Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS146312.roa
File:                     AS146312.roa (raw, json)
Hash identifier:          ktU83xb/vHMS8vR1jn/NzaTVY4oH5QY/qvxLpPAvyfc=
Subject key identifier:   69:AD:06:FA:A2:DA:39:ED:F1:1A:C0:13:38:44:FE:E3:C4:33:B5:5E
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       3B26658558BB4DC912FB8776E51F941EE4FAC930
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS146312.roa
Signing time:             Wed 04 Mar 2026 06:33:31 +0000
ROA not before:           Wed 04 Mar 2026 06:28:31 +0000
ROA not after:            Wed 03 Mar 2027 06:33:31 +0000
asID:                     146312
IP address blocks:        240a:ae4e::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3b:26:65:85:58:bb:4d:c9:12:fb:87:76:e5:1f:94:1e:e4:fa:c9:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:28:31 2026 GMT
            Not After : Mar  3 06:33:31 2027 GMT
        Subject: CN=69AD06FAA2DA39EDF11AC0133844FEE3C433B55E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:8a:df:83:f4:9a:10:1d:df:b2:56:91:ea:78:
                    cf:78:a0:a1:5b:92:e1:fb:a2:f0:cd:87:9a:66:78:
                    83:b2:4c:81:07:f2:c6:4f:d9:9b:2a:ab:2e:48:55:
                    cd:ad:cd:87:86:fb:32:b1:ad:e5:74:b4:77:19:df:
                    fe:dc:ce:5f:7f:ed:2b:13:22:64:eb:34:f7:5a:ad:
                    42:e0:83:fb:90:d2:2d:e3:12:36:96:a3:61:67:f0:
                    83:30:f9:e7:a1:4e:7a:cd:07:43:e8:54:db:96:a7:
                    be:67:d6:a4:6a:8a:cb:8c:3b:b5:af:25:96:d9:3e:
                    1c:12:0f:a2:c9:39:fd:26:49:ca:b7:90:f3:d4:96:
                    43:b7:29:42:df:95:22:88:74:eb:9e:73:7e:5c:23:
                    b3:39:ad:f9:64:ee:0a:55:13:b5:e5:41:90:cc:58:
                    63:ae:28:df:e7:ef:ae:7d:bf:c7:3b:a4:bc:51:21:
                    14:d1:c5:1e:cc:a8:f4:73:d0:95:d4:99:28:0e:b1:
                    27:08:4c:c8:0c:23:ab:00:62:92:9b:1a:c6:63:ab:
                    08:f9:c4:b7:e1:a1:34:62:37:9a:3f:07:d7:dc:d8:
                    2c:17:0f:4d:46:27:15:d9:28:17:0d:4d:e9:c9:b9:
                    5f:d6:c7:5a:fc:f2:55:b5:f4:c7:56:8c:20:c1:36:
                    17:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:AD:06:FA:A2:DA:39:ED:F1:1A:C0:13:38:44:FE:E3:C4:33:B5:5E
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS146312.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:ae4e::/32

    Signature Algorithm: sha256WithRSAEncryption
         19:d5:a2:0f:27:e4:00:eb:c1:66:f0:02:9b:57:0e:05:bd:f7:
         e0:f1:29:8e:a9:17:5d:da:75:85:bf:ec:7b:77:8e:02:2c:be:
         e2:12:f9:93:51:ec:ea:ea:dc:60:f1:dc:9b:83:3a:d9:b9:67:
         08:69:36:7d:e9:02:63:5b:f4:dc:4c:40:3c:93:b7:0e:b5:bf:
         67:62:05:9c:47:4a:a1:bf:dc:da:98:2e:de:0c:62:89:a0:94:
         72:54:80:c8:aa:e3:30:53:60:35:e8:3f:3b:d5:ba:8a:90:3a:
         bd:62:25:f2:78:50:54:a0:cf:93:e9:84:ea:71:3a:17:da:8a:
         61:d8:cc:c1:d5:ba:1c:cd:3f:64:32:09:c5:e5:91:8d:aa:3d:
         5b:26:44:88:24:1d:29:5a:83:98:5e:90:90:07:87:96:d4:c4:
         9f:b0:0d:ea:f0:f1:fe:29:81:47:b8:14:de:c5:82:1d:cf:df:
         1c:54:fa:35:a9:92:15:14:93:57:07:44:d8:d4:c4:52:0f:6e:
         7e:d6:05:b6:1b:c6:ec:6b:22:ee:86:d9:44:90:c2:0e:f7:52:
         e9:3d:5c:cc:55:b6:27:25:ea:31:45:96:2a:a6:0c:08:7b:2f:
         c1:ab:eb:9d:76:02:ac:1f:86:f2:0d:b1:9f:72:e0:6a:13:a0:
         bb:b7:ea:c8
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUOyZlhVi7TckS+4d25R+UHuT6yTAwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MjgzMVoX
DTI3MDMwMzA2MzMzMVowMzExMC8GA1UEAxMoNjlBRDA2RkFBMkRBMzlFREYxMUFD
MDEzMzg0NEZFRTNDNDMzQjU1RTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJqK34P0mhAd37JWkep4z3igoVuS4fui8M2HmmZ4g7JMgQfyxk/ZmyqrLkhV
za3Nh4b7MrGt5XS0dxnf/tzOX3/tKxMiZOs091qtQuCD+5DSLeMSNpajYWfwgzD5
56FOes0HQ+hU25anvmfWpGqKy4w7ta8lltk+HBIPosk5/SZJyreQ89SWQ7cpQt+V
Ioh0655zflwjszmt+WTuClUTteVBkMxYY64o3+fvrn2/xzukvFEhFNHFHsyo9HPQ
ldSZKA6xJwhMyAwjqwBikpsaxmOrCPnEt+GhNGI3mj8H19zYLBcPTUYnFdkoFw1N
6cm5X9bHWvzyVbX0x1aMIME2F18CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBRprQb6
oto57fEawBM4RP7jxDO1XjAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NjMxMi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
rk4wDQYJKoZIhvcNAQELBQADggEBABnVog8n5ADrwWbwAptXDgW99+DxKY6pF13a
dYW/7Ht3jgIsvuIS+ZNR7Orq3GDx3JuDOtm5ZwhpNn3pAmNb9NxMQDyTtw61v2di
BZxHSqG/3NqYLt4MYomglHJUgMiq4zBTYDXoPzvVuoqQOr1iJfJ4UFSgz5PphOpx
OhfaimHYzMHVuhzNP2QyCcXlkY2qPVsmRIgkHSlag5hekJAHh5bUxJ+wDerw8f4p
gUe4FN7Fgh3P3xxU+jWpkhUUk1cHRNjUxFIPbn7WBbYbxuxrIu6G2USQwg73Uuk9
XMxVticl6jFFliqmDAh7L8Gr6512AqwfhvINsZ9y4GoToLu36sg=
-----END CERTIFICATE-----