Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS146145.roa
File:                     AS146145.roa (raw, json)
Hash identifier:          XrAvG/50HcpkLUA0yRVHL3EaLDToxEuMvldx0tsauFo=
Subject key identifier:   2D:FC:AA:52:5F:11:8B:B5:BC:F8:38:4C:69:3D:17:E1:FD:2C:97:2F
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       7FB149CE9CCB9D40E5FFD7A63195737A0B6ADDF6
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS146145.roa
Signing time:             Wed 04 Mar 2026 06:34:34 +0000
ROA not before:           Wed 04 Mar 2026 06:29:34 +0000
ROA not after:            Wed 03 Mar 2027 06:34:34 +0000
asID:                     146145
IP address blocks:        240a:ada7::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7f:b1:49:ce:9c:cb:9d:40:e5:ff:d7:a6:31:95:73:7a:0b:6a:dd:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:29:34 2026 GMT
            Not After : Mar  3 06:34:34 2027 GMT
        Subject: CN=2DFCAA525F118BB5BCF8384C693D17E1FD2C972F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:bd:5f:f8:8a:ac:eb:03:fa:f8:9f:9e:ea:bd:
                    5c:d9:67:72:92:13:56:1a:db:ae:60:c5:2d:09:d5:
                    8d:08:ba:72:27:f4:4f:12:32:f4:00:7b:91:1d:03:
                    54:b5:a3:9c:b9:7a:b0:9d:b9:6a:7b:22:0a:71:7e:
                    d0:40:95:d6:5b:9e:7d:90:05:eb:b2:7c:8d:c7:56:
                    e4:42:c5:e7:34:a2:3b:f9:3d:fb:52:ee:10:57:c1:
                    16:14:b1:64:62:ea:5c:01:62:18:04:de:7e:f3:10:
                    6b:e1:96:92:2a:bb:4c:90:92:c8:a5:89:cc:41:b7:
                    39:4f:10:4b:95:28:db:a6:c1:78:58:d0:ce:9c:b7:
                    ef:07:d2:98:51:2c:c3:fc:59:54:7d:9c:69:ba:b7:
                    83:5a:bc:69:64:4e:79:61:21:dc:d8:cf:d4:33:d3:
                    44:06:43:7e:e9:94:0b:2c:76:38:69:fe:80:f2:26:
                    09:cb:ca:c2:c9:bb:0a:5e:6b:8a:2e:7e:e5:12:fd:
                    4c:40:f3:0e:1d:72:89:dc:cd:a0:42:ef:fc:f5:85:
                    ed:d6:0e:67:45:e0:fa:eb:7f:d0:c3:a0:72:4a:2b:
                    5a:ab:02:fd:f0:c5:6b:24:fe:2a:63:e3:1e:db:3c:
                    0e:e8:3c:b0:34:d2:f2:3a:ce:f4:48:49:ed:25:18:
                    f1:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:FC:AA:52:5F:11:8B:B5:BC:F8:38:4C:69:3D:17:E1:FD:2C:97:2F
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS146145.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:ada7::/32

    Signature Algorithm: sha256WithRSAEncryption
         cd:c8:ec:c8:42:11:b9:7b:0d:ef:e2:a6:c0:40:7a:bc:5a:a6:
         45:68:63:e6:ba:03:72:9a:33:9f:c7:ea:79:f3:29:b7:2b:dd:
         3a:a4:25:7a:88:ae:2f:b4:f7:3a:e3:d8:72:34:17:f4:e4:5e:
         de:3a:16:bc:2d:27:fe:40:9a:97:62:69:1f:b6:51:0a:f5:cb:
         83:4b:35:a7:f5:44:4b:3b:b1:32:7e:cf:e3:c7:fe:69:20:fe:
         88:a7:6b:d9:e0:f6:44:78:f2:01:43:78:3c:da:e0:bc:24:83:
         aa:40:57:8c:5f:5b:1b:db:ed:01:ab:c8:07:f8:74:0b:9e:21:
         6a:db:d6:7b:39:d6:41:0a:34:4a:40:91:f0:35:58:06:91:99:
         51:18:e5:af:99:83:cb:78:29:02:24:f1:16:34:9e:9d:62:ab:
         a1:1c:55:a3:c4:a9:9c:a7:20:7a:04:e1:43:df:70:ae:4c:58:
         b6:f8:38:8b:9d:b3:d9:df:f6:62:67:ac:58:5c:34:78:cb:dd:
         52:99:4c:53:bd:3e:12:20:16:cf:c3:6e:4b:9f:c2:28:f4:ff:
         bc:13:52:87:b3:69:dd:5e:cd:b2:f4:e7:91:71:18:1e:ed:2a:
         35:de:5e:e8:28:b3:74:ab:18:a7:27:da:c5:00:a4:51:55:ba:
         6f:0d:d0:13
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUf7FJzpzLnUDl/9emMZVzegtq3fYwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MjkzNFoX
DTI3MDMwMzA2MzQzNFowMzExMC8GA1UEAxMoMkRGQ0FBNTI1RjExOEJCNUJDRjgz
ODRDNjkzRDE3RTFGRDJDOTcyRjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKi9X/iKrOsD+vifnuq9XNlncpITVhrbrmDFLQnVjQi6cif0TxIy9AB7kR0D
VLWjnLl6sJ25ansiCnF+0ECV1luefZAF67J8jcdW5ELF5zSiO/k9+1LuEFfBFhSx
ZGLqXAFiGATefvMQa+GWkiq7TJCSyKWJzEG3OU8QS5Uo26bBeFjQzpy37wfSmFEs
w/xZVH2cabq3g1q8aWROeWEh3NjP1DPTRAZDfumUCyx2OGn+gPImCcvKwsm7Cl5r
ii5+5RL9TEDzDh1yidzNoELv/PWF7dYOZ0Xg+ut/0MOgckorWqsC/fDFayT+KmPj
Hts8Dug8sDTS8jrO9EhJ7SUY8RcCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQt/KpS
XxGLtbz4OExpPRfh/SyXLzAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NjE0NS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
racwDQYJKoZIhvcNAQELBQADggEBAM3I7MhCEbl7De/ipsBAerxapkVoY+a6A3Ka
M5/H6nnzKbcr3TqkJXqIri+09zrj2HI0F/TkXt46FrwtJ/5AmpdiaR+2UQr1y4NL
Naf1REs7sTJ+z+PH/mkg/oina9ng9kR48gFDeDza4Lwkg6pAV4xfWxvb7QGryAf4
dAueIWrb1ns51kEKNEpAkfA1WAaRmVEY5a+Zg8t4KQIk8RY0np1iq6EcVaPEqZyn
IHoE4UPfcK5MWLb4OIuds9nf9mJnrFhcNHjL3VKZTFO9PhIgFs/Dbkufwij0/7wT
Uoezad1ezbL055FxGB7tKjXeXugos3SrGKcn2sUApFFVum8N0BM=
-----END CERTIFICATE-----