Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS146340.roa
File:                     AS146340.roa (raw, json)
Hash identifier:          z1MUs1B3z6malKCQjHO730xAFi0i1JQWgBueOM67RQg=
Subject key identifier:   10:C4:64:B2:C0:4A:A3:FA:26:34:D2:5D:CD:6C:26:ED:DF:83:02:A6
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       3EF93075F598AD1F1C71E76963061D065C58CCE4
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS146340.roa
Signing time:             Wed 04 Mar 2026 06:34:49 +0000
ROA not before:           Wed 04 Mar 2026 06:29:49 +0000
ROA not after:            Wed 03 Mar 2027 06:34:49 +0000
asID:                     146340
IP address blocks:        240a:ae6a::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3e:f9:30:75:f5:98:ad:1f:1c:71:e7:69:63:06:1d:06:5c:58:cc:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:29:49 2026 GMT
            Not After : Mar  3 06:34:49 2027 GMT
        Subject: CN=10C464B2C04AA3FA2634D25DCD6C26EDDF8302A6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:af:d7:c7:60:37:27:46:15:85:d1:fb:0f:a4:
                    d0:a8:2b:3e:fd:85:1b:fa:d3:b7:32:de:aa:2b:2f:
                    af:76:bc:46:3f:c9:72:ab:19:32:a1:94:77:81:f1:
                    c1:51:06:9b:8e:77:86:d5:ab:fb:95:76:73:a4:71:
                    b7:60:96:97:5b:ff:a2:2a:9f:0e:39:fc:3e:54:85:
                    8f:35:03:43:15:2b:21:92:f7:d5:4b:e3:4f:5f:48:
                    8b:f2:dc:1e:9c:ab:a4:9f:2a:d7:54:81:70:da:30:
                    dd:2c:da:74:8b:f8:28:5a:3c:20:50:4d:8e:88:e4:
                    b1:1b:f5:b6:16:e9:49:ed:eb:85:21:ae:d8:a0:7c:
                    53:9c:31:6f:96:fc:cb:dc:3e:07:99:18:d6:06:1c:
                    d4:98:50:bc:0e:a6:a9:c5:cf:1a:83:4d:a2:2d:f8:
                    78:54:f4:75:d2:8b:aa:b4:58:87:1b:37:d1:69:fa:
                    98:2d:3a:44:8d:69:ce:02:d6:07:92:4d:d9:c6:00:
                    17:5b:c1:fc:e4:11:91:26:d2:7a:03:c8:43:7b:09:
                    11:1d:34:bd:dc:b3:20:7e:8b:72:98:2c:41:d3:69:
                    eb:a5:81:75:7f:87:70:30:36:5c:7e:b1:5c:82:28:
                    54:27:46:94:aa:3c:ac:5d:47:05:c9:6f:e4:18:ad:
                    85:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:C4:64:B2:C0:4A:A3:FA:26:34:D2:5D:CD:6C:26:ED:DF:83:02:A6
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS146340.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:ae6a::/32

    Signature Algorithm: sha256WithRSAEncryption
         6d:77:57:03:02:aa:c2:54:85:ea:43:12:a3:d4:d7:ea:9a:e6:
         1f:e9:b7:bf:11:d5:9e:43:0c:d3:48:cc:14:08:b6:7d:1d:ca:
         c3:d8:78:65:74:46:86:dd:4b:0a:56:15:43:5b:0e:da:07:e5:
         49:c3:ab:c8:e6:ba:1b:1b:21:0d:57:4e:e6:e6:49:77:2c:d4:
         2d:92:2e:f0:88:ea:eb:59:04:12:1c:fb:a4:86:cc:f3:f4:60:
         4d:5c:35:c7:5f:b5:fe:ca:f4:53:87:69:37:9b:51:c7:06:a6:
         fb:92:8d:60:71:d1:11:0d:cb:79:12:40:fe:01:46:28:e2:55:
         8b:86:b4:52:a3:eb:1b:57:02:03:9c:f1:ef:5f:0d:b9:8b:05:
         17:21:ed:31:c1:e7:78:32:19:1c:59:c5:94:12:c8:a9:48:ee:
         48:f9:4e:9f:60:27:db:e2:47:2b:f5:84:57:2c:6a:9a:42:6b:
         1c:98:6a:94:c7:3a:93:87:00:03:c4:5d:db:45:11:b0:cd:e6:
         21:a6:a4:23:7d:46:ce:9e:12:e6:87:6b:27:f8:9d:c0:51:fd:
         03:10:5e:93:45:fb:27:97:2a:30:5e:c5:1a:e4:b2:66:fc:3c:
         d4:53:a0:f9:8f:56:7c:7b:28:5a:42:6a:7c:c4:c3:9f:dd:19:
         73:b3:72:d6
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUPvkwdfWYrR8ccedpYwYdBlxYzOQwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2Mjk0OVoX
DTI3MDMwMzA2MzQ0OVowMzExMC8GA1UEAxMoMTBDNDY0QjJDMDRBQTNGQTI2MzRE
MjVEQ0Q2QzI2RURERjgzMDJBNjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMCv18dgNydGFYXR+w+k0KgrPv2FG/rTtzLeqisvr3a8Rj/JcqsZMqGUd4Hx
wVEGm453htWr+5V2c6Rxt2CWl1v/oiqfDjn8PlSFjzUDQxUrIZL31UvjT19Ii/Lc
HpyrpJ8q11SBcNow3SzadIv4KFo8IFBNjojksRv1thbpSe3rhSGu2KB8U5wxb5b8
y9w+B5kY1gYc1JhQvA6mqcXPGoNNoi34eFT0ddKLqrRYhxs30Wn6mC06RI1pzgLW
B5JN2cYAF1vB/OQRkSbSegPIQ3sJER00vdyzIH6LcpgsQdNp66WBdX+HcDA2XH6x
XIIoVCdGlKo8rF1HBclv5BithecCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQQxGSy
wEqj+iY00l3NbCbt34MCpjAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NjM0MC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
rmowDQYJKoZIhvcNAQELBQADggEBAG13VwMCqsJUhepDEqPU1+qa5h/pt78R1Z5D
DNNIzBQItn0dysPYeGV0RobdSwpWFUNbDtoH5UnDq8jmuhsbIQ1XTubmSXcs1C2S
LvCI6utZBBIc+6SGzPP0YE1cNcdftf7K9FOHaTebUccGpvuSjWBx0RENy3kSQP4B
RijiVYuGtFKj6xtXAgOc8e9fDbmLBRch7THB53gyGRxZxZQSyKlI7kj5Tp9gJ9vi
Ryv1hFcsappCaxyYapTHOpOHAAPEXdtFEbDN5iGmpCN9Rs6eEuaHayf4ncBR/QMQ
XpNF+yeXKjBexRrksmb8PNRToPmPVnx7KFpCanzEw5/dGXOzctY=
-----END CERTIFICATE-----