Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS146203.roa
File:                     AS146203.roa (raw, json)
Hash identifier:          NF/ylrZpo9oSvMZfN6qTSyMZKzJPFbUU76gRZfSSFQw=
Subject key identifier:   7F:05:46:F6:C5:C2:BE:1F:81:42:20:D2:D5:0D:5B:06:A5:67:CE:34
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       72632BCF550E132437B7E79B3480159BBFDDD037
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS146203.roa
Signing time:             Wed 04 Mar 2026 06:35:04 +0000
ROA not before:           Wed 04 Mar 2026 06:30:04 +0000
ROA not after:            Wed 03 Mar 2027 06:35:04 +0000
asID:                     146203
IP address blocks:        240a:ade1::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            72:63:2b:cf:55:0e:13:24:37:b7:e7:9b:34:80:15:9b:bf:dd:d0:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:30:04 2026 GMT
            Not After : Mar  3 06:35:04 2027 GMT
        Subject: CN=7F0546F6C5C2BE1F814220D2D50D5B06A567CE34
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:7e:f1:6f:d5:0f:81:96:83:1f:2e:c2:fd:52:
                    bb:1a:0a:28:da:58:08:f1:ac:53:1b:8f:ad:1e:fe:
                    10:42:0c:11:ed:a1:5c:3b:2e:85:c6:bb:c8:f3:0e:
                    de:e5:2c:56:cd:e7:80:8f:2e:21:5d:34:08:08:c3:
                    b4:9d:c8:6c:bf:7f:74:e7:47:19:c7:fc:46:00:db:
                    c0:16:60:85:11:d4:05:94:a5:81:66:ef:77:a3:12:
                    5a:97:c7:94:d1:3a:74:ae:ce:c8:de:83:37:9f:77:
                    27:3d:27:a1:f1:12:2f:ce:ab:12:ba:78:92:52:da:
                    70:c7:12:33:bb:e1:cd:fc:37:74:cc:64:74:3c:94:
                    b2:e7:31:15:a1:a9:83:2f:49:f2:a1:2e:30:47:15:
                    95:2a:c5:f1:a8:2c:fd:da:4a:9a:99:ac:bf:b2:b6:
                    be:10:76:77:3f:5a:e8:13:4b:7a:e0:94:57:c5:e2:
                    b3:98:08:c7:8f:de:6c:b2:f2:ea:a1:b7:14:60:20:
                    b5:3a:44:eb:09:60:39:3c:69:14:fd:6d:6d:a5:99:
                    0d:9e:00:91:12:63:3d:26:4f:e2:4d:9a:89:ad:c1:
                    b4:d4:16:c1:3d:b8:d9:a4:81:55:f2:09:34:a5:5d:
                    0e:1b:e6:9e:ed:56:bc:7a:79:bc:5d:b9:50:b3:af:
                    c5:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:05:46:F6:C5:C2:BE:1F:81:42:20:D2:D5:0D:5B:06:A5:67:CE:34
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS146203.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:ade1::/32

    Signature Algorithm: sha256WithRSAEncryption
         b9:f8:ad:a0:66:f0:eb:ba:6f:bd:13:8d:b1:9d:e9:38:bd:6a:
         1f:ab:bb:0a:ca:f8:36:1b:af:d1:b6:d4:71:1e:36:ab:93:41:
         2f:89:ed:b9:2f:6a:98:dd:c8:7a:41:4e:ec:fa:fa:6b:de:c8:
         9e:ee:9d:2f:7f:c0:5e:fd:21:19:16:21:c0:26:c8:a4:38:41:
         15:6d:a7:0d:fa:1d:79:f4:f7:f4:62:1a:ae:e8:f7:45:86:b6:
         73:6c:82:6e:cd:21:09:96:18:16:f8:7b:65:d9:21:49:1d:97:
         fc:32:b7:86:61:79:33:bb:bf:9e:55:82:2c:e8:af:17:86:36:
         3b:46:3a:c2:c7:8d:60:84:90:f5:34:3e:60:73:21:83:73:00:
         a2:80:d9:f0:8c:62:aa:f5:1b:84:d2:37:43:9a:80:b1:b8:05:
         2a:d0:b7:3e:32:1d:6f:a6:27:2a:bd:19:23:92:42:cc:5a:c2:
         7c:f3:57:a6:cf:ee:5d:88:24:74:0e:a0:0c:01:12:72:d7:89:
         ff:b3:20:25:fe:35:e3:8e:66:88:8c:88:e6:96:ff:48:c2:6a:
         4c:bd:24:82:83:c1:6a:93:52:e0:15:60:9f:3d:2b:af:30:ed:
         3f:ba:8b:2d:25:ee:52:7f:6d:65:ca:06:7f:0e:78:2d:2d:6d:
         92:93:13:69
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUcmMrz1UOEyQ3t+ebNIAVm7/d0DcwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MzAwNFoX
DTI3MDMwMzA2MzUwNFowMzExMC8GA1UEAxMoN0YwNTQ2RjZDNUMyQkUxRjgxNDIy
MEQyRDUwRDVCMDZBNTY3Q0UzNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMl+8W/VD4GWgx8uwv1SuxoKKNpYCPGsUxuPrR7+EEIMEe2hXDsuhca7yPMO
3uUsVs3ngI8uIV00CAjDtJ3IbL9/dOdHGcf8RgDbwBZghRHUBZSlgWbvd6MSWpfH
lNE6dK7OyN6DN593Jz0nofESL86rErp4klLacMcSM7vhzfw3dMxkdDyUsucxFaGp
gy9J8qEuMEcVlSrF8ags/dpKmpmsv7K2vhB2dz9a6BNLeuCUV8Xis5gIx4/ebLLy
6qG3FGAgtTpE6wlgOTxpFP1tbaWZDZ4AkRJjPSZP4k2aia3BtNQWwT242aSBVfIJ
NKVdDhvmnu1WvHp5vF25ULOvxV0CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBR/BUb2
xcK+H4FCINLVDVsGpWfONDAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NjIwMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
reEwDQYJKoZIhvcNAQELBQADggEBALn4raBm8Ou6b70TjbGd6Ti9ah+ruwrK+DYb
r9G21HEeNquTQS+J7bkvapjdyHpBTuz6+mveyJ7unS9/wF79IRkWIcAmyKQ4QRVt
pw36HXn09/RiGq7o90WGtnNsgm7NIQmWGBb4e2XZIUkdl/wyt4ZheTO7v55Vgizo
rxeGNjtGOsLHjWCEkPU0PmBzIYNzAKKA2fCMYqr1G4TSN0OagLG4BSrQtz4yHW+m
Jyq9GSOSQsxawnzzV6bP7l2IJHQOoAwBEnLXif+zICX+NeOOZoiMiOaW/0jCaky9
JIKDwWqTUuAVYJ89K68w7T+6iy0l7lJ/bWXKBn8OeC0tbZKTE2k=
-----END CERTIFICATE-----