Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS146373.roa
File:                     AS146373.roa (raw, json)
Hash identifier:          J8DxqcPYOwGaaoEe/bHEtGlPw7otG9ib9Uha58p7zME=
Subject key identifier:   66:AF:20:98:56:AE:A5:AA:7A:3B:30:00:7E:CC:2F:F8:9C:69:AB:45
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       30282EE53C65C77BA29169B2C0FF33C38A76648D
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS146373.roa
Signing time:             Wed 04 Mar 2026 06:34:01 +0000
ROA not before:           Wed 04 Mar 2026 06:29:01 +0000
ROA not after:            Wed 03 Mar 2027 06:34:01 +0000
asID:                     146373
IP address blocks:        240a:ae8b::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            30:28:2e:e5:3c:65:c7:7b:a2:91:69:b2:c0:ff:33:c3:8a:76:64:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:29:01 2026 GMT
            Not After : Mar  3 06:34:01 2027 GMT
        Subject: CN=66AF209856AEA5AA7A3B30007ECC2FF89C69AB45
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:2d:fb:03:d2:cd:06:9c:5d:fc:e1:43:e1:f2:
                    c3:90:dd:41:a9:f7:69:90:3b:83:b1:b2:86:72:87:
                    c3:7a:a5:65:73:a5:e3:60:77:54:14:3c:3c:14:00:
                    da:fe:c5:e4:4e:c9:d1:f7:45:1b:45:fd:4a:76:4d:
                    1d:84:69:6a:43:eb:7e:17:e7:1b:2c:df:31:bf:64:
                    88:f4:69:c0:a0:e8:b8:47:84:89:ff:29:aa:3f:ed:
                    99:ad:54:96:61:c6:eb:e3:6d:23:65:d1:6e:81:8b:
                    29:1f:35:46:9c:e6:22:af:a3:87:23:ea:31:be:1e:
                    f5:84:b1:5f:2f:5b:7e:36:af:fd:84:f9:e8:a9:64:
                    4f:d9:8f:bf:dc:7e:2a:29:d5:92:4a:e8:3c:73:c8:
                    8f:23:dc:12:92:3d:32:59:63:b6:8e:c5:e0:60:7c:
                    99:6d:6f:79:de:28:6d:2b:66:f7:9a:83:29:b6:1b:
                    30:ac:fb:6f:59:f9:21:98:6d:0c:7b:a2:db:a6:cc:
                    e8:cc:f2:22:08:59:5f:b0:fd:21:05:92:94:ad:cd:
                    50:ec:2d:6d:e4:6d:c2:24:7f:f8:6d:a7:12:56:67:
                    79:75:61:c6:6d:5d:a6:29:7c:ae:b8:b1:7e:5f:25:
                    fb:66:7c:fc:73:7d:39:78:ce:e2:9f:59:98:17:26:
                    e5:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:AF:20:98:56:AE:A5:AA:7A:3B:30:00:7E:CC:2F:F8:9C:69:AB:45
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS146373.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:ae8b::/32

    Signature Algorithm: sha256WithRSAEncryption
         2d:3c:75:d9:8d:2f:26:a3:e0:6e:f8:56:b5:a9:0c:23:39:b8:
         75:ac:24:30:5f:b5:1a:d9:d8:c9:de:07:c6:ed:bb:d9:ff:1f:
         c5:bf:3f:03:e4:12:34:7e:a2:9d:f1:84:c6:ec:0b:40:de:83:
         58:39:38:5b:79:bb:e8:19:60:80:90:22:5d:58:e9:b1:bf:c1:
         ce:fd:c5:ed:dc:c9:2e:bb:b4:9a:20:de:7b:10:6e:85:68:fd:
         1e:89:e6:90:6e:4e:a5:85:11:f7:be:9d:0b:ec:fe:02:38:b8:
         c8:d6:a0:1e:78:68:a5:db:2f:71:19:50:91:a5:b4:11:8e:b4:
         59:5a:7e:fc:78:f7:3e:39:1d:45:f1:56:fa:8d:45:bf:7f:2a:
         9a:fe:9f:8d:ac:a1:43:8d:e7:85:40:0e:98:91:42:23:55:53:
         b8:62:a0:4b:7a:98:0f:11:e3:2b:d7:b3:8b:4f:94:b6:27:a2:
         51:49:ee:b9:34:23:13:32:7a:3a:f6:70:ed:f2:89:46:8d:29:
         b7:53:c5:32:63:2a:ae:24:af:ef:23:95:39:a3:b4:45:c2:1b:
         a4:3e:24:de:d6:32:be:b1:47:d9:f1:a4:d2:90:d4:ce:1e:95:
         21:5b:f5:86:b7:c0:a4:de:6d:06:3f:3d:12:13:b5:6b:9d:3c:
         cc:56:f2:cc
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUMCgu5Txlx3uikWmywP8zw4p2ZI0wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MjkwMVoX
DTI3MDMwMzA2MzQwMVowMzExMC8GA1UEAxMoNjZBRjIwOTg1NkFFQTVBQTdBM0Iz
MDAwN0VDQzJGRjg5QzY5QUI0NTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALIt+wPSzQacXfzhQ+Hyw5DdQan3aZA7g7GyhnKHw3qlZXOl42B3VBQ8PBQA
2v7F5E7J0fdFG0X9SnZNHYRpakPrfhfnGyzfMb9kiPRpwKDouEeEif8pqj/tma1U
lmHG6+NtI2XRboGLKR81RpzmIq+jhyPqMb4e9YSxXy9bfjav/YT56KlkT9mPv9x+
KinVkkroPHPIjyPcEpI9Mlljto7F4GB8mW1ved4obStm95qDKbYbMKz7b1n5IZht
DHui26bM6MzyIghZX7D9IQWSlK3NUOwtbeRtwiR/+G2nElZneXVhxm1dpil8rrix
fl8l+2Z8/HN9OXjO4p9ZmBcm5YsCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBRmryCY
Vq6lqno7MAB+zC/4nGmrRTAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NjM3My5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
roswDQYJKoZIhvcNAQELBQADggEBAC08ddmNLyaj4G74VrWpDCM5uHWsJDBftRrZ
2MneB8btu9n/H8W/PwPkEjR+op3xhMbsC0Deg1g5OFt5u+gZYICQIl1Y6bG/wc79
xe3cyS67tJog3nsQboVo/R6J5pBuTqWFEfe+nQvs/gI4uMjWoB54aKXbL3EZUJGl
tBGOtFlafvx49z45HUXxVvqNRb9/Kpr+n42soUON54VADpiRQiNVU7hioEt6mA8R
4yvXs4tPlLYnolFJ7rk0IxMyejr2cO3yiUaNKbdTxTJjKq4kr+8jlTmjtEXCG6Q+
JN7WMr6xR9nxpNKQ1M4elSFb9Ya3wKTebQY/PRITtWudPMxW8sw=
-----END CERTIFICATE-----