Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS146304.roa
File:                     AS146304.roa (raw, json)
Hash identifier:          yU/TmbV4qUEm5AskhcHGNsgtC7KrwQKggJWB12oIWFE=
Subject key identifier:   A5:A1:F1:D4:DC:F9:A1:16:7D:A4:37:C1:D6:5C:8D:C9:DB:ED:50:48
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       30255A528FB3C44829459F284620EE241C13569F
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS146304.roa
Signing time:             Wed 04 Mar 2026 06:34:42 +0000
ROA not before:           Wed 04 Mar 2026 06:29:42 +0000
ROA not after:            Wed 03 Mar 2027 06:34:42 +0000
asID:                     146304
IP address blocks:        240a:ae46::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            30:25:5a:52:8f:b3:c4:48:29:45:9f:28:46:20:ee:24:1c:13:56:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:29:42 2026 GMT
            Not After : Mar  3 06:34:42 2027 GMT
        Subject: CN=A5A1F1D4DCF9A1167DA437C1D65C8DC9DBED5048
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:85:fc:2d:f8:42:85:05:72:fe:b0:96:5a:09:
                    b6:79:ea:ab:8d:f7:7a:6c:a3:01:ef:20:1a:f0:16:
                    e5:a0:95:ef:52:aa:8a:4f:24:82:e9:df:fc:cc:3b:
                    c9:f8:ba:3a:ac:d8:39:8c:6c:e2:4c:ff:b4:f8:bf:
                    0d:77:b8:47:1e:94:4f:49:b2:42:cf:e8:7e:be:e4:
                    cf:5d:b8:fd:b0:57:92:84:1a:0a:be:00:a4:18:46:
                    56:31:ce:d9:4e:23:2d:97:50:6f:48:ac:2c:68:6a:
                    45:72:7a:fa:97:0a:38:37:dd:ba:cc:25:4e:a4:85:
                    39:8b:74:d3:e8:da:20:60:70:f1:89:4b:0f:db:4a:
                    99:a1:de:f6:9d:45:54:4a:54:26:77:3d:7d:16:fd:
                    a1:f5:eb:61:f0:f2:7e:b9:4d:00:0d:75:0b:8d:d2:
                    af:7a:45:7f:0b:6c:95:9d:53:14:78:d0:70:13:61:
                    96:1a:37:b8:cc:e8:62:c1:fb:38:63:c4:93:0f:15:
                    da:10:6c:c1:b1:77:a0:90:96:41:44:70:e1:8d:73:
                    c3:e5:46:25:54:e6:37:4b:90:47:fa:57:26:ee:9f:
                    59:5f:12:f3:a4:6c:74:9e:7f:e2:9e:42:8c:71:5e:
                    2d:4a:7e:d7:fa:ce:35:6c:52:4f:c5:c5:57:44:1e:
                    80:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:A1:F1:D4:DC:F9:A1:16:7D:A4:37:C1:D6:5C:8D:C9:DB:ED:50:48
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS146304.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:ae46::/32

    Signature Algorithm: sha256WithRSAEncryption
         b8:8b:98:74:2e:3e:cd:0e:a7:57:f1:5a:d3:95:4c:ef:cb:bb:
         af:b6:af:ed:39:9c:95:ba:62:1a:2b:04:e8:5f:60:9b:a7:c9:
         bd:5b:d4:25:fc:a2:07:49:d0:e8:f3:c6:57:ba:bc:70:8f:e2:
         48:11:da:ae:94:54:3b:8c:a8:f5:1e:c9:ad:67:7e:99:5f:03:
         c1:e7:b4:b8:8b:ac:57:32:b4:bb:43:0f:6c:d1:3d:da:35:dc:
         c4:b0:19:fb:33:fe:c3:99:75:ac:04:1d:92:0f:3c:a2:b1:b4:
         75:5d:ac:dc:62:3e:49:18:a3:c2:8e:af:d1:02:7c:ff:2f:c2:
         d3:58:76:7e:65:56:5b:34:60:bc:3f:bb:fd:ad:a9:d1:f5:7d:
         db:22:6c:93:dc:78:44:19:5a:e6:fd:e9:46:c5:be:b7:91:9a:
         2c:1d:54:7c:42:09:9b:cc:a4:6f:1b:13:0f:85:7b:3a:47:70:
         e1:ac:61:15:bf:c0:e6:3e:03:45:6a:c8:76:fa:76:80:fb:75:
         e4:84:34:64:e9:6d:74:e2:f8:8b:1c:98:7f:36:05:70:48:d8:
         41:b2:e9:22:32:c6:ec:5e:4d:c6:2c:3c:08:28:fb:09:37:d5:
         8d:76:bf:a0:0a:ef:4e:c5:34:0f:53:2a:dd:ec:cd:65:ff:ca:
         32:4a:df:8a
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUMCVaUo+zxEgpRZ8oRiDuJBwTVp8wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2Mjk0MloX
DTI3MDMwMzA2MzQ0MlowMzExMC8GA1UEAxMoQTVBMUYxRDREQ0Y5QTExNjdEQTQz
N0MxRDY1QzhEQzlEQkVENTA0ODCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALiF/C34QoUFcv6wlloJtnnqq433emyjAe8gGvAW5aCV71Kqik8kgunf/Mw7
yfi6OqzYOYxs4kz/tPi/DXe4Rx6UT0myQs/ofr7kz124/bBXkoQaCr4ApBhGVjHO
2U4jLZdQb0isLGhqRXJ6+pcKODfduswlTqSFOYt00+jaIGBw8YlLD9tKmaHe9p1F
VEpUJnc9fRb9ofXrYfDyfrlNAA11C43Sr3pFfwtslZ1TFHjQcBNhlho3uMzoYsH7
OGPEkw8V2hBswbF3oJCWQURw4Y1zw+VGJVTmN0uQR/pXJu6fWV8S86RsdJ5/4p5C
jHFeLUp+1/rONWxST8XFV0QegHsCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBSlofHU
3PmhFn2kN8HWXI3J2+1QSDAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NjMwNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
rkYwDQYJKoZIhvcNAQELBQADggEBALiLmHQuPs0Op1fxWtOVTO/Lu6+2r+05nJW6
YhorBOhfYJunyb1b1CX8ogdJ0Ojzxle6vHCP4kgR2q6UVDuMqPUeya1nfplfA8Hn
tLiLrFcytLtDD2zRPdo13MSwGfsz/sOZdawEHZIPPKKxtHVdrNxiPkkYo8KOr9EC
fP8vwtNYdn5lVls0YLw/u/2tqdH1fdsibJPceEQZWub96UbFvreRmiwdVHxCCZvM
pG8bEw+FezpHcOGsYRW/wOY+A0VqyHb6doD7deSENGTpbXTi+IscmH82BXBI2EGy
6SIyxuxeTcYsPAgo+wk31Y12v6AK707FNA9TKt3szWX/yjJK34o=
-----END CERTIFICATE-----