Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS146352.roa
File:                     AS146352.roa (raw, json)
Hash identifier:          DPLjd76f3IOtUoA/DWW7ML4YZ1C6ROF397CiKy+fGYk=
Subject key identifier:   CD:91:04:A3:E7:71:E2:31:02:53:A1:33:AE:81:D9:5F:E8:A0:7B:6D
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       728217951DC7BB4CDB54A8C3A0E5196CB07E612E
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS146352.roa
Signing time:             Wed 04 Mar 2026 06:34:36 +0000
ROA not before:           Wed 04 Mar 2026 06:29:36 +0000
ROA not after:            Wed 03 Mar 2027 06:34:36 +0000
asID:                     146352
IP address blocks:        240a:ae76::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            72:82:17:95:1d:c7:bb:4c:db:54:a8:c3:a0:e5:19:6c:b0:7e:61:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:29:36 2026 GMT
            Not After : Mar  3 06:34:36 2027 GMT
        Subject: CN=CD9104A3E771E2310253A133AE81D95FE8A07B6D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:33:5b:cb:82:67:23:3c:be:a3:41:da:0f:9d:
                    27:8b:da:63:66:89:db:32:2c:05:46:51:b2:f6:33:
                    53:33:ee:30:01:fb:48:c1:db:3a:f4:7e:c9:39:c1:
                    69:ca:78:94:8b:9d:aa:61:01:bf:b6:96:45:3b:12:
                    0e:41:9a:36:a5:21:f9:a9:67:e4:90:47:82:f7:24:
                    83:5a:20:9b:f7:e9:db:6a:b9:8e:23:f0:a0:6b:66:
                    40:3a:58:e9:8b:06:6c:86:79:f1:c6:c3:80:88:51:
                    a4:bb:fd:6c:f4:9f:c6:53:a3:77:91:e0:b1:bc:4d:
                    06:5b:37:d4:1f:1f:f1:2f:f4:6e:cf:53:e7:c5:90:
                    80:aa:95:c9:04:9d:01:35:e4:06:92:15:1b:38:d8:
                    4c:88:68:a5:99:af:27:06:71:8c:cf:17:6d:3b:61:
                    ee:20:1c:36:15:72:72:e3:7f:f6:3c:69:f5:bc:0f:
                    aa:5c:62:63:32:47:41:4a:44:46:b6:63:d4:c8:f4:
                    fb:7b:cf:9a:0c:3d:da:80:b6:35:b4:3f:fe:ec:a0:
                    e4:ae:59:68:fc:8b:ba:32:f2:af:cb:09:19:57:63:
                    16:f0:42:f2:a2:a4:16:64:9b:e8:01:f9:a4:3f:ca:
                    70:a2:e7:b2:43:b1:2c:d7:2d:63:4a:29:f1:41:d3:
                    81:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:91:04:A3:E7:71:E2:31:02:53:A1:33:AE:81:D9:5F:E8:A0:7B:6D
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS146352.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:ae76::/32

    Signature Algorithm: sha256WithRSAEncryption
         67:7c:e1:9c:27:1b:a2:e1:24:78:e4:10:ae:e8:86:c1:d4:10:
         e7:03:19:19:72:57:53:1c:1c:3d:78:b5:f2:c8:f3:42:0f:90:
         af:ed:a1:b3:b5:0d:81:a9:f6:a7:02:14:e3:4d:35:01:45:4b:
         19:c7:77:39:f6:01:96:3c:1e:5a:fd:87:6e:14:8f:94:93:c6:
         ef:cc:91:18:d9:2f:7f:8d:f3:25:a9:30:38:7e:3c:48:1b:4a:
         70:57:26:45:18:3e:11:f5:0b:be:54:4d:c0:74:22:ff:08:c1:
         fe:81:82:3e:28:80:66:3c:7a:95:1f:16:90:23:c7:fa:82:15:
         cf:93:1a:24:18:20:67:eb:34:20:6e:91:ca:d5:b7:49:45:d0:
         45:c4:ca:de:83:b7:01:19:90:37:83:5b:9d:98:49:67:5d:5c:
         c1:55:47:f9:ee:33:2a:43:49:c2:37:96:a3:97:a6:f9:ad:f7:
         ee:41:f6:ce:93:69:33:90:0e:b6:38:67:f3:82:24:c8:2b:89:
         60:e7:23:cd:a7:f2:1c:8d:67:d5:28:61:e0:d0:a9:aa:da:36:
         fb:89:eb:22:18:4b:73:e5:61:07:4c:e1:1b:c7:5c:d3:b5:4b:
         86:e6:f2:47:6c:d7:15:95:c9:38:a6:d2:3b:6f:aa:5b:5d:6e:
         88:4b:6e:12
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUcoIXlR3Hu0zbVKjDoOUZbLB+YS4wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MjkzNloX
DTI3MDMwMzA2MzQzNlowMzExMC8GA1UEAxMoQ0Q5MTA0QTNFNzcxRTIzMTAyNTNB
MTMzQUU4MUQ5NUZFOEEwN0I2RDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANkzW8uCZyM8vqNB2g+dJ4vaY2aJ2zIsBUZRsvYzUzPuMAH7SMHbOvR+yTnB
acp4lIudqmEBv7aWRTsSDkGaNqUh+aln5JBHgvckg1ogm/fp22q5jiPwoGtmQDpY
6YsGbIZ58cbDgIhRpLv9bPSfxlOjd5HgsbxNBls31B8f8S/0bs9T58WQgKqVyQSd
ATXkBpIVGzjYTIhopZmvJwZxjM8XbTth7iAcNhVycuN/9jxp9bwPqlxiYzJHQUpE
RrZj1Mj0+3vPmgw92oC2NbQ//uyg5K5ZaPyLujLyr8sJGVdjFvBC8qKkFmSb6AH5
pD/KcKLnskOxLNctY0op8UHTgecCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBTNkQSj
53HiMQJToTOugdlf6KB7bTAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NjM1Mi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
rnYwDQYJKoZIhvcNAQELBQADggEBAGd84ZwnG6LhJHjkEK7ohsHUEOcDGRlyV1Mc
HD14tfLI80IPkK/tobO1DYGp9qcCFONNNQFFSxnHdzn2AZY8Hlr9h24Uj5STxu/M
kRjZL3+N8yWpMDh+PEgbSnBXJkUYPhH1C75UTcB0Iv8Iwf6Bgj4ogGY8epUfFpAj
x/qCFc+TGiQYIGfrNCBukcrVt0lF0EXEyt6DtwEZkDeDW52YSWddXMFVR/nuMypD
ScI3lqOXpvmt9+5B9s6TaTOQDrY4Z/OCJMgriWDnI82n8hyNZ9UoYeDQqaraNvuJ
6yIYS3PlYQdM4RvHXNO1S4bm8kds1xWVyTim0jtvqltdbohLbhI=
-----END CERTIFICATE-----