Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS146146.roa
File:                     AS146146.roa (raw, json)
Hash identifier:          84sOOolrabnRwT/bseXJLG5aHxd6BALMNCfYtNRTN9Q=
Subject key identifier:   62:55:CC:8A:A3:2F:C1:E9:28:ED:D1:AC:0E:1B:7A:08:7B:82:5A:7A
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       43175208B1E9B7ECAA14C5B4E27FE09A38FD8A2D
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS146146.roa
Signing time:             Wed 04 Mar 2026 06:34:22 +0000
ROA not before:           Wed 04 Mar 2026 06:29:22 +0000
ROA not after:            Wed 03 Mar 2027 06:34:22 +0000
asID:                     146146
IP address blocks:        240a:ada8::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:17:52:08:b1:e9:b7:ec:aa:14:c5:b4:e2:7f:e0:9a:38:fd:8a:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:29:22 2026 GMT
            Not After : Mar  3 06:34:22 2027 GMT
        Subject: CN=6255CC8AA32FC1E928EDD1AC0E1B7A087B825A7A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:72:9b:45:f0:5c:e4:fd:28:69:c6:19:fd:49:
                    76:4f:31:38:25:0f:dd:c9:e0:d2:77:ce:99:49:cf:
                    75:46:3d:2f:64:ff:d9:c2:eb:b8:b6:f1:8e:01:da:
                    63:bc:3f:ff:6a:36:ce:70:15:bc:b9:b0:3f:96:a6:
                    9d:44:d1:c5:98:25:a5:47:31:09:d6:b6:3f:a9:70:
                    74:9e:d8:8c:e8:e4:b0:cc:b7:4e:59:76:1a:83:73:
                    14:c4:7e:45:8e:3a:f9:da:61:da:bf:b8:50:d5:e0:
                    f3:c8:1c:21:04:9c:75:90:32:4c:57:82:35:86:f8:
                    b9:27:a3:49:14:a6:43:3a:d3:48:6e:b6:29:7a:41:
                    ab:10:d6:89:d2:8d:93:e8:79:29:bf:33:1b:49:cc:
                    a5:fd:b8:30:43:89:70:2f:c3:78:6e:6e:74:73:a9:
                    59:4a:30:b8:5d:3d:0a:5d:95:74:00:1e:d2:d0:31:
                    d0:a7:ce:6d:8f:c8:58:9b:aa:24:ce:6a:61:0c:92:
                    48:1e:f8:b6:62:d2:66:77:48:ab:1d:ee:98:2f:e3:
                    97:59:38:43:34:a5:6e:a5:dc:ac:22:58:29:29:35:
                    5d:03:07:2e:b9:8f:7c:ff:24:1f:85:d7:c7:bc:23:
                    9a:2d:09:da:5d:84:d4:d7:5d:f1:27:5e:89:35:76:
                    20:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:55:CC:8A:A3:2F:C1:E9:28:ED:D1:AC:0E:1B:7A:08:7B:82:5A:7A
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS146146.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:ada8::/32

    Signature Algorithm: sha256WithRSAEncryption
         19:e5:25:18:b9:bf:b9:95:0a:25:b8:87:aa:51:60:2d:4b:67:
         d6:5e:6c:78:e8:36:7a:6a:f3:94:37:46:fc:7d:f0:3b:90:5a:
         b5:d8:13:63:7c:af:d3:bf:42:ff:98:9f:e1:c9:d3:14:d7:d6:
         4b:34:73:f0:44:fd:66:d9:c4:b2:cd:cb:ff:b7:f3:4c:7f:c7:
         89:78:b0:41:71:bd:53:7e:35:54:11:34:93:dc:bf:2b:e4:ff:
         73:28:21:37:1e:f4:dc:ee:2d:60:1d:31:1c:32:6a:fd:ad:8b:
         97:c9:a2:9a:f6:c6:a2:09:2a:1e:95:70:64:1c:87:53:6a:a8:
         21:d2:c0:00:fd:fd:9b:af:17:33:6e:b6:47:84:2c:36:28:d2:
         0a:59:f9:85:c8:a8:91:ef:1e:21:d3:71:cd:23:2f:bb:e7:42:
         cb:79:5d:91:9c:a9:83:65:f1:31:47:4e:88:78:e0:dd:c8:d3:
         bc:1b:46:27:d9:30:28:fb:86:6a:cc:a6:80:5f:88:af:9e:ed:
         1a:32:29:bc:43:d9:c3:a5:28:55:e8:93:af:bb:44:0f:10:49:
         73:de:21:7b:e4:c0:d5:1f:c8:5a:4a:f5:ca:8e:9e:cd:03:32:
         b6:3b:78:be:e2:ae:c7:1b:a5:f6:59:62:96:a6:b8:cd:6a:6e:
         da:53:51:d0
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUQxdSCLHpt+yqFMW04n/gmjj9ii0wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MjkyMloX
DTI3MDMwMzA2MzQyMlowMzExMC8GA1UEAxMoNjI1NUNDOEFBMzJGQzFFOTI4RURE
MUFDMEUxQjdBMDg3QjgyNUE3QTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOBym0XwXOT9KGnGGf1Jdk8xOCUP3cng0nfOmUnPdUY9L2T/2cLruLbxjgHa
Y7w//2o2znAVvLmwP5amnUTRxZglpUcxCda2P6lwdJ7YjOjksMy3Tll2GoNzFMR+
RY46+dph2r+4UNXg88gcIQScdZAyTFeCNYb4uSejSRSmQzrTSG62KXpBqxDWidKN
k+h5Kb8zG0nMpf24MEOJcC/DeG5udHOpWUowuF09Cl2VdAAe0tAx0KfObY/IWJuq
JM5qYQySSB74tmLSZndIqx3umC/jl1k4QzSlbqXcrCJYKSk1XQMHLrmPfP8kH4XX
x7wjmi0J2l2E1Ndd8SdeiTV2IEMCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBRiVcyK
oy/B6Sjt0awOG3oIe4JaejAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NjE0Ni5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
ragwDQYJKoZIhvcNAQELBQADggEBABnlJRi5v7mVCiW4h6pRYC1LZ9ZebHjoNnpq
85Q3Rvx98DuQWrXYE2N8r9O/Qv+Yn+HJ0xTX1ks0c/BE/WbZxLLNy/+380x/x4l4
sEFxvVN+NVQRNJPcvyvk/3MoITce9NzuLWAdMRwyav2ti5fJopr2xqIJKh6VcGQc
h1NqqCHSwAD9/ZuvFzNutkeELDYo0gpZ+YXIqJHvHiHTcc0jL7vnQst5XZGcqYNl
8TFHToh44N3I07wbRifZMCj7hmrMpoBfiK+e7RoyKbxD2cOlKFXok6+7RA8QSXPe
IXvkwNUfyFpK9cqOns0DMrY7eL7irscbpfZZYpamuM1qbtpTUdA=
-----END CERTIFICATE-----