Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS146256.roa
File:                     AS146256.roa (raw, json)
Hash identifier:          n5mFpFgR233Y5muL/k3QpapLbIYE1MRF0UsCmmbm/Ec=
Subject key identifier:   78:6B:00:C7:67:F8:44:EA:6B:B4:35:04:C4:1E:07:56:FF:93:70:70
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       116EE5427D5EFE02F57F2E31A11D65A8B52D9D6B
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS146256.roa
Signing time:             Wed 04 Mar 2026 06:35:04 +0000
ROA not before:           Wed 04 Mar 2026 06:30:04 +0000
ROA not after:            Wed 03 Mar 2027 06:35:04 +0000
asID:                     146256
IP address blocks:        240a:ae16::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:6e:e5:42:7d:5e:fe:02:f5:7f:2e:31:a1:1d:65:a8:b5:2d:9d:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:30:04 2026 GMT
            Not After : Mar  3 06:35:04 2027 GMT
        Subject: CN=786B00C767F844EA6BB43504C41E0756FF937070
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:0a:b5:3a:d9:5a:6c:c0:aa:58:21:d0:f0:31:
                    6f:5d:54:4f:ad:e9:74:06:45:f1:d8:3b:a6:56:78:
                    f6:c7:eb:f4:92:ac:85:3a:88:7e:7e:e6:de:25:fb:
                    de:82:16:39:6e:23:ac:1f:ed:7f:23:0f:1c:5c:27:
                    6f:ef:fa:21:a3:9a:86:67:47:c9:4c:da:af:61:fc:
                    7d:ce:6b:8a:0a:bf:07:1e:dc:7e:12:a3:ab:30:ea:
                    8a:08:b3:d2:d7:d6:4d:d7:91:28:00:ff:0d:5c:a5:
                    e4:c8:2d:cb:49:de:c1:14:45:c3:d8:d5:17:7f:cf:
                    c7:db:21:c5:fb:d8:3d:c9:3c:90:d3:98:ed:48:4c:
                    b2:90:24:7a:6e:33:3f:fa:cd:88:46:8b:14:3a:1d:
                    47:ff:b6:37:67:16:0f:5c:12:dd:51:f6:cd:86:50:
                    2d:54:c4:3a:af:77:23:93:a7:c0:27:27:a4:98:49:
                    7f:b9:ba:4f:f2:c2:90:0d:52:d5:fe:05:87:99:9e:
                    e6:23:0c:fa:02:ad:05:2e:c1:90:33:2d:03:9d:81:
                    0f:03:29:c0:01:86:eb:d8:20:08:1e:06:60:d2:0f:
                    d6:89:b2:55:b9:a9:3e:de:54:74:10:2e:61:47:a3:
                    bf:9b:81:99:af:f8:e3:be:9e:f4:7a:02:27:43:4e:
                    e6:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:6B:00:C7:67:F8:44:EA:6B:B4:35:04:C4:1E:07:56:FF:93:70:70
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS146256.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:ae16::/32

    Signature Algorithm: sha256WithRSAEncryption
         9a:52:1a:53:23:7c:8d:27:8e:06:84:2b:14:2e:f1:12:8e:25:
         6d:53:1b:cb:67:69:70:d2:5a:60:51:6a:6c:1b:eb:23:3f:90:
         00:30:48:b0:ac:4a:e9:4c:26:26:fc:9d:95:b0:21:62:bc:61:
         24:4d:11:84:7e:5d:13:49:e0:31:26:75:c8:ad:60:50:0c:47:
         86:84:64:03:a0:b8:e8:ef:49:d7:09:ef:c7:51:cc:3b:fe:64:
         3f:83:b9:ba:fd:de:89:f8:5d:3e:95:10:65:2d:90:3d:cf:5d:
         3c:56:b2:3f:2d:d3:e6:51:68:62:a1:25:95:72:ca:4e:96:2c:
         3e:85:a4:34:d5:60:99:63:a8:18:1f:7e:83:a6:6c:cd:60:09:
         44:ed:52:79:4d:d1:1e:b4:71:a9:69:e7:c5:09:0b:02:74:f2:
         b4:c3:4f:5b:d9:db:51:f4:f8:a8:a0:c7:6f:3f:c1:90:a6:e2:
         01:ca:94:53:29:e1:11:fb:9c:a4:cf:d2:8b:76:6c:32:95:61:
         ca:05:90:f8:65:f1:38:4d:ce:60:d0:ec:ff:9b:41:d2:1f:52:
         1f:a5:33:da:d5:3c:9d:ac:2c:4c:75:6f:bc:8f:32:d0:c3:2a:
         c1:5e:06:9f:ba:a7:cf:73:32:23:84:bf:47:3e:e4:55:70:14:
         bb:05:8f:c4
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUEW7lQn1e/gL1fy4xoR1lqLUtnWswDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MzAwNFoX
DTI3MDMwMzA2MzUwNFowMzExMC8GA1UEAxMoNzg2QjAwQzc2N0Y4NDRFQTZCQjQz
NTA0QzQxRTA3NTZGRjkzNzA3MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKoKtTrZWmzAqlgh0PAxb11UT63pdAZF8dg7plZ49sfr9JKshTqIfn7m3iX7
3oIWOW4jrB/tfyMPHFwnb+/6IaOahmdHyUzar2H8fc5rigq/Bx7cfhKjqzDqigiz
0tfWTdeRKAD/DVyl5Mgty0newRRFw9jVF3/Px9shxfvYPck8kNOY7UhMspAkem4z
P/rNiEaLFDodR/+2N2cWD1wS3VH2zYZQLVTEOq93I5OnwCcnpJhJf7m6T/LCkA1S
1f4Fh5me5iMM+gKtBS7BkDMtA52BDwMpwAGG69ggCB4GYNIP1omyVbmpPt5UdBAu
YUejv5uBma/4476e9HoCJ0NO5r0CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBR4awDH
Z/hE6mu0NQTEHgdW/5NwcDAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NjI1Ni5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
rhYwDQYJKoZIhvcNAQELBQADggEBAJpSGlMjfI0njgaEKxQu8RKOJW1TG8tnaXDS
WmBRamwb6yM/kAAwSLCsSulMJib8nZWwIWK8YSRNEYR+XRNJ4DEmdcitYFAMR4aE
ZAOguOjvSdcJ78dRzDv+ZD+Dubr93on4XT6VEGUtkD3PXTxWsj8t0+ZRaGKhJZVy
yk6WLD6FpDTVYJljqBgffoOmbM1gCUTtUnlN0R60calp58UJCwJ08rTDT1vZ21H0
+Kigx28/wZCm4gHKlFMp4RH7nKTP0ot2bDKVYcoFkPhl8ThNzmDQ7P+bQdIfUh+l
M9rVPJ2sLEx1b7yPMtDDKsFeBp+6p89zMiOEv0c+5FVwFLsFj8Q=
-----END CERTIFICATE-----