9cUk3mGHtdLb
X1NtoEBYaZZAn8aNwRKCWq70GuEeSGgqU8Qw6czotr8kM3Sj0ItzqlHMX6YTGbxa
mOwRZ5Cbns2tIlj+AteDddno7Iuz8ynHZY/DO8j/w089Krx07Yk+2h4wYzFEeQyt
mPd9UI4KJNGEdDuxds1FiijOsC5eKql0nHh27To7ZBF2xai52TOpZaR3yX5e/ecp
p8oCjECZaqPAAkzefkBhpcDj+9lgcuN3qpZ6rNzpq3VWqEca4QHxas31FRpxs0qF
u68cPCxulqvHIgrXo3pXh95XvEMCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBTlR9ue
UL8vSDhhItZcJFmOudUJJDAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NjE0Mi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
raQwDQYJKoZIhvcNAQELBQADggEBAEJu40c2Cu+uLXroes0qBawT8w9rmtTK9n3G
FFdHZnVpr7TVdcO+Liq/RC2v37QKn1u8YCcNoc0w+QsVvo1PcasbBbg8qnGhBj0F
MQG8K/VGncRVQ36bo5qLvKXdSdI8TTXc9haLKgeXvtCjpJivEMuRlpg6q1NHACWM
Xp6HnVJtowIkPrCXhv9uJlbXf0C9lAQVJSzdfcW8WtIKyFS7iBA8WPLXiEdoLZwD
M6S+LJ36M+7ein4Anj0SNFaAkhnjdGbXIShQvYNt/lX4O0TIC2PLzKlo99fOTf3w
iW+m6YTSpIqV3EdyaP+GzkUznE4JoUl5pynaU3QIBcVs8KSUY3w=
-----END CERTIFICATE-----