Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS146338.roa
File:                     AS146338.roa (raw, json)
Hash identifier:          q5YLmL82tDd73Y5TcZcvFQceC5MMn0F6qTBc136bpHo=
Subject key identifier:   B4:04:74:BD:D5:C5:75:EB:9F:B5:DF:EB:CA:FC:55:34:62:54:38:48
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       4286A70113B8199C2FED1DC03233F1BF31D4C61C
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS146338.roa
Signing time:             Wed 04 Mar 2026 06:33:44 +0000
ROA not before:           Wed 04 Mar 2026 06:28:44 +0000
ROA not after:            Wed 03 Mar 2027 06:33:44 +0000
asID:                     146338
IP address blocks:        240a:ae68::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            42:86:a7:01:13:b8:19:9c:2f:ed:1d:c0:32:33:f1:bf:31:d4:c6:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:28:44 2026 GMT
            Not After : Mar  3 06:33:44 2027 GMT
        Subject: CN=B40474BDD5C575EB9FB5DFEBCAFC553462543848
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:42:85:25:8e:dd:8d:09:0f:c5:82:37:6a:d0:
                    00:57:0c:ac:49:73:ca:0f:6e:0b:c3:64:d6:eb:07:
                    1d:29:48:ca:d9:7f:bb:f0:2f:f5:71:3d:af:20:c4:
                    e5:be:03:53:0b:b3:93:eb:10:0b:ba:d8:a4:c0:a0:
                    c5:d3:6d:2a:62:0f:82:43:27:8e:64:c1:59:65:61:
                    c3:2c:8c:14:66:1e:1d:02:58:3f:a2:02:55:62:10:
                    65:b2:e7:9b:2b:b6:d2:7e:a8:11:8b:08:d9:ef:51:
                    de:fc:1a:b3:31:80:ae:a3:7d:72:e9:04:f7:71:d9:
                    de:7e:6b:99:9f:e0:63:cf:74:df:0a:25:33:1c:00:
                    ea:02:fb:14:f0:94:8f:0a:e5:e1:b5:c6:f5:c7:a0:
                    e2:c7:0a:84:d1:0d:eb:fd:c7:99:d5:47:09:f3:96:
                    55:cf:be:b8:d6:27:c7:04:6e:83:44:95:67:12:74:
                    46:4f:11:52:9e:d3:36:00:53:0a:ea:74:ef:65:a2:
                    1d:ef:2b:6c:d4:18:73:d5:83:e4:47:03:b5:07:12:
                    67:53:d3:d3:29:67:71:eb:58:91:ba:0e:55:96:b1:
                    c1:6a:4c:15:bb:de:ac:d5:3d:c1:59:c0:fd:20:90:
                    d3:b0:8f:a9:c8:2b:c8:95:2e:68:f3:bb:23:88:c6:
                    af:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:04:74:BD:D5:C5:75:EB:9F:B5:DF:EB:CA:FC:55:34:62:54:38:48
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS146338.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:ae68::/32

    Signature Algorithm: sha256WithRSAEncryption
         2d:97:fb:78:b8:3a:99:51:60:32:6e:f5:96:23:a3:eb:0c:8b:
         cf:57:20:4e:b2:d6:3b:eb:e0:d1:da:08:c8:e4:e6:d8:1c:1b:
         f1:8a:36:58:31:73:f3:17:da:18:88:20:b0:97:7b:9e:0f:2e:
         9f:90:50:03:ca:6d:21:8a:17:5e:85:71:d3:93:be:e5:0f:b8:
         27:37:be:fc:af:d7:23:57:14:04:86:66:0a:42:91:85:28:48:
         1f:0e:a8:bb:83:e2:1d:13:2c:0d:80:32:aa:c3:87:1d:d6:41:
         3c:c5:15:ba:3c:ca:31:34:d7:2e:79:f6:73:bd:3c:8a:ea:be:
         e8:67:ea:37:40:3f:c6:c5:32:09:38:dd:e6:c8:e2:84:fd:5c:
         2f:dc:35:33:58:0f:08:e9:2b:e6:c4:27:27:9e:8f:c2:47:2c:
         22:50:18:99:65:55:51:18:dc:fa:2b:6d:31:72:0a:fb:f1:59:
         f2:a8:0e:b4:bb:0c:63:ae:c9:c6:2a:39:87:01:31:fd:f0:78:
         ef:75:bb:af:73:f0:25:76:83:b0:50:12:01:53:13:d1:2d:44:
         a4:7f:26:95:03:87:0f:7f:60:fc:6a:8a:5f:95:f7:36:f8:22:
         ac:d5:ef:78:3d:49:68:0f:72:ad:09:81:0e:ad:62:66:57:3e:
         65:93:df:ba
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUQoanARO4GZwv7R3AMjPxvzHUxhwwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2Mjg0NFoX
DTI3MDMwMzA2MzM0NFowMzExMC8GA1UEAxMoQjQwNDc0QkRENUM1NzVFQjlGQjVE
RkVCQ0FGQzU1MzQ2MjU0Mzg0ODCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALZChSWO3Y0JD8WCN2rQAFcMrElzyg9uC8Nk1usHHSlIytl/u/Av9XE9ryDE
5b4DUwuzk+sQC7rYpMCgxdNtKmIPgkMnjmTBWWVhwyyMFGYeHQJYP6ICVWIQZbLn
myu20n6oEYsI2e9R3vwaszGArqN9cukE93HZ3n5rmZ/gY8903wolMxwA6gL7FPCU
jwrl4bXG9ceg4scKhNEN6/3HmdVHCfOWVc++uNYnxwRug0SVZxJ0Rk8RUp7TNgBT
Cup072WiHe8rbNQYc9WD5EcDtQcSZ1PT0ylncetYkboOVZaxwWpMFbverNU9wVnA
/SCQ07CPqcgryJUuaPO7I4jGrw0CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBS0BHS9
1cV165+13+vK/FU0YlQ4SDAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NjMzOC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
rmgwDQYJKoZIhvcNAQELBQADggEBAC2X+3i4OplRYDJu9ZYjo+sMi89XIE6y1jvr
4NHaCMjk5tgcG/GKNlgxc/MX2hiIILCXe54PLp+QUAPKbSGKF16FcdOTvuUPuCc3
vvyv1yNXFASGZgpCkYUoSB8OqLuD4h0TLA2AMqrDhx3WQTzFFbo8yjE01y559nO9
PIrqvuhn6jdAP8bFMgk43ebI4oT9XC/cNTNYDwjpK+bEJyeej8JHLCJQGJllVVEY
3PorbTFyCvvxWfKoDrS7DGOuycYqOYcBMf3weO91u69z8CV2g7BQEgFTE9EtRKR/
JpUDhw9/YPxqil+V9zb4IqzV73g9SWgPcq0JgQ6tYmZXPmWT37o=
-----END CERTIFICATE-----