Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS146183.roa
File:                     AS146183.roa (raw, json)
Hash identifier:          cNaGYdbyd7qkuSJpGNsxEMR/S11DNkQ5X4L6o9RzOGw=
Subject key identifier:   DD:24:AC:AD:9B:FF:97:83:26:47:43:A4:02:E5:4A:09:3A:A5:B8:91
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       4F798E472583CE2615D06FC92295A84E7212115F
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS146183.roa
Signing time:             Wed 04 Mar 2026 06:34:11 +0000
ROA not before:           Wed 04 Mar 2026 06:29:11 +0000
ROA not after:            Wed 03 Mar 2027 06:34:11 +0000
asID:                     146183
IP address blocks:        240a:adcd::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4f:79:8e:47:25:83:ce:26:15:d0:6f:c9:22:95:a8:4e:72:12:11:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:29:11 2026 GMT
            Not After : Mar  3 06:34:11 2027 GMT
        Subject: CN=DD24ACAD9BFF9783264743A402E54A093AA5B891
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:80:b4:d7:bd:fd:a9:c6:b4:1f:78:b7:d2:53:
                    69:7c:97:b3:35:0d:34:db:39:e3:78:97:37:84:be:
                    6c:a0:f3:94:2c:ad:d4:0d:49:11:0c:37:03:ef:29:
                    a3:75:2f:25:18:75:a9:4b:8c:a9:1e:f2:54:08:ba:
                    e0:61:10:bb:6e:76:92:2d:81:46:66:f4:bf:43:8a:
                    47:e0:6c:9d:5d:9f:02:d3:46:1d:b4:44:e1:7f:b6:
                    73:72:1f:de:06:94:d6:f2:b3:9c:2a:5d:9b:a1:f9:
                    28:13:ac:a8:52:81:85:88:40:d3:2a:78:00:fa:08:
                    95:28:fd:42:23:ac:60:f5:0d:e7:67:1e:15:4d:90:
                    70:6d:26:ef:07:f5:d5:e2:91:f9:1a:e3:79:9b:2b:
                    6d:8c:c2:af:63:10:55:5b:bf:b7:bb:68:89:b4:cc:
                    cf:2e:21:a9:b5:e9:61:da:7b:94:32:0d:a6:38:7c:
                    07:8c:49:8b:13:95:55:cb:83:be:22:72:d7:2b:d8:
                    04:dc:1d:97:78:07:3f:6e:4d:d9:1e:cb:b2:17:8f:
                    60:eb:f4:a5:c1:ee:c1:f0:6b:b2:01:5f:96:fb:38:
                    0f:e1:5a:94:d0:f3:75:aa:a9:a9:82:39:7c:bc:af:
                    67:aa:29:f2:90:28:60:2c:8d:b7:b4:01:4c:92:a0:
                    74:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:24:AC:AD:9B:FF:97:83:26:47:43:A4:02:E5:4A:09:3A:A5:B8:91
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS146183.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:adcd::/32

    Signature Algorithm: sha256WithRSAEncryption
         2b:98:49:f7:a9:94:f9:89:99:4e:1a:4b:95:ab:bd:a2:16:65:
         d7:2e:f1:12:ab:aa:d4:fb:f2:99:2c:00:ec:05:04:11:a2:e9:
         c3:07:60:75:a1:38:2c:f0:55:3b:4d:0b:86:9e:7d:d3:64:52:
         b0:25:c8:31:ec:2e:46:0e:92:c2:6a:a2:24:6a:e3:10:a1:d5:
         88:3e:2f:8c:0f:e7:74:4e:73:a8:8f:ce:e8:1c:9a:b5:37:9b:
         24:ea:06:94:ef:85:cd:e4:ee:d7:6e:33:52:36:ca:5d:60:99:
         ed:48:14:c9:c6:25:41:54:52:9e:8f:eb:58:18:87:a9:ae:c9:
         91:90:41:2b:10:5b:15:16:52:0d:6c:1f:8d:29:84:3e:a2:31:
         61:8e:47:bd:32:6c:d7:ee:3d:a3:7d:f6:33:24:28:13:11:e0:
         47:d3:e5:74:1b:36:cb:82:00:33:a5:00:db:77:c7:86:35:ba:
         c1:09:26:3c:2a:ab:c6:5d:50:b7:e0:f8:de:84:51:32:bb:5c:
         a2:35:8a:1a:87:e0:33:6b:5f:e3:01:1f:75:2c:4f:d2:61:7c:
         30:0a:e4:ea:9d:a0:e3:7f:9b:47:36:78:e1:4b:66:ea:75:40:
         f8:db:4d:e1:e7:d8:13:57:7e:53:a6:69:8e:27:3a:b1:f3:b7:
         e5:e9:2b:f9
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUT3mORyWDziYV0G/JIpWoTnISEV8wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MjkxMVoX
DTI3MDMwMzA2MzQxMVowMzExMC8GA1UEAxMoREQyNEFDQUQ5QkZGOTc4MzI2NDc0
M0E0MDJFNTRBMDkzQUE1Qjg5MTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALyAtNe9/anGtB94t9JTaXyXszUNNNs543iXN4S+bKDzlCyt1A1JEQw3A+8p
o3UvJRh1qUuMqR7yVAi64GEQu252ki2BRmb0v0OKR+BsnV2fAtNGHbRE4X+2c3If
3gaU1vKznCpdm6H5KBOsqFKBhYhA0yp4APoIlSj9QiOsYPUN52ceFU2QcG0m7wf1
1eKR+RrjeZsrbYzCr2MQVVu/t7toibTMzy4hqbXpYdp7lDINpjh8B4xJixOVVcuD
viJy1yvYBNwdl3gHP25N2R7LshePYOv0pcHuwfBrsgFflvs4D+FalNDzdaqpqYI5
fLyvZ6op8pAoYCyNt7QBTJKgdCECAwEAAaOCAcUwggHBMB0GA1UdDgQWBBTdJKyt
m/+XgyZHQ6QC5UoJOqW4kTAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NjE4My5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
rc0wDQYJKoZIhvcNAQELBQADggEBACuYSfeplPmJmU4aS5WrvaIWZdcu8RKrqtT7
8pksAOwFBBGi6cMHYHWhOCzwVTtNC4aefdNkUrAlyDHsLkYOksJqoiRq4xCh1Yg+
L4wP53ROc6iPzugcmrU3myTqBpTvhc3k7tduM1I2yl1gme1IFMnGJUFUUp6P61gY
h6muyZGQQSsQWxUWUg1sH40phD6iMWGOR70ybNfuPaN99jMkKBMR4EfT5XQbNsuC
ADOlANt3x4Y1usEJJjwqq8ZdULfg+N6EUTK7XKI1ihqH4DNrX+MBH3UsT9JhfDAK
5OqdoON/m0c2eOFLZup1QPjbTeHn2BNXflOmaY4nOrHzt+XpK/k=
-----END CERTIFICATE-----