Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS146163.roa
File:                     AS146163.roa (raw, json)
Hash identifier:          hBlYv3Rf9hQ+6GmPmERK4zAa8CTBZu5HE4BgUnjp0p4=
Subject key identifier:   8F:36:4E:CC:03:C3:0A:56:7F:29:F4:4B:BD:A3:A5:DE:EB:F5:5B:68
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       0C319CD34D774155C46514F35B59109E019DCCFD
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS146163.roa
Signing time:             Wed 04 Mar 2026 06:35:00 +0000
ROA not before:           Wed 04 Mar 2026 06:30:00 +0000
ROA not after:            Wed 03 Mar 2027 06:35:00 +0000
asID:                     146163
IP address blocks:        240a:adb9::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0c:31:9c:d3:4d:77:41:55:c4:65:14:f3:5b:59:10:9e:01:9d:cc:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:30:00 2026 GMT
            Not After : Mar  3 06:35:00 2027 GMT
        Subject: CN=8F364ECC03C30A567F29F44BBDA3A5DEEBF55B68
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:b4:9a:c6:ff:cf:5e:10:5d:08:4f:a1:9a:55:
                    d9:61:96:88:a9:82:51:9c:19:e5:25:dc:34:89:36:
                    6c:b0:2e:7b:6e:bb:b7:c3:b3:fd:55:89:c7:4b:f9:
                    00:69:86:fc:be:4d:dd:7a:51:94:47:19:59:bc:c1:
                    4c:72:a3:be:76:be:fc:54:3d:78:f8:3f:0c:ca:0d:
                    a9:89:09:88:f5:18:45:ee:e6:f5:99:57:e4:8f:26:
                    d9:a3:99:46:5e:03:cc:72:04:c0:9b:80:50:8e:cf:
                    5f:8a:0e:1c:11:b3:ee:c2:54:da:da:9a:13:67:c8:
                    f6:8f:3e:2e:a8:36:f1:45:05:d1:05:1a:d5:5e:17:
                    2e:89:5e:ee:13:fc:c9:85:47:94:d9:c1:95:36:21:
                    89:27:11:99:25:d0:47:66:4c:20:f8:e8:73:22:07:
                    81:31:7c:a9:09:0f:a3:c8:1c:b9:68:08:b5:4d:b3:
                    64:32:01:80:c9:e2:79:fe:92:73:86:3a:ef:93:6f:
                    46:ff:58:73:cb:4f:48:be:bc:ec:0e:8b:ff:b2:e3:
                    94:87:53:19:d4:94:2f:c1:9c:57:f2:63:0c:a8:8e:
                    d2:7e:f7:f8:10:b4:5c:78:e2:75:24:15:c6:23:09:
                    ab:70:93:f7:14:db:70:07:c2:db:b7:ad:f8:95:f1:
                    0a:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:36:4E:CC:03:C3:0A:56:7F:29:F4:4B:BD:A3:A5:DE:EB:F5:5B:68
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS146163.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:adb9::/32

    Signature Algorithm: sha256WithRSAEncryption
         93:02:eb:a2:2e:f9:de:26:ed:21:13:4a:1f:43:35:92:fd:46:
         14:e3:ba:4f:03:99:a3:79:25:4f:af:83:0d:90:06:64:31:62:
         b1:a7:ad:5c:5a:3b:82:21:41:d7:26:9b:b5:d1:81:ce:d1:97:
         5a:45:b4:e7:cc:dc:b3:1f:e1:9d:c1:81:ba:17:1d:2e:c1:b2:
         44:b5:9f:e1:17:3d:aa:ea:ac:ca:a9:8c:5a:78:0f:dd:af:18:
         41:f2:ce:6c:51:77:bb:30:d8:b0:40:bd:08:94:bd:18:37:9a:
         10:15:ef:8f:9c:d7:89:b4:0d:70:13:38:d5:68:ea:b3:65:1d:
         77:1e:65:8f:1d:7c:91:a2:52:49:d6:de:10:ba:f9:a3:d7:42:
         d3:76:2a:73:7f:43:39:3b:94:90:b9:42:2e:b5:18:ae:62:2d:
         a5:eb:26:54:34:6c:60:76:55:92:20:02:6b:86:f8:46:38:fd:
         f3:de:d8:b0:65:3f:2b:4b:21:9a:c3:98:df:ab:75:9e:94:06:
         c5:b9:e2:eb:f8:b4:8d:e4:14:7a:6c:c9:da:0e:6b:d7:ea:5e:
         e9:16:ee:e1:b3:97:ca:f9:ee:2a:c8:58:db:c0:d9:6d:ee:81:
         83:80:1e:18:4a:87:0f:7d:1c:03:28:fa:1b:46:cc:bd:5d:a6:
         51:1a:da:f0
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUDDGc0013QVXEZRTzW1kQngGdzP0wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MzAwMFoX
DTI3MDMwMzA2MzUwMFowMzExMC8GA1UEAxMoOEYzNjRFQ0MwM0MzMEE1NjdGMjlG
NDRCQkRBM0E1REVFQkY1NUI2ODCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJC0msb/z14QXQhPoZpV2WGWiKmCUZwZ5SXcNIk2bLAue267t8Oz/VWJx0v5
AGmG/L5N3XpRlEcZWbzBTHKjvna+/FQ9ePg/DMoNqYkJiPUYRe7m9ZlX5I8m2aOZ
Rl4DzHIEwJuAUI7PX4oOHBGz7sJU2tqaE2fI9o8+Lqg28UUF0QUa1V4XLole7hP8
yYVHlNnBlTYhiScRmSXQR2ZMIPjocyIHgTF8qQkPo8gcuWgItU2zZDIBgMnief6S
c4Y675NvRv9Yc8tPSL687A6L/7LjlIdTGdSUL8GcV/JjDKiO0n73+BC0XHjidSQV
xiMJq3CT9xTbcAfC27et+JXxCv8CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBSPNk7M
A8MKVn8p9Eu9o6Xe6/VbaDAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NjE2My5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
rbkwDQYJKoZIhvcNAQELBQADggEBAJMC66Iu+d4m7SETSh9DNZL9RhTjuk8DmaN5
JU+vgw2QBmQxYrGnrVxaO4IhQdcmm7XRgc7Rl1pFtOfM3LMf4Z3BgboXHS7BskS1
n+EXParqrMqpjFp4D92vGEHyzmxRd7sw2LBAvQiUvRg3mhAV74+c14m0DXATONVo
6rNlHXceZY8dfJGiUknW3hC6+aPXQtN2KnN/Qzk7lJC5Qi61GK5iLaXrJlQ0bGB2
VZIgAmuG+EY4/fPe2LBlPytLIZrDmN+rdZ6UBsW54uv4tI3kFHpsydoOa9fqXukW
7uGzl8r57irIWNvA2W3ugYOAHhhKhw99HAMo+htGzL1dplEa2vA=
-----END CERTIFICATE-----