Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS146353.roa
File:                     AS146353.roa (raw, json)
Hash identifier:          8j+BBc9MF7RFex3Py3d/rbgEkB8vJQRLlNLnodkTJF0=
Subject key identifier:   48:92:CD:CA:70:69:37:7A:63:3D:13:AD:F1:DF:A1:79:58:1C:86:AD
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       6479382F57C2CD15C77AFD07F9442F3BC973282F
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS146353.roa
Signing time:             Wed 04 Mar 2026 06:33:44 +0000
ROA not before:           Wed 04 Mar 2026 06:28:44 +0000
ROA not after:            Wed 03 Mar 2027 06:33:44 +0000
asID:                     146353
IP address blocks:        240a:ae77::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            64:79:38:2f:57:c2:cd:15:c7:7a:fd:07:f9:44:2f:3b:c9:73:28:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:28:44 2026 GMT
            Not After : Mar  3 06:33:44 2027 GMT
        Subject: CN=4892CDCA7069377A633D13ADF1DFA179581C86AD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:58:6c:96:3a:41:d0:22:36:3a:5d:d8:fa:07:
                    89:7c:bb:9a:1a:0b:0c:9d:9b:b1:43:59:b8:f4:74:
                    0e:0e:0f:6f:91:d4:db:a8:84:cc:e1:d3:3b:41:c8:
                    59:85:5e:0e:1d:46:cf:a8:f1:7d:af:9c:97:d3:7c:
                    03:91:ca:b8:e6:a9:e2:6d:b1:d6:a3:a1:d3:10:65:
                    a1:52:b4:d7:cf:51:02:4c:e7:6b:eb:9d:00:8d:7a:
                    f3:9c:c5:fa:88:81:94:cc:01:f3:fe:4e:a3:77:2f:
                    1b:ea:95:40:2e:26:57:21:7e:60:25:f0:85:c4:71:
                    d6:e9:aa:f2:ac:db:50:15:4c:93:e8:33:f9:f3:b6:
                    d5:3d:09:09:44:20:e9:43:51:ab:d0:72:4d:05:48:
                    a7:9f:8f:9d:e8:b6:8a:f8:a3:aa:ae:e1:5e:4b:8a:
                    03:01:01:41:8e:49:6e:a1:20:22:ce:84:d0:6a:10:
                    cb:d5:94:ab:e4:b8:0d:40:e7:06:4b:f2:e1:e5:00:
                    b1:9a:74:01:76:6b:06:da:87:c3:92:ba:a2:cd:91:
                    e9:99:43:1b:25:1c:6f:63:c2:bd:94:48:07:93:bd:
                    59:07:cc:74:d2:b8:de:91:4d:12:36:0f:0c:35:bc:
                    dc:bf:4b:31:0c:ec:b3:c1:09:f1:73:06:91:44:48:
                    45:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:92:CD:CA:70:69:37:7A:63:3D:13:AD:F1:DF:A1:79:58:1C:86:AD
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS146353.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:ae77::/32

    Signature Algorithm: sha256WithRSAEncryption
         c3:97:f5:83:f8:0b:91:ec:3c:43:04:8b:75:13:5f:6d:36:45:
         19:b4:45:89:5a:65:70:7c:21:7f:3a:8e:e0:a8:21:1b:09:f8:
         35:f1:a0:3a:db:3b:8b:30:7b:27:58:17:fa:44:9b:2b:15:49:
         13:23:f3:3c:b8:62:45:ec:e5:f2:c9:7d:5f:39:1f:14:a3:d9:
         5c:e5:08:80:80:79:e8:20:47:b8:4b:12:35:98:a3:15:1f:38:
         0f:ca:5e:1b:39:f4:2b:9e:18:c1:7c:08:a3:20:0f:46:d0:4c:
         57:5d:c8:fb:69:fe:81:47:98:66:44:4a:e2:30:76:b6:87:cd:
         1e:63:c2:d3:ae:67:23:ad:5d:64:43:74:41:36:c3:a8:48:8f:
         92:d5:46:4e:51:48:a0:fb:5c:e1:5d:4f:38:57:f0:8c:33:60:
         b8:74:dc:fe:ba:26:9d:79:b6:47:26:c4:9e:a7:3e:1e:b4:c9:
         f9:b0:c1:aa:c3:00:81:22:64:93:5c:8d:60:8a:39:61:45:a2:
         a9:e1:9a:51:7a:b9:f1:c6:9a:17:c7:ba:a2:07:87:c6:3c:cf:
         d6:ec:dd:2c:64:c9:19:dc:a8:a5:65:a1:39:ca:02:88:d4:44:
         b5:c7:00:8b:4e:bc:12:86:8e:66:85:3d:dd:45:fa:c1:61:da:
         3d:a9:0b:f3
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUZHk4L1fCzRXHev0H+UQvO8lzKC8wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2Mjg0NFoX
DTI3MDMwMzA2MzM0NFowMzExMC8GA1UEAxMoNDg5MkNEQ0E3MDY5Mzc3QTYzM0Qx
M0FERjFERkExNzk1ODFDODZBRDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOtYbJY6QdAiNjpd2PoHiXy7mhoLDJ2bsUNZuPR0Dg4Pb5HU26iEzOHTO0HI
WYVeDh1Gz6jxfa+cl9N8A5HKuOap4m2x1qOh0xBloVK0189RAkzna+udAI1685zF
+oiBlMwB8/5Oo3cvG+qVQC4mVyF+YCXwhcRx1umq8qzbUBVMk+gz+fO21T0JCUQg
6UNRq9ByTQVIp5+Pnei2ivijqq7hXkuKAwEBQY5JbqEgIs6E0GoQy9WUq+S4DUDn
Bkvy4eUAsZp0AXZrBtqHw5K6os2R6ZlDGyUcb2PCvZRIB5O9WQfMdNK43pFNEjYP
DDW83L9LMQzss8EJ8XMGkURIRVcCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBRIks3K
cGk3emM9E63x36F5WByGrTAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NjM1My5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
rncwDQYJKoZIhvcNAQELBQADggEBAMOX9YP4C5HsPEMEi3UTX202RRm0RYlaZXB8
IX86juCoIRsJ+DXxoDrbO4sweydYF/pEmysVSRMj8zy4YkXs5fLJfV85HxSj2Vzl
CICAeeggR7hLEjWYoxUfOA/KXhs59CueGMF8CKMgD0bQTFddyPtp/oFHmGZESuIw
draHzR5jwtOuZyOtXWRDdEE2w6hIj5LVRk5RSKD7XOFdTzhX8IwzYLh03P66Jp15
tkcmxJ6nPh60yfmwwarDAIEiZJNcjWCKOWFFoqnhmlF6ufHGmhfHuqIHh8Y8z9bs
3SxkyRncqKVloTnKAojURLXHAItOvBKGjmaFPd1F+sFh2j2pC/M=
-----END CERTIFICATE-----