Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS146284.roa
File:                     AS146284.roa (raw, json)
Hash identifier:          FQJHzEo0wGANgmlmlcpW1aAEO1MJj1vsf+d7tXUREkw=
Subject key identifier:   F2:51:4E:83:C7:02:E2:AB:B8:CA:6A:97:F7:69:E1:F4:86:8E:E4:3F
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       081EBF661BD83319A46A8A4F3AD81F4146EDE893
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS146284.roa
Signing time:             Wed 04 Mar 2026 06:34:14 +0000
ROA not before:           Wed 04 Mar 2026 06:29:14 +0000
ROA not after:            Wed 03 Mar 2027 06:34:14 +0000
asID:                     146284
IP address blocks:        240a:ae32::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            08:1e:bf:66:1b:d8:33:19:a4:6a:8a:4f:3a:d8:1f:41:46:ed:e8:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:29:14 2026 GMT
            Not After : Mar  3 06:34:14 2027 GMT
        Subject: CN=F2514E83C702E2ABB8CA6A97F769E1F4868EE43F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:d8:a0:69:72:67:6a:25:fb:7d:5c:49:52:40:
                    9a:d2:04:96:2a:05:e3:e8:33:74:f6:54:6b:23:9d:
                    fd:c0:95:f6:d6:00:4d:33:ee:be:31:c8:69:9a:2b:
                    b0:03:6a:c2:b5:ae:a8:ff:78:ca:cc:d8:66:37:d0:
                    e7:70:5d:cd:d5:fb:11:16:7e:09:bd:51:12:2d:97:
                    f1:ba:4d:29:d5:dc:94:6a:de:1d:27:20:84:06:63:
                    ee:bc:4e:8d:a3:1a:ed:7a:bf:c7:31:cc:28:60:eb:
                    6d:ef:1c:6c:d4:10:78:d3:04:91:64:de:bf:04:2e:
                    e6:47:8d:b9:12:68:cb:93:04:3f:58:70:e6:da:09:
                    88:1f:44:25:dd:c1:f7:cf:4d:77:ba:e7:24:6b:0e:
                    de:0f:c5:d3:07:73:ac:cf:98:f8:68:4e:af:87:17:
                    4d:93:c4:11:a9:08:b4:5a:cf:71:71:aa:70:0e:ea:
                    07:ad:00:86:8f:d4:23:f0:a4:41:8d:71:c1:d3:2b:
                    31:21:e1:da:5c:3c:1b:2b:7d:fa:61:db:a7:ba:17:
                    2d:b4:76:9e:24:57:7b:93:b8:45:8b:1e:26:8f:20:
                    f2:20:98:aa:d9:7d:46:5e:f0:f8:49:c0:54:6c:68:
                    73:66:9a:db:62:fb:ab:9d:e0:41:85:d9:a5:73:ec:
                    46:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:51:4E:83:C7:02:E2:AB:B8:CA:6A:97:F7:69:E1:F4:86:8E:E4:3F
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS146284.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:ae32::/32

    Signature Algorithm: sha256WithRSAEncryption
         14:09:84:4f:60:0c:8c:74:35:26:25:3d:60:84:5f:d0:df:77:
         e6:24:aa:93:6d:98:3c:a4:cb:c7:df:39:58:07:bc:bd:11:cc:
         2a:77:50:86:f9:2a:cf:6f:64:ca:1f:85:33:35:7d:8a:7c:3d:
         7b:f0:6d:5b:cf:e3:2e:70:47:2d:85:94:ce:ad:c6:a9:14:1c:
         90:63:ba:c5:0c:af:03:d7:84:f8:12:9e:a7:2f:67:67:d2:50:
         58:28:65:96:49:68:93:ba:20:bf:bd:9f:54:59:87:f5:a9:0e:
         18:7c:20:f1:5b:75:69:0d:65:5c:93:5b:cd:36:b7:19:6d:eb:
         db:97:69:e4:17:09:10:a0:51:2b:1b:bc:11:72:87:27:fd:be:
         c4:c8:b8:f7:50:e8:c5:10:6e:e9:11:98:17:86:eb:43:4e:15:
         77:2d:04:cd:28:97:7e:b4:22:87:29:84:00:1f:28:80:81:bc:
         2d:77:80:b3:44:04:3e:0d:22:8e:8a:22:08:43:2c:c9:2e:c4:
         d8:6d:71:73:82:b9:f3:82:a8:1b:0b:0a:2e:e1:6d:3b:97:88:
         1e:58:5b:e2:47:c4:95:bc:5b:5c:9a:05:69:22:2c:d1:42:be:
         c1:5f:12:79:a1:00:57:ff:ea:21:27:dc:34:70:1d:61:5c:77:
         37:fb:30:ca
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUCB6/ZhvYMxmkaopPOtgfQUbt6JMwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MjkxNFoX
DTI3MDMwMzA2MzQxNFowMzExMC8GA1UEAxMoRjI1MTRFODNDNzAyRTJBQkI4Q0E2
QTk3Rjc2OUUxRjQ4NjhFRTQzRjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALjYoGlyZ2ol+31cSVJAmtIElioF4+gzdPZUayOd/cCV9tYATTPuvjHIaZor
sANqwrWuqP94yszYZjfQ53BdzdX7ERZ+Cb1REi2X8bpNKdXclGreHScghAZj7rxO
jaMa7Xq/xzHMKGDrbe8cbNQQeNMEkWTevwQu5keNuRJoy5MEP1hw5toJiB9EJd3B
989Nd7rnJGsO3g/F0wdzrM+Y+GhOr4cXTZPEEakItFrPcXGqcA7qB60Aho/UI/Ck
QY1xwdMrMSHh2lw8Gyt9+mHbp7oXLbR2niRXe5O4RYseJo8g8iCYqtl9Rl7w+EnA
VGxoc2aa22L7q53gQYXZpXPsRncCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBTyUU6D
xwLiq7jKapf3aeH0ho7kPzAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NjI4NC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
rjIwDQYJKoZIhvcNAQELBQADggEBABQJhE9gDIx0NSYlPWCEX9Dfd+YkqpNtmDyk
y8ffOVgHvL0RzCp3UIb5Ks9vZMofhTM1fYp8PXvwbVvP4y5wRy2FlM6txqkUHJBj
usUMrwPXhPgSnqcvZ2fSUFgoZZZJaJO6IL+9n1RZh/WpDhh8IPFbdWkNZVyTW802
txlt69uXaeQXCRCgUSsbvBFyhyf9vsTIuPdQ6MUQbukRmBeG60NOFXctBM0ol360
IocphAAfKICBvC13gLNEBD4NIo6KIghDLMkuxNhtcXOCufOCqBsLCi7hbTuXiB5Y
W+JHxJW8W1yaBWkiLNFCvsFfEnmhAFf/6iEn3DRwHWFcdzf7MMo=
-----END CERTIFICATE-----