Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS146162.roa
File:                     AS146162.roa (raw, json)
Hash identifier:          6Q9WNIkG0RX++wiLTOa5J/IhrFSJSkAmEmiUL2NwASE=
Subject key identifier:   D3:5D:7D:54:CE:7E:45:9E:AB:1E:AA:35:D8:45:20:D4:B3:7C:8F:A1
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       77291D54B1261243BEDB1B3221E2EDC53814D0E9
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS146162.roa
Signing time:             Wed 04 Mar 2026 06:34:56 +0000
ROA not before:           Wed 04 Mar 2026 06:29:56 +0000
ROA not after:            Wed 03 Mar 2027 06:34:56 +0000
asID:                     146162
IP address blocks:        240a:adb8::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            77:29:1d:54:b1:26:12:43:be:db:1b:32:21:e2:ed:c5:38:14:d0:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:29:56 2026 GMT
            Not After : Mar  3 06:34:56 2027 GMT
        Subject: CN=D35D7D54CE7E459EAB1EAA35D84520D4B37C8FA1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:e7:fb:d6:9c:fe:e4:eb:5b:a4:6e:0b:28:ac:
                    04:c4:bf:01:e0:7e:6b:9b:c2:a3:b8:e3:fd:6b:aa:
                    e3:6a:bc:f9:7b:25:ce:d4:53:fc:f9:c2:f9:09:0f:
                    62:65:9c:07:4d:4d:39:4c:11:e0:eb:eb:9b:d5:69:
                    dc:ad:0e:02:6f:39:b7:20:37:58:35:2c:86:1c:a4:
                    f2:74:dc:f6:a0:07:62:e8:38:f4:da:e0:c2:e7:ec:
                    cb:11:33:86:37:d3:d0:f8:ea:7d:eb:22:ee:e7:91:
                    18:72:83:94:dc:6c:b9:77:9b:95:fa:74:79:1a:87:
                    43:70:eb:fa:7b:2a:b0:03:49:81:12:47:8e:86:fa:
                    36:52:f5:4d:f7:aa:d4:87:62:13:6a:4b:99:e9:d5:
                    f4:9f:4b:84:0b:da:39:a3:8a:63:10:40:a1:f4:42:
                    5d:ab:bd:4d:e8:b5:71:3f:0e:18:d0:2a:e8:af:72:
                    0c:87:f4:2d:4c:82:7d:7c:78:d3:53:b9:f3:0e:3b:
                    8c:92:5b:77:af:01:5d:ca:7c:6c:0b:7c:1c:97:c9:
                    bd:8d:e7:25:5b:5b:ef:18:da:9f:1f:c7:51:aa:a0:
                    92:e1:96:b7:5f:8d:ba:98:c4:fe:29:3c:19:41:f3:
                    0c:83:78:cc:e7:e6:a7:5f:a8:e9:bf:b6:dc:29:3c:
                    f3:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:5D:7D:54:CE:7E:45:9E:AB:1E:AA:35:D8:45:20:D4:B3:7C:8F:A1
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS146162.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:adb8::/32

    Signature Algorithm: sha256WithRSAEncryption
         70:15:02:5e:1a:a0:f6:7d:cf:37:32:c8:d3:d6:b9:e8:c1:42:
         a8:bc:df:d8:4f:65:76:d8:58:d2:9d:5b:a4:01:c9:6b:eb:57:
         e0:2d:54:fb:eb:b4:c2:50:5c:4a:aa:70:5c:07:5e:be:a8:7c:
         02:35:b0:ad:9d:f8:51:db:86:d7:7c:87:90:31:50:41:88:97:
         33:e6:22:d3:8a:e4:d9:c9:c6:16:5d:a9:b0:8e:ee:af:70:46:
         47:57:01:ce:7c:09:77:92:4c:7a:48:2d:ef:23:85:19:a7:2a:
         b1:6f:68:bf:c3:07:a5:f2:f6:ac:b3:85:41:f4:af:14:9a:e0:
         6e:35:6b:55:c5:6e:3b:91:b8:a2:ab:05:5d:8c:33:d5:37:a4:
         49:fd:90:ac:de:dd:0f:6e:f7:47:7d:26:8b:eb:b0:70:f6:d7:
         df:8e:98:18:a3:ba:be:7b:88:24:33:b2:6b:3b:d4:6a:c9:53:
         98:b7:26:0c:2d:a0:5d:d6:4a:51:c3:d8:a5:8f:91:3b:f9:e5:
         15:6d:4c:9f:93:d5:72:84:42:68:a5:99:0b:74:4c:0e:a2:ce:
         88:0d:9c:b7:f4:5d:92:28:6d:c1:65:c9:ec:38:23:b2:35:30:
         71:75:12:12:e3:90:3e:da:fe:1e:e2:4a:06:85:d8:79:fe:a3:
         c1:16:97:7c
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUdykdVLEmEkO+2xsyIeLtxTgU0OkwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2Mjk1NloX
DTI3MDMwMzA2MzQ1NlowMzExMC8GA1UEAxMoRDM1RDdENTRDRTdFNDU5RUFCMUVB
QTM1RDg0NTIwRDRCMzdDOEZBMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALvn+9ac/uTrW6RuCyisBMS/AeB+a5vCo7jj/Wuq42q8+XslztRT/PnC+QkP
YmWcB01NOUwR4Ovrm9Vp3K0OAm85tyA3WDUshhyk8nTc9qAHYug49NrgwufsyxEz
hjfT0Pjqfesi7ueRGHKDlNxsuXeblfp0eRqHQ3Dr+nsqsANJgRJHjob6NlL1Tfeq
1IdiE2pLmenV9J9LhAvaOaOKYxBAofRCXau9Tei1cT8OGNAq6K9yDIf0LUyCfXx4
01O58w47jJJbd68BXcp8bAt8HJfJvY3nJVtb7xjanx/HUaqgkuGWt1+NupjE/ik8
GUHzDIN4zOfmp1+o6b+23Ck884sCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBTTXX1U
zn5FnqseqjXYRSDUs3yPoTAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NjE2Mi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
rbgwDQYJKoZIhvcNAQELBQADggEBAHAVAl4aoPZ9zzcyyNPWuejBQqi839hPZXbY
WNKdW6QByWvrV+AtVPvrtMJQXEqqcFwHXr6ofAI1sK2d+FHbhtd8h5AxUEGIlzPm
ItOK5NnJxhZdqbCO7q9wRkdXAc58CXeSTHpILe8jhRmnKrFvaL/DB6Xy9qyzhUH0
rxSa4G41a1XFbjuRuKKrBV2MM9U3pEn9kKze3Q9u90d9JovrsHD219+OmBijur57
iCQzsms71GrJU5i3JgwtoF3WSlHD2KWPkTv55RVtTJ+T1XKEQmilmQt0TA6izogN
nLf0XZIobcFlyew4I7I1MHF1EhLjkD7a/h7iSgaF2Hn+o8EWl3w=
-----END CERTIFICATE-----