Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS146331.roa
File:                     AS146331.roa (raw, json)
Hash identifier:          wtJlKXQCdhPSqU37kVpVM4Fid5onhGKyGsV4vXLBBl0=
Subject key identifier:   D4:F8:42:8C:0A:3E:3D:3C:B2:08:38:DB:61:0F:C5:FA:40:73:A6:68
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       4534C7AB64CFB5295F032A0D1FF8E5F53DDD8D04
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS146331.roa
Signing time:             Wed 04 Mar 2026 06:34:27 +0000
ROA not before:           Wed 04 Mar 2026 06:29:27 +0000
ROA not after:            Wed 03 Mar 2027 06:34:27 +0000
asID:                     146331
IP address blocks:        240a:ae61::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:34:c7:ab:64:cf:b5:29:5f:03:2a:0d:1f:f8:e5:f5:3d:dd:8d:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:29:27 2026 GMT
            Not After : Mar  3 06:34:27 2027 GMT
        Subject: CN=D4F8428C0A3E3D3CB20838DB610FC5FA4073A668
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:68:c3:0d:af:0f:cc:20:94:a3:dc:13:36:cf:
                    03:44:8d:94:39:0c:60:11:d1:7a:36:f5:1f:8a:fc:
                    66:f6:7a:27:a4:56:e5:b5:43:ca:bc:1e:df:14:b3:
                    ec:0a:55:cd:4c:94:85:f4:57:66:94:10:49:39:1c:
                    c6:75:ef:11:39:03:1c:72:0e:d4:c5:97:41:10:52:
                    30:ec:f0:2d:45:c3:41:bb:a2:6c:14:eb:ee:f3:1f:
                    3b:3e:56:49:d2:e2:53:ea:8d:d1:db:2c:22:33:ed:
                    7f:c4:28:f8:d2:b4:b2:60:a9:47:48:0c:cd:e9:86:
                    a5:14:ce:03:3f:5d:9c:b8:d4:df:c7:7a:9a:00:81:
                    63:aa:ee:fa:59:61:e3:03:10:f9:46:85:8a:8c:ee:
                    06:8b:20:e2:68:5f:4c:77:52:e9:7e:0a:34:0b:81:
                    5f:ae:77:3e:47:70:16:f0:31:3c:15:f1:19:1e:52:
                    d6:88:a7:48:30:91:88:31:99:b2:6b:ab:5c:2f:52:
                    07:fb:f9:0d:79:95:2d:aa:a8:f0:89:6a:0b:8b:6e:
                    6c:72:f8:44:fe:e5:51:7f:24:ef:4c:b3:c4:b0:9c:
                    78:06:cf:12:57:c6:32:45:59:ad:d2:ad:97:e5:15:
                    e9:30:c1:e3:c2:82:2c:c9:72:ef:19:a9:62:15:cd:
                    2f:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:F8:42:8C:0A:3E:3D:3C:B2:08:38:DB:61:0F:C5:FA:40:73:A6:68
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS146331.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:ae61::/32

    Signature Algorithm: sha256WithRSAEncryption
         d0:22:5e:53:6d:bc:07:e9:18:cc:c0:75:7b:58:d2:f0:04:af:
         74:dc:6e:c8:fc:7e:2e:ee:32:d6:ed:90:f9:52:83:b6:a2:23:
         24:7a:71:e9:27:cd:78:ab:0e:59:1e:2e:01:45:13:87:66:a7:
         74:22:ba:a9:57:58:9e:a5:74:5a:53:60:38:6b:3e:e8:83:c6:
         2d:56:a3:09:62:6c:c7:d0:f1:cc:0f:77:e4:b5:2f:44:9a:f1:
         5a:25:64:0f:44:95:a7:99:8e:fd:94:f1:51:66:17:36:3c:62:
         88:cc:82:6a:ea:c1:0d:96:e1:ad:c1:db:b3:02:61:ba:8f:62:
         0a:51:48:5a:5c:ee:c5:23:e1:ce:62:26:63:01:0e:e7:46:94:
         60:40:65:56:25:0f:37:6a:28:0b:cb:e5:c5:c0:87:a6:cd:22:
         04:3a:ff:a3:9c:4b:a1:f7:d4:12:a2:c3:35:8f:a1:cd:3f:d2:
         75:ee:75:22:d9:e5:6a:9a:65:8c:1f:f3:88:b0:29:a7:cb:f5:
         71:8d:9e:ac:7e:9a:ed:bf:85:e8:d9:77:15:2f:ec:75:39:01:
         d0:b1:a9:bf:ef:15:cf:c5:ba:f1:26:51:07:91:97:15:1d:db:
         e7:34:fb:6e:24:3f:8d:b1:f6:09:c5:12:22:53:6c:20:01:e6:
         0a:b9:b9:e9
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIURTTHq2TPtSlfAyoNH/jl9T3djQQwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MjkyN1oX
DTI3MDMwMzA2MzQyN1owMzExMC8GA1UEAxMoRDRGODQyOEMwQTNFM0QzQ0IyMDgz
OERCNjEwRkM1RkE0MDczQTY2ODCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK9oww2vD8wglKPcEzbPA0SNlDkMYBHRejb1H4r8ZvZ6J6RW5bVDyrwe3xSz
7ApVzUyUhfRXZpQQSTkcxnXvETkDHHIO1MWXQRBSMOzwLUXDQbuibBTr7vMfOz5W
SdLiU+qN0dssIjPtf8Qo+NK0smCpR0gMzemGpRTOAz9dnLjU38d6mgCBY6ru+llh
4wMQ+UaFiozuBosg4mhfTHdS6X4KNAuBX653PkdwFvAxPBXxGR5S1oinSDCRiDGZ
smurXC9SB/v5DXmVLaqo8IlqC4tubHL4RP7lUX8k70yzxLCceAbPElfGMkVZrdKt
l+UV6TDB48KCLMly7xmpYhXNL/ECAwEAAaOCAcUwggHBMB0GA1UdDgQWBBTU+EKM
Cj49PLIIONthD8X6QHOmaDAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NjMzMS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
rmEwDQYJKoZIhvcNAQELBQADggEBANAiXlNtvAfpGMzAdXtY0vAEr3Tcbsj8fi7u
MtbtkPlSg7aiIyR6ceknzXirDlkeLgFFE4dmp3QiuqlXWJ6ldFpTYDhrPuiDxi1W
owlibMfQ8cwPd+S1L0Sa8VolZA9ElaeZjv2U8VFmFzY8YojMgmrqwQ2W4a3B27MC
YbqPYgpRSFpc7sUj4c5iJmMBDudGlGBAZVYlDzdqKAvL5cXAh6bNIgQ6/6OcS6H3
1BKiwzWPoc0/0nXudSLZ5WqaZYwf84iwKafL9XGNnqx+mu2/hejZdxUv7HU5AdCx
qb/vFc/FuvEmUQeRlxUd2+c0+24kP42x9gnFEiJTbCAB5gq5uek=
-----END CERTIFICATE-----