Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS146329.roa
File:                     AS146329.roa (raw, json)
Hash identifier:          ZqmzvnbkLsXZLmqAbmnh1DnVIslwv1VLMy5H73ZWCBA=
Subject key identifier:   51:D0:8D:91:BA:06:AD:23:9E:DB:3F:92:91:4E:A0:96:06:85:3F:59
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       09BCE18199360C23568FAAF2C2A5E333494E0314
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS146329.roa
Signing time:             Wed 04 Mar 2026 06:33:56 +0000
ROA not before:           Wed 04 Mar 2026 06:28:56 +0000
ROA not after:            Wed 03 Mar 2027 06:33:56 +0000
asID:                     146329
IP address blocks:        240a:ae5f::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            09:bc:e1:81:99:36:0c:23:56:8f:aa:f2:c2:a5:e3:33:49:4e:03:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:28:56 2026 GMT
            Not After : Mar  3 06:33:56 2027 GMT
        Subject: CN=51D08D91BA06AD239EDB3F92914EA09606853F59
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:7c:4f:68:86:49:ba:8e:b1:b9:21:2d:a8:d8:
                    40:4f:fe:aa:7b:6e:eb:60:42:09:68:16:ca:15:73:
                    ab:c7:88:ec:95:9f:f1:43:30:f8:a8:ea:54:90:c5:
                    2e:25:c6:0b:70:ce:98:26:bd:ff:21:8b:f9:e3:0a:
                    a4:38:d3:05:ba:af:ce:5b:67:72:82:68:89:de:f4:
                    31:89:9b:b1:de:26:f2:64:fc:1e:0f:b6:dc:b9:98:
                    11:b8:1f:ac:10:42:40:b8:45:bc:0f:bd:7b:76:5c:
                    cf:5e:6b:1a:04:23:b3:e7:67:e8:64:d1:73:25:5d:
                    da:34:e0:77:4d:2a:a5:b2:1e:07:e5:14:2b:5c:ff:
                    b1:52:df:03:e9:0f:20:f9:b4:d9:45:5f:04:11:db:
                    40:3e:4b:61:b9:8f:f8:0f:9d:63:fd:f3:9d:4b:a3:
                    c6:ad:54:a0:94:55:43:ab:3b:bb:e4:5d:2c:30:5e:
                    7c:46:b0:97:96:5e:63:02:8b:83:24:d2:e4:8a:f1:
                    5a:35:ce:26:d0:80:54:42:f3:65:82:99:c8:e0:cc:
                    93:e3:94:74:03:d6:e2:d2:fc:01:78:33:0d:e0:4a:
                    c2:cd:36:9c:43:56:a1:b5:82:b3:cf:41:3d:ea:cd:
                    30:ce:6c:84:a4:a1:55:d9:35:68:c1:56:39:c0:11:
                    8a:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:D0:8D:91:BA:06:AD:23:9E:DB:3F:92:91:4E:A0:96:06:85:3F:59
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS146329.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:ae5f::/32

    Signature Algorithm: sha256WithRSAEncryption
         b8:a0:23:15:fa:c4:93:85:9a:9c:77:e5:9a:90:e6:4f:d7:8a:
         77:18:b8:8c:16:01:7f:f8:68:3e:25:a9:49:c2:65:12:ce:77:
         38:63:ea:91:96:e7:59:86:e0:5d:3d:06:60:a4:a3:21:c2:41:
         b7:89:8c:aa:05:db:df:ab:a6:88:46:e7:73:dd:d1:be:24:e4:
         c0:11:bb:62:8c:3e:0d:ff:2f:b5:4e:d3:d6:30:b9:0b:a4:f6:
         f9:4b:13:29:0f:1c:c0:64:cd:16:42:a1:06:6b:9f:08:1c:f0:
         2b:b2:1c:99:3b:02:e2:04:dd:86:79:87:27:fc:21:c0:7f:87:
         39:d7:ad:5a:5e:cd:e3:26:61:7f:d8:67:e3:17:2f:4c:09:01:
         d3:e3:f8:a5:f7:2c:0b:cb:17:79:d5:31:30:5d:6a:0a:ff:61:
         9a:cb:44:f1:df:93:92:25:64:aa:89:99:fa:81:3a:8d:fe:68:
         62:61:71:53:94:fe:31:ab:d6:45:9d:53:cf:9f:4d:8b:79:82:
         da:cc:1e:d9:d7:cd:3c:5e:64:50:d2:9c:13:3d:d3:ca:e1:51:
         36:46:cd:86:c1:b6:e5:f3:61:98:8e:7f:38:bb:6c:45:aa:74:
         a6:e3:98:85:8c:01:e2:ce:56:8d:7d:bd:2c:2d:97:3c:4f:81:
         17:88:46:21
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUCbzhgZk2DCNWj6rywqXjM0lOAxQwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2Mjg1NloX
DTI3MDMwMzA2MzM1NlowMzExMC8GA1UEAxMoNTFEMDhEOTFCQTA2QUQyMzlFREIz
RjkyOTE0RUEwOTYwNjg1M0Y1OTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANJ8T2iGSbqOsbkhLajYQE/+qntu62BCCWgWyhVzq8eI7JWf8UMw+KjqVJDF
LiXGC3DOmCa9/yGL+eMKpDjTBbqvzltncoJoid70MYmbsd4m8mT8Hg+23LmYEbgf
rBBCQLhFvA+9e3Zcz15rGgQjs+dn6GTRcyVd2jTgd00qpbIeB+UUK1z/sVLfA+kP
IPm02UVfBBHbQD5LYbmP+A+dY/3znUujxq1UoJRVQ6s7u+RdLDBefEawl5ZeYwKL
gyTS5IrxWjXOJtCAVELzZYKZyODMk+OUdAPW4tL8AXgzDeBKws02nENWobWCs89B
PerNMM5shKShVdk1aMFWOcARimUCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBRR0I2R
ugatI57bP5KRTqCWBoU/WTAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NjMyOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
rl8wDQYJKoZIhvcNAQELBQADggEBALigIxX6xJOFmpx35ZqQ5k/XincYuIwWAX/4
aD4lqUnCZRLOdzhj6pGW51mG4F09BmCkoyHCQbeJjKoF29+rpohG53Pd0b4k5MAR
u2KMPg3/L7VO09YwuQuk9vlLEykPHMBkzRZCoQZrnwgc8CuyHJk7AuIE3YZ5hyf8
IcB/hznXrVpezeMmYX/YZ+MXL0wJAdPj+KX3LAvLF3nVMTBdagr/YZrLRPHfk5Il
ZKqJmfqBOo3+aGJhcVOU/jGr1kWdU8+fTYt5gtrMHtnXzTxeZFDSnBM908rhUTZG
zYbBtuXzYZiOfzi7bEWqdKbjmIWMAeLOVo19vSwtlzxPgReIRiE=
-----END CERTIFICATE-----