Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS146384.roa
File:                     AS146384.roa (raw, json)
Hash identifier:          N91p1s6xoDkoNN8ntDv3YxhzDjE+SWLyQUJm0vddOT4=
Subject key identifier:   72:00:2F:EF:1F:D6:3C:50:86:C6:09:79:31:4C:C7:87:8F:10:50:53
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       0FE1ED2A41A56A035F2C146CFA7087210261E9F6
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS146384.roa
Signing time:             Wed 04 Mar 2026 06:33:56 +0000
ROA not before:           Wed 04 Mar 2026 06:28:56 +0000
ROA not after:            Wed 03 Mar 2027 06:33:56 +0000
asID:                     146384
IP address blocks:        240a:ae96::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:e1:ed:2a:41:a5:6a:03:5f:2c:14:6c:fa:70:87:21:02:61:e9:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:28:56 2026 GMT
            Not After : Mar  3 06:33:56 2027 GMT
        Subject: CN=72002FEF1FD63C5086C60979314CC7878F105053
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:84:70:f3:4c:8b:d0:b2:19:89:05:fa:7d:4f:
                    5b:ca:e9:9f:17:93:34:10:0d:25:f1:cb:00:d6:e7:
                    3c:ee:cb:9d:6a:ac:8b:e1:53:ec:1b:dc:9a:71:7f:
                    af:f5:2d:9f:1b:5d:6e:6d:51:cb:14:66:03:67:2c:
                    c5:d3:62:e4:4b:cc:b7:65:d0:e3:20:a0:14:1c:b4:
                    a6:99:9d:4e:44:95:b4:3b:3a:48:ce:78:b5:97:db:
                    f1:cd:db:73:47:0e:25:63:c5:54:db:4e:8f:86:b9:
                    5d:ce:3f:95:ca:51:35:7e:4d:18:9d:97:d7:34:72:
                    a7:96:13:14:7c:10:e8:63:cc:a7:9b:f4:a6:d2:68:
                    0b:ef:80:31:ca:44:83:7f:9c:9a:ee:ce:2f:0a:5d:
                    cc:0e:c0:b5:02:5b:29:2b:6a:34:27:34:05:3e:62:
                    0f:16:e2:36:d5:6a:fe:ca:6c:8b:4e:94:96:98:4e:
                    8e:c5:ee:d3:db:4b:51:8b:65:02:54:dd:01:c1:81:
                    d7:25:52:9c:01:fb:b9:38:04:e9:90:30:5c:fd:64:
                    1c:a3:cf:a8:3c:30:09:ee:97:9c:f4:b3:7a:5a:47:
                    1f:4f:e2:d9:c0:43:55:6d:38:bb:40:7c:4b:69:73:
                    44:d5:f0:ca:40:ab:59:ea:8f:3e:21:3c:29:f0:a7:
                    38:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:00:2F:EF:1F:D6:3C:50:86:C6:09:79:31:4C:C7:87:8F:10:50:53
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS146384.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:ae96::/32

    Signature Algorithm: sha256WithRSAEncryption
         1b:9e:e4:99:fa:1a:cc:a5:3b:90:82:64:e3:08:be:22:ee:ad:
         91:48:88:64:e4:a5:47:b6:7c:db:ed:ca:49:7e:eb:bc:21:3c:
         32:e4:b2:79:bd:c1:28:34:f8:41:7b:55:3a:a6:0c:6e:41:67:
         d5:6f:b3:9f:df:92:07:55:95:72:bd:a0:fb:57:bb:ae:b5:3c:
         5e:32:ac:82:af:e5:12:4d:87:94:66:a3:ff:2c:09:db:64:a9:
         78:5c:79:fa:3b:e4:8b:50:93:14:e0:87:17:cf:6a:9d:2c:f2:
         5a:42:44:22:a8:7a:3b:86:35:d8:39:e9:55:14:71:df:b6:5b:
         f4:f4:bc:f4:ef:a4:b8:8a:96:db:5e:99:a4:02:6d:5c:54:78:
         43:b6:ef:a3:bc:bc:b4:c0:e1:2a:2e:c8:a1:da:20:eb:dc:af:
         89:ed:d4:39:54:61:49:d1:03:8e:ed:fd:4a:eb:33:63:25:0d:
         78:f3:93:f9:14:f2:66:40:fd:a6:b1:db:73:ea:3f:c2:bc:f1:
         2a:c2:1e:cf:2f:df:2e:d2:ec:44:96:38:33:9b:7b:06:5f:91:
         af:0b:67:19:ea:be:32:cc:0d:ae:60:78:dd:31:88:6e:64:7e:
         62:61:5f:83:c2:58:3d:61:57:d0:10:52:4d:90:b9:a3:68:43:
         46:74:4e:52
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUD+HtKkGlagNfLBRs+nCHIQJh6fYwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2Mjg1NloX
DTI3MDMwMzA2MzM1NlowMzExMC8GA1UEAxMoNzIwMDJGRUYxRkQ2M0M1MDg2QzYw
OTc5MzE0Q0M3ODc4RjEwNTA1MzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAIaEcPNMi9CyGYkF+n1PW8rpnxeTNBANJfHLANbnPO7LnWqsi+FT7BvcmnF/
r/Utnxtdbm1RyxRmA2csxdNi5EvMt2XQ4yCgFBy0ppmdTkSVtDs6SM54tZfb8c3b
c0cOJWPFVNtOj4a5Xc4/lcpRNX5NGJ2X1zRyp5YTFHwQ6GPMp5v0ptJoC++AMcpE
g3+cmu7OLwpdzA7AtQJbKStqNCc0BT5iDxbiNtVq/spsi06UlphOjsXu09tLUYtl
AlTdAcGB1yVSnAH7uTgE6ZAwXP1kHKPPqDwwCe6XnPSzelpHH0/i2cBDVW04u0B8
S2lzRNXwykCrWeqPPiE8KfCnOFkCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBRyAC/v
H9Y8UIbGCXkxTMeHjxBQUzAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NjM4NC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
rpYwDQYJKoZIhvcNAQELBQADggEBABue5Jn6GsylO5CCZOMIviLurZFIiGTkpUe2
fNvtykl+67whPDLksnm9wSg0+EF7VTqmDG5BZ9Vvs5/fkgdVlXK9oPtXu661PF4y
rIKv5RJNh5Rmo/8sCdtkqXhcefo75ItQkxTghxfPap0s8lpCRCKoejuGNdg56VUU
cd+2W/T0vPTvpLiKlttemaQCbVxUeEO276O8vLTA4SouyKHaIOvcr4nt1DlUYUnR
A47t/UrrM2MlDXjzk/kU8mZA/aax23PqP8K88SrCHs8v3y7S7ESWODObewZfka8L
ZxnqvjLMDa5geN0xiG5kfmJhX4PCWD1hV9AQUk2QuaNoQ0Z0TlI=
-----END CERTIFICATE-----