Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS146168.roa
File:                     AS146168.roa (raw, json)
Hash identifier:          5kuJ0miBTXuDkHbnTZh9zS4A7qHOQlBRbStjA0Rj57E=
Subject key identifier:   49:4D:AD:07:3A:56:98:54:55:D4:7E:0D:50:FF:43:45:F2:4D:4D:E3
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       3FF44E343170C97317ADD459259C0E93AEA21239
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS146168.roa
Signing time:             Wed 04 Mar 2026 06:33:31 +0000
ROA not before:           Wed 04 Mar 2026 06:28:31 +0000
ROA not after:            Wed 03 Mar 2027 06:33:31 +0000
asID:                     146168
IP address blocks:        240a:adbe::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3f:f4:4e:34:31:70:c9:73:17:ad:d4:59:25:9c:0e:93:ae:a2:12:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:28:31 2026 GMT
            Not After : Mar  3 06:33:31 2027 GMT
        Subject: CN=494DAD073A56985455D47E0D50FF4345F24D4DE3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:8c:28:48:cf:45:f8:a9:63:d3:07:c7:a3:61:
                    61:12:fd:56:02:c4:19:b5:b5:de:57:9f:69:f5:1d:
                    77:32:d7:14:90:60:08:9b:81:b3:76:be:99:61:d4:
                    43:98:ea:5d:20:5c:36:fb:3f:18:1c:2a:02:55:07:
                    f4:fd:97:10:69:f3:0b:e1:b8:97:12:5a:d4:60:ba:
                    2e:14:78:a9:6e:f3:f4:8c:6f:d3:06:16:6c:c0:1d:
                    b5:d6:8e:57:33:97:5c:8d:79:21:06:c8:90:1d:9d:
                    b7:f2:91:91:5f:67:f2:b9:5b:05:20:4f:c1:3c:8c:
                    ac:29:4f:f4:5b:54:ef:39:e2:2c:b2:57:6b:27:be:
                    47:ef:c8:cb:89:aa:a9:06:6a:25:90:1e:1f:40:ff:
                    17:42:cb:cf:a6:88:5c:b9:d2:03:ef:5a:37:df:d3:
                    6d:70:ed:f1:99:39:70:6f:0b:32:be:be:ce:4e:92:
                    bb:58:49:d4:b3:cd:8b:ef:eb:6c:c7:b0:90:95:11:
                    b2:19:e9:b7:a1:1b:ca:50:b2:60:45:77:ba:2b:11:
                    53:38:5f:95:e0:2a:ee:fa:c1:7c:34:01:de:fb:01:
                    ea:15:e0:5c:d2:54:1c:6f:ca:95:b9:90:d6:c1:05:
                    72:7b:e3:01:d4:ff:43:2d:33:33:da:ed:f1:14:b3:
                    2c:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:4D:AD:07:3A:56:98:54:55:D4:7E:0D:50:FF:43:45:F2:4D:4D:E3
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS146168.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:adbe::/32

    Signature Algorithm: sha256WithRSAEncryption
         2c:11:b3:5c:14:16:ed:24:2a:2a:69:81:49:e7:75:be:a3:2d:
         af:5b:be:5d:44:c9:53:3e:cf:db:b5:ec:15:83:7f:3c:27:ee:
         d1:4f:1a:5e:b0:d5:23:05:98:5a:ea:8d:b6:26:43:49:99:87:
         df:a7:23:1c:00:73:ee:54:80:23:a2:1c:36:42:9b:d1:21:f4:
         39:ba:ce:e8:6a:fa:b1:11:0d:d1:28:bb:c6:5c:d7:c7:fd:d7:
         44:a2:f9:41:87:cd:cb:64:50:0d:fc:74:b5:67:64:1d:5a:9b:
         51:8f:3b:bc:f9:c8:16:8d:d6:77:a0:dd:d1:57:18:cc:c9:b7:
         60:83:29:c1:bd:92:b9:66:b0:e8:46:3f:42:1f:a6:76:7c:fd:
         05:5a:17:f3:a7:7e:fc:10:b2:5e:a3:08:0b:44:f3:23:f0:0a:
         9e:f7:36:93:8a:4c:e8:74:ad:98:46:69:0c:e5:88:3b:77:09:
         fc:de:1b:5b:39:fa:f9:0c:09:1d:83:c4:4f:ac:bd:a7:00:a1:
         d4:c2:7c:c4:a2:dd:0d:d8:a7:32:29:63:97:79:08:e7:e5:68:
         e8:ea:2e:29:94:6e:8f:86:03:5c:26:cf:14:93:f1:8a:1e:73:
         99:33:a0:04:56:c6:a6:64:fc:3e:0d:dc:47:16:16:73:15:33:
         91:5f:94:f7
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUP/RONDFwyXMXrdRZJZwOk66iEjkwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MjgzMVoX
DTI3MDMwMzA2MzMzMVowMzExMC8GA1UEAxMoNDk0REFEMDczQTU2OTg1NDU1RDQ3
RTBENTBGRjQzNDVGMjRENERFMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALSMKEjPRfipY9MHx6NhYRL9VgLEGbW13lefafUddzLXFJBgCJuBs3a+mWHU
Q5jqXSBcNvs/GBwqAlUH9P2XEGnzC+G4lxJa1GC6LhR4qW7z9Ixv0wYWbMAdtdaO
VzOXXI15IQbIkB2dt/KRkV9n8rlbBSBPwTyMrClP9FtU7zniLLJXaye+R+/Iy4mq
qQZqJZAeH0D/F0LLz6aIXLnSA+9aN9/TbXDt8Zk5cG8LMr6+zk6Su1hJ1LPNi+/r
bMewkJURshnpt6EbylCyYEV3uisRUzhfleAq7vrBfDQB3vsB6hXgXNJUHG/KlbmQ
1sEFcnvjAdT/Qy0zM9rt8RSzLBsCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBRJTa0H
OlaYVFXUfg1Q/0NF8k1N4zAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NjE2OC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
rb4wDQYJKoZIhvcNAQELBQADggEBACwRs1wUFu0kKippgUnndb6jLa9bvl1EyVM+
z9u17BWDfzwn7tFPGl6w1SMFmFrqjbYmQ0mZh9+nIxwAc+5UgCOiHDZCm9Eh9Dm6
zuhq+rERDdEou8Zc18f910Si+UGHzctkUA38dLVnZB1am1GPO7z5yBaN1neg3dFX
GMzJt2CDKcG9krlmsOhGP0IfpnZ8/QVaF/OnfvwQsl6jCAtE8yPwCp73NpOKTOh0
rZhGaQzliDt3CfzeG1s5+vkMCR2DxE+svacAodTCfMSi3Q3YpzIpY5d5COflaOjq
LimUbo+GA1wmzxST8Yoec5kzoARWxqZk/D4N3EcWFnMVM5FflPc=
-----END CERTIFICATE-----