Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS146187.roa
File:                     AS146187.roa (raw, json)
Hash identifier:          cLOeK9t5kD2ehOp+ZWRJiQTFJcDL+iM5NsvIz4dpAYo=
Subject key identifier:   C4:4C:A5:80:CE:E3:26:A4:67:63:4E:AD:52:29:CB:FF:51:6A:3C:A2
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       17B7F5C7F835D0FE6CBE3E2C633D84C2E2E214A6
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS146187.roa
Signing time:             Wed 04 Mar 2026 06:34:09 +0000
ROA not before:           Wed 04 Mar 2026 06:29:09 +0000
ROA not after:            Wed 03 Mar 2027 06:34:09 +0000
asID:                     146187
IP address blocks:        240a:add1::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:b7:f5:c7:f8:35:d0:fe:6c:be:3e:2c:63:3d:84:c2:e2:e2:14:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:29:09 2026 GMT
            Not After : Mar  3 06:34:09 2027 GMT
        Subject: CN=C44CA580CEE326A467634EAD5229CBFF516A3CA2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:0a:bc:07:f7:2d:09:e4:76:02:33:ac:d2:a7:
                    df:79:d6:16:0b:b3:ed:85:d4:4b:86:c3:56:ea:b3:
                    75:20:e3:a3:e2:2e:60:bc:52:e3:3b:27:a8:e4:78:
                    15:67:ba:b4:ef:5e:f4:f1:a3:7c:26:48:d9:cd:90:
                    53:6f:2b:0b:41:94:cb:74:9c:bb:da:07:57:4c:cb:
                    27:9c:bf:10:92:6a:d6:52:99:74:bb:7e:6f:cb:82:
                    80:b8:e4:5c:8a:47:90:7a:17:28:e5:6e:be:eb:95:
                    77:33:8f:0b:3f:e1:9f:12:14:d9:a8:9e:82:0a:62:
                    ff:2f:ea:67:9c:3d:02:e4:8c:23:0a:9e:df:b3:fa:
                    3e:3a:c7:38:02:56:b4:b1:86:4c:c3:d8:60:8d:77:
                    d2:3e:2d:21:4a:6c:c9:9c:f8:ce:a8:1b:a5:36:ff:
                    67:4d:1b:2e:f4:67:7e:5c:80:f6:34:08:d6:82:3b:
                    ca:fc:16:ee:eb:e1:c0:25:a5:81:4d:09:aa:ee:71:
                    f3:a9:c4:f1:92:8e:ca:65:2b:75:26:9d:4f:6c:1a:
                    b9:e3:4d:ba:14:31:6d:9f:12:03:39:df:93:87:a4:
                    cd:4d:2c:3b:f1:75:09:1b:b9:12:14:53:be:70:c7:
                    35:31:32:34:52:5b:76:6a:46:97:ae:3d:6b:ea:eb:
                    3e:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:4C:A5:80:CE:E3:26:A4:67:63:4E:AD:52:29:CB:FF:51:6A:3C:A2
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS146187.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:add1::/32

    Signature Algorithm: sha256WithRSAEncryption
         9d:94:f4:2f:57:e3:25:df:c7:f8:6a:e0:57:00:e6:a6:0e:87:
         9e:ea:1a:82:76:f3:a4:5b:71:04:fc:99:c5:f8:9e:f5:39:f6:
         34:81:15:7c:96:67:d4:aa:24:8e:7c:a6:d4:8d:da:73:40:9a:
         36:20:c6:a0:3b:07:37:66:c9:1d:6f:a1:27:03:34:11:fe:18:
         41:2d:3f:10:7c:dc:38:c6:3e:4d:d2:9b:2d:a4:28:c3:e4:77:
         95:23:99:d5:2b:88:a2:19:40:9d:15:41:4e:16:a9:3a:fb:f2:
         26:b0:dc:1f:45:80:15:c7:dc:32:a5:d9:46:da:3d:e1:d3:77:
         2d:04:74:7d:03:7a:7c:20:6f:f3:f9:cf:14:bb:6c:26:47:8a:
         a7:13:b9:39:25:34:fe:97:b4:8a:d2:c6:4f:70:8d:bc:92:1b:
         25:d5:ac:94:bc:1a:1e:72:97:4c:76:e1:47:0b:f3:5d:05:f2:
         60:f6:25:cf:a3:f6:d9:57:9e:53:7a:4a:ec:c1:6f:d0:83:c9:
         51:49:6a:2e:f5:d7:86:cc:fc:28:f3:80:09:c3:ef:97:87:51:
         50:cd:5d:dd:f5:bb:e6:42:46:4a:b7:7a:50:27:01:c8:a1:a4:
         f1:8d:d4:87:8e:d9:bf:3e:3a:1f:c2:89:c0:c2:d5:fd:77:6e:
         80:9d:98:5b
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUF7f1x/g10P5svj4sYz2EwuLiFKYwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MjkwOVoX
DTI3MDMwMzA2MzQwOVowMzExMC8GA1UEAxMoQzQ0Q0E1ODBDRUUzMjZBNDY3NjM0
RUFENTIyOUNCRkY1MTZBM0NBMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALgKvAf3LQnkdgIzrNKn33nWFguz7YXUS4bDVuqzdSDjo+IuYLxS4zsnqOR4
FWe6tO9e9PGjfCZI2c2QU28rC0GUy3Scu9oHV0zLJ5y/EJJq1lKZdLt+b8uCgLjk
XIpHkHoXKOVuvuuVdzOPCz/hnxIU2aieggpi/y/qZ5w9AuSMIwqe37P6PjrHOAJW
tLGGTMPYYI130j4tIUpsyZz4zqgbpTb/Z00bLvRnflyA9jQI1oI7yvwW7uvhwCWl
gU0Jqu5x86nE8ZKOymUrdSadT2waueNNuhQxbZ8SAznfk4ekzU0sO/F1CRu5EhRT
vnDHNTEyNFJbdmpGl649a+rrPpcCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBTETKWA
zuMmpGdjTq1SKcv/UWo8ojAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NjE4Ny5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
rdEwDQYJKoZIhvcNAQELBQADggEBAJ2U9C9X4yXfx/hq4FcA5qYOh57qGoJ286Rb
cQT8mcX4nvU59jSBFXyWZ9SqJI58ptSN2nNAmjYgxqA7BzdmyR1voScDNBH+GEEt
PxB83DjGPk3Smy2kKMPkd5UjmdUriKIZQJ0VQU4WqTr78iaw3B9FgBXH3DKl2Uba
PeHTdy0EdH0Denwgb/P5zxS7bCZHiqcTuTklNP6XtIrSxk9wjbySGyXVrJS8Gh5y
l0x24UcL810F8mD2Jc+j9tlXnlN6SuzBb9CDyVFJai7114bM/CjzgAnD75eHUVDN
Xd31u+ZCRkq3elAnAcihpPGN1IeO2b8+Oh/CicDC1f13boCdmFs=
-----END CERTIFICATE-----