Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS146375.roa
File:                     AS146375.roa (raw, json)
Hash identifier:          wQFvTWTgUL1CTfTrwi1+0sUUv11IHonB6Ew+jz3/UVc=
Subject key identifier:   08:37:C3:AB:96:3C:8F:F8:ED:39:B2:1A:67:6A:37:7E:B1:81:0F:24
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       6D04020E30CB49BB90383E21933E1305B5F25420
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS146375.roa
Signing time:             Wed 04 Mar 2026 06:34:04 +0000
ROA not before:           Wed 04 Mar 2026 06:29:04 +0000
ROA not after:            Wed 03 Mar 2027 06:34:04 +0000
asID:                     146375
IP address blocks:        240a:ae8d::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6d:04:02:0e:30:cb:49:bb:90:38:3e:21:93:3e:13:05:b5:f2:54:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:29:04 2026 GMT
            Not After : Mar  3 06:34:04 2027 GMT
        Subject: CN=0837C3AB963C8FF8ED39B21A676A377EB1810F24
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:3d:17:ff:f1:e9:a7:b3:a4:d0:8a:57:fc:f0:
                    b9:96:f8:6a:97:00:97:9f:ee:d1:16:48:74:bd:39:
                    06:63:ec:a9:2f:9a:0e:83:3f:a5:12:34:46:51:e8:
                    2f:1c:9b:e0:0b:44:06:71:f2:b5:68:80:f4:ea:ac:
                    00:11:22:6d:39:d1:1b:d0:77:80:e4:3a:ac:1c:69:
                    9c:a8:5e:9b:80:84:71:35:bf:d0:5c:f4:5b:39:24:
                    60:60:74:5a:a1:f7:ea:b2:13:5f:3c:94:3c:ac:ca:
                    d1:10:a3:23:cd:ed:75:90:f2:b1:6d:b0:f6:11:01:
                    bf:22:1a:0d:d4:44:8f:6c:1a:51:21:db:78:35:79:
                    70:8f:7c:20:6e:a1:3e:01:ae:7c:bb:be:fa:60:e4:
                    c9:4d:56:aa:1d:02:30:f5:74:bf:d7:11:99:ff:b6:
                    70:59:01:bf:2b:55:66:32:d0:d4:78:8b:23:7f:48:
                    b8:52:e5:63:85:05:38:46:cb:0c:9a:f5:1e:18:54:
                    29:53:d9:eb:bc:b7:e8:87:f4:7d:57:ef:eb:fc:ad:
                    2d:04:18:0b:b3:4f:14:10:26:d5:e9:0f:9d:8f:40:
                    09:76:f8:52:5d:37:49:98:85:3e:86:58:7d:26:df:
                    68:16:43:44:f4:69:3b:80:60:20:47:99:29:54:11:
                    46:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:37:C3:AB:96:3C:8F:F8:ED:39:B2:1A:67:6A:37:7E:B1:81:0F:24
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS146375.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:ae8d::/32

    Signature Algorithm: sha256WithRSAEncryption
         56:57:15:2f:3a:43:1a:45:59:ce:3b:5c:90:15:c5:0a:d0:e1:
         b7:42:de:f6:fc:d2:d0:90:46:a1:b6:2a:cc:82:6b:25:34:94:
         25:02:31:ce:80:53:42:de:37:45:9c:c6:e2:48:ec:81:b6:7c:
         d3:31:be:51:22:f9:cd:a4:21:da:c5:52:bd:26:db:7e:55:e7:
         9b:ba:13:ec:5a:2b:74:3c:40:f8:bc:4b:2b:f3:bb:9e:7c:a9:
         09:e2:8d:7c:7b:c3:56:da:6d:92:bd:47:26:d2:14:cf:a5:a9:
         34:c6:6d:46:d3:e8:8e:ad:3d:8c:b1:0a:b6:89:e0:a6:60:87:
         23:30:10:3a:63:7e:04:d4:d4:dd:aa:95:a9:b9:77:72:f9:11:
         6c:0d:79:b1:44:9e:56:27:06:e5:69:a7:8c:6c:31:60:73:b7:
         86:7e:56:49:22:28:8b:d7:99:d6:4f:41:41:5b:a3:b0:60:d6:
         d9:95:cf:ee:d5:0b:e7:9e:ff:05:81:30:cf:e9:bc:a5:ec:e2:
         20:c7:6d:57:43:e1:88:e9:b1:e1:36:f8:d1:00:97:50:1e:4c:
         4b:5d:a5:ce:4b:69:4a:af:bd:aa:79:50:34:94:f6:a8:1e:34:
         d4:7b:af:7b:eb:23:d2:c2:7c:6e:99:6f:4b:6f:89:f3:5d:77:
         bd:45:59:be
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUbQQCDjDLSbuQOD4hkz4TBbXyVCAwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MjkwNFoX
DTI3MDMwMzA2MzQwNFowMzExMC8GA1UEAxMoMDgzN0MzQUI5NjNDOEZGOEVEMzlC
MjFBNjc2QTM3N0VCMTgxMEYyNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALE9F//x6aezpNCKV/zwuZb4apcAl5/u0RZIdL05BmPsqS+aDoM/pRI0RlHo
Lxyb4AtEBnHytWiA9OqsABEibTnRG9B3gOQ6rBxpnKhem4CEcTW/0Fz0WzkkYGB0
WqH36rITXzyUPKzK0RCjI83tdZDysW2w9hEBvyIaDdREj2waUSHbeDV5cI98IG6h
PgGufLu++mDkyU1Wqh0CMPV0v9cRmf+2cFkBvytVZjLQ1HiLI39IuFLlY4UFOEbL
DJr1HhhUKVPZ67y36If0fVfv6/ytLQQYC7NPFBAm1ekPnY9ACXb4Ul03SZiFPoZY
fSbfaBZDRPRpO4BgIEeZKVQRRk0CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQIN8Or
ljyP+O05shpnajd+sYEPJDAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NjM3NS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
ro0wDQYJKoZIhvcNAQELBQADggEBAFZXFS86QxpFWc47XJAVxQrQ4bdC3vb80tCQ
RqG2KsyCayU0lCUCMc6AU0LeN0WcxuJI7IG2fNMxvlEi+c2kIdrFUr0m235V55u6
E+xaK3Q8QPi8Syvzu558qQnijXx7w1babZK9RybSFM+lqTTGbUbT6I6tPYyxCraJ
4KZghyMwEDpjfgTU1N2qlam5d3L5EWwNebFEnlYnBuVpp4xsMWBzt4Z+VkkiKIvX
mdZPQUFbo7Bg1tmVz+7VC+ee/wWBMM/pvKXs4iDHbVdD4YjpseE2+NEAl1AeTEtd
pc5LaUqvvap5UDSU9qgeNNR7r3vrI9LCfG6Zb0tvifNdd71FWb4=
-----END CERTIFICATE-----