Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS146362.roa
File:                     AS146362.roa (raw, json)
Hash identifier:          nCKkZozW2jCeSVNyXnfqbLNKWWDcazs9zWc415xOcTA=
Subject key identifier:   42:28:FF:5A:12:38:FE:B1:6C:CA:18:8A:CD:3B:93:AE:1A:3E:06:E5
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       6E711CEDFCE78497B3DE152E35D31D4BC5421463
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS146362.roa
Signing time:             Wed 04 Mar 2026 06:34:33 +0000
ROA not before:           Wed 04 Mar 2026 06:29:33 +0000
ROA not after:            Wed 03 Mar 2027 06:34:33 +0000
asID:                     146362
IP address blocks:        240a:ae80::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6e:71:1c:ed:fc:e7:84:97:b3:de:15:2e:35:d3:1d:4b:c5:42:14:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:29:33 2026 GMT
            Not After : Mar  3 06:34:33 2027 GMT
        Subject: CN=4228FF5A1238FEB16CCA188ACD3B93AE1A3E06E5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:3d:13:9e:ce:61:5a:b0:54:59:e8:34:42:87:
                    8b:54:7a:30:a0:a2:d8:bb:59:93:e8:ae:56:0c:07:
                    b8:5d:2f:7e:b1:6a:1e:3d:22:13:91:25:1f:30:13:
                    f5:12:14:ed:a0:95:8c:c7:65:11:e5:61:c9:e1:ad:
                    2b:c2:eb:5c:c7:c1:58:d2:e2:62:ab:51:d5:86:b3:
                    2f:ed:ae:82:e3:2d:d0:cc:c8:2e:49:7e:ff:64:2c:
                    ef:ea:f6:d7:ca:37:6c:20:2e:a5:50:40:92:80:ef:
                    d2:e3:e6:1f:ae:fd:88:b9:c5:87:ab:d1:31:70:ed:
                    fd:b4:7b:a8:25:3f:59:f7:a7:bb:13:b5:99:7a:09:
                    ee:1a:f4:17:f8:fc:53:30:1d:6a:75:55:da:51:c1:
                    a2:57:b1:62:89:4f:0c:e3:29:e1:46:a5:79:ef:9a:
                    89:60:17:63:92:cf:4a:86:57:c1:8f:62:2b:76:40:
                    9b:4a:1a:4b:c0:24:47:19:39:1f:00:d8:7b:6b:ec:
                    4d:a9:99:3f:c6:c6:99:12:eb:d7:bf:97:dd:b6:46:
                    b9:07:a6:e2:8d:ef:9f:74:52:db:5b:d2:b5:50:cd:
                    73:20:76:70:1e:f9:38:ac:d3:22:60:64:80:64:c8:
                    0c:8c:51:e9:d9:54:cb:ad:e8:4e:1f:90:2e:7c:2a:
                    e6:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:28:FF:5A:12:38:FE:B1:6C:CA:18:8A:CD:3B:93:AE:1A:3E:06:E5
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS146362.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:ae80::/32

    Signature Algorithm: sha256WithRSAEncryption
         9b:38:bd:65:d3:0c:ff:01:fd:9c:fe:25:35:60:bb:1b:24:f8:
         1f:93:6a:1f:10:d1:09:21:b7:ff:11:07:89:a6:ec:34:89:0f:
         33:83:69:8f:45:3b:c5:b5:e2:0a:ca:71:d7:3d:d1:c9:e2:9c:
         c7:46:86:df:1a:e1:cb:de:1e:b8:51:cb:c6:f8:3d:59:df:ac:
         bc:13:07:8e:ab:2d:81:fc:1e:8b:71:e1:e6:52:5e:d4:41:1e:
         b1:11:7f:54:18:00:66:ba:56:04:dc:d8:90:e1:bd:da:71:36:
         9e:a7:0d:f3:c3:bd:1d:a3:1c:ff:fc:c8:49:ad:fa:42:00:8e:
         7f:cf:f3:dc:e3:43:0f:c2:96:c8:bf:e6:1b:88:ee:e3:7e:28:
         85:26:49:3e:be:07:b0:f8:0d:0f:2d:f0:81:ed:42:61:16:f1:
         20:8a:ef:1c:d9:99:c9:39:56:f6:a5:f2:cd:28:f9:48:44:e2:
         6d:ab:b8:c2:4b:94:1c:76:a2:f7:b5:8d:bc:c2:00:7a:fd:0b:
         a6:ba:f6:83:99:db:cd:5a:4d:cb:63:06:b5:29:0c:61:4c:e6:
         44:ea:65:55:fc:a9:13:47:ca:73:32:0d:15:2f:05:0f:9f:3c:
         a9:2f:f1:ca:b0:c5:27:b9:9f:6d:3f:3a:62:7f:48:03:cb:58:
         17:89:a5:1f
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUbnEc7fznhJez3hUuNdMdS8VCFGMwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MjkzM1oX
DTI3MDMwMzA2MzQzM1owMzExMC8GA1UEAxMoNDIyOEZGNUExMjM4RkVCMTZDQ0Ex
ODhBQ0QzQjkzQUUxQTNFMDZFNTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAME9E57OYVqwVFnoNEKHi1R6MKCi2LtZk+iuVgwHuF0vfrFqHj0iE5ElHzAT
9RIU7aCVjMdlEeVhyeGtK8LrXMfBWNLiYqtR1YazL+2uguMt0MzILkl+/2Qs7+r2
18o3bCAupVBAkoDv0uPmH679iLnFh6vRMXDt/bR7qCU/WfenuxO1mXoJ7hr0F/j8
UzAdanVV2lHBolexYolPDOMp4Ualee+aiWAXY5LPSoZXwY9iK3ZAm0oaS8AkRxk5
HwDYe2vsTamZP8bGmRLr17+X3bZGuQem4o3vn3RS21vStVDNcyB2cB75OKzTImBk
gGTIDIxR6dlUy63oTh+QLnwq5q0CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBRCKP9a
Ejj+sWzKGIrNO5OuGj4G5TAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NjM2Mi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
roAwDQYJKoZIhvcNAQELBQADggEBAJs4vWXTDP8B/Zz+JTVguxsk+B+Tah8Q0Qkh
t/8RB4mm7DSJDzODaY9FO8W14grKcdc90cninMdGht8a4cveHrhRy8b4PVnfrLwT
B46rLYH8Hotx4eZSXtRBHrERf1QYAGa6VgTc2JDhvdpxNp6nDfPDvR2jHP/8yEmt
+kIAjn/P89zjQw/Clsi/5huI7uN+KIUmST6+B7D4DQ8t8IHtQmEW8SCK7xzZmck5
Vval8s0o+UhE4m2ruMJLlBx2ove1jbzCAHr9C6a69oOZ281aTctjBrUpDGFM5kTq
ZVX8qRNHynMyDRUvBQ+fPKkv8cqwxSe5n20/OmJ/SAPLWBeJpR8=
-----END CERTIFICATE-----