Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS146170.roa
File:                     AS146170.roa (raw, json)
Hash identifier:          GapXfYrjkkzOCxzRZTqfbcl08Uk/Tl4RXUHLJcBtD3o=
Subject key identifier:   DB:A5:59:3B:6A:CD:4B:29:A6:0A:3D:FA:B0:24:83:87:AF:74:98:80
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       5182CE92D2E96EAB509CCF78FA7710B3ECD227C5
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS146170.roa
Signing time:             Wed 04 Mar 2026 06:33:47 +0000
ROA not before:           Wed 04 Mar 2026 06:28:47 +0000
ROA not after:            Wed 03 Mar 2027 06:33:47 +0000
asID:                     146170
IP address blocks:        240a:adc0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            51:82:ce:92:d2:e9:6e:ab:50:9c:cf:78:fa:77:10:b3:ec:d2:27:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:28:47 2026 GMT
            Not After : Mar  3 06:33:47 2027 GMT
        Subject: CN=DBA5593B6ACD4B29A60A3DFAB0248387AF749880
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:3b:31:6a:3a:4a:9e:b2:fc:06:75:62:68:81:
                    36:89:3a:38:c9:ce:e1:fe:b5:98:80:10:95:a9:8e:
                    f4:25:41:d8:5f:3b:ce:65:43:70:ff:8b:56:e0:44:
                    96:b7:67:ca:8a:c4:48:27:04:f1:36:03:e5:f9:97:
                    0b:a8:88:a2:03:35:b5:16:f8:ea:cd:51:e4:67:df:
                    a0:be:d2:b2:92:10:62:c3:cf:d1:6b:c3:93:1f:c6:
                    81:d4:23:d5:c4:e9:16:33:8d:a0:38:c3:c6:2a:a4:
                    d9:fb:1d:12:9b:ac:ff:b3:2d:80:25:ea:30:0f:36:
                    b7:3d:87:68:11:19:17:0e:60:6e:7d:ec:52:41:35:
                    f6:68:20:c6:43:78:ab:e0:56:b9:0c:8d:9f:d2:43:
                    1f:f6:09:fc:a8:91:6a:d8:04:1f:11:29:3a:26:2b:
                    f1:83:89:c1:ef:f4:41:c2:f9:e7:1a:a4:56:c9:af:
                    93:d5:a3:99:59:2e:47:0c:51:87:5d:54:ef:59:92:
                    cb:b5:13:32:7a:67:fd:5b:18:16:54:a6:3f:d5:0e:
                    ec:d5:6b:ed:ca:47:79:fa:70:57:0e:46:a3:52:9a:
                    82:29:fb:53:bf:07:eb:13:50:25:a1:dc:05:62:56:
                    e2:a9:92:c0:20:81:13:fd:b1:24:76:59:42:36:ef:
                    a2:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:A5:59:3B:6A:CD:4B:29:A6:0A:3D:FA:B0:24:83:87:AF:74:98:80
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS146170.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:adc0::/32

    Signature Algorithm: sha256WithRSAEncryption
         28:b7:19:3d:f2:08:58:99:74:8e:c8:69:b7:9f:83:6b:ce:99:
         d0:d6:4d:ad:e2:54:e2:05:e8:bd:87:a4:dd:6c:fb:0e:4b:de:
         17:4a:ff:e8:b9:99:d0:8e:85:8c:40:fa:ad:e9:7f:69:03:7c:
         8e:66:f6:fc:f5:47:16:9d:e6:8c:53:61:ad:42:3f:79:cf:8a:
         53:88:37:8a:66:83:f0:20:a7:f7:0e:b4:b0:33:9d:f6:2c:93:
         2e:a9:b6:af:b0:ea:39:76:53:98:83:09:15:1c:c8:84:e5:fd:
         26:44:ae:52:ed:31:d2:7f:57:57:3a:70:11:19:be:56:82:e0:
         6c:f4:f4:77:4d:7a:3b:a6:e6:37:8c:4a:bd:60:78:9a:1d:5b:
         93:ed:cc:69:90:ed:f3:d2:ea:07:cc:7f:73:15:da:6c:77:b7:
         0a:80:83:37:36:77:7d:61:b6:91:6d:55:4e:4f:37:56:f0:28:
         ac:9e:75:7c:0f:e2:a3:94:e1:68:96:4d:0d:ec:2f:0f:66:f8:
         4b:df:d6:99:1f:38:93:eb:b5:f5:16:e1:8d:d0:ec:15:43:52:
         e2:85:b2:15:54:5f:a4:99:1b:77:c7:48:d1:90:f9:1b:f9:57:
         fa:42:79:65:78:04:b5:67:12:78:23:57:96:da:1f:7d:4a:26:
         b0:c2:c8:f8
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUUYLOktLpbqtQnM94+ncQs+zSJ8UwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2Mjg0N1oX
DTI3MDMwMzA2MzM0N1owMzExMC8GA1UEAxMoREJBNTU5M0I2QUNENEIyOUE2MEEz
REZBQjAyNDgzODdBRjc0OTg4MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJU7MWo6Sp6y/AZ1YmiBNok6OMnO4f61mIAQlamO9CVB2F87zmVDcP+LVuBE
lrdnyorESCcE8TYD5fmXC6iIogM1tRb46s1R5GffoL7SspIQYsPP0WvDkx/GgdQj
1cTpFjONoDjDxiqk2fsdEpus/7MtgCXqMA82tz2HaBEZFw5gbn3sUkE19mggxkN4
q+BWuQyNn9JDH/YJ/KiRatgEHxEpOiYr8YOJwe/0QcL55xqkVsmvk9WjmVkuRwxR
h11U71mSy7UTMnpn/VsYFlSmP9UO7NVr7cpHefpwVw5Go1Kagin7U78H6xNQJaHc
BWJW4qmSwCCBE/2xJHZZQjbvoocCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBTbpVk7
as1LKaYKPfqwJIOHr3SYgDAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NjE3MC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
rcAwDQYJKoZIhvcNAQELBQADggEBACi3GT3yCFiZdI7Iabefg2vOmdDWTa3iVOIF
6L2HpN1s+w5L3hdK/+i5mdCOhYxA+q3pf2kDfI5m9vz1Rxad5oxTYa1CP3nPilOI
N4pmg/Agp/cOtLAznfYsky6ptq+w6jl2U5iDCRUcyITl/SZErlLtMdJ/V1c6cBEZ
vlaC4Gz09HdNejum5jeMSr1geJodW5PtzGmQ7fPS6gfMf3MV2mx3twqAgzc2d31h
tpFtVU5PN1bwKKyedXwP4qOU4WiWTQ3sLw9m+Evf1pkfOJPrtfUW4Y3Q7BVDUuKF
shVUX6SZG3fHSNGQ+Rv5V/pCeWV4BLVnEngjV5baH31KJrDCyPg=
-----END CERTIFICATE-----