Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS146402.roa
File:                     AS146402.roa (raw, json)
Hash identifier:          hplJp5Lv7ExYZyvSeUfA8DAmLyfInUc1KXkmH9bIRTY=
Subject key identifier:   07:B8:E2:6D:65:66:A3:F5:58:19:6C:01:9D:93:C1:F1:F0:0A:6E:15
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       410A0776C8356D985A611332B9E16BCA48803602
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS146402.roa
Signing time:             Wed 04 Mar 2026 06:35:07 +0000
ROA not before:           Wed 04 Mar 2026 06:30:07 +0000
ROA not after:            Wed 03 Mar 2027 06:35:07 +0000
asID:                     146402
IP address blocks:        240a:aea8::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:0a:07:76:c8:35:6d:98:5a:61:13:32:b9:e1:6b:ca:48:80:36:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:30:07 2026 GMT
            Not After : Mar  3 06:35:07 2027 GMT
        Subject: CN=07B8E26D6566A3F558196C019D93C1F1F00A6E15
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:0e:56:5e:1a:ba:9a:57:0c:ce:1c:9e:92:13:
                    33:9a:e4:f0:d0:b5:27:cc:14:2b:be:8a:ae:de:00:
                    0a:1e:bb:5c:12:50:97:13:18:1b:bf:4f:9b:89:2b:
                    83:0e:8e:fa:4c:c7:82:ef:ab:80:15:28:e1:ec:b1:
                    0f:6d:5d:79:42:10:8e:7f:50:79:2a:f5:26:f9:8e:
                    d3:70:c7:c9:8a:12:22:39:90:c9:1d:3e:f8:75:8f:
                    6e:1a:75:11:1a:39:51:8b:71:ce:52:0f:1a:02:de:
                    14:94:c4:da:58:5e:58:59:f2:c5:18:ef:62:dc:1b:
                    78:16:cb:9b:38:ae:af:86:4f:7c:84:c3:d1:8d:57:
                    d8:e1:eb:1d:75:d9:06:ad:96:44:8e:84:3d:b0:79:
                    57:df:98:9d:41:7a:6a:ce:e2:ee:87:dd:4d:47:63:
                    1f:31:35:79:d3:3e:73:f0:8b:4f:df:0d:7e:db:0f:
                    63:ad:7f:0d:84:79:f8:a1:f7:6e:db:3b:04:82:e2:
                    c5:8e:d0:97:8e:65:72:eb:36:5a:f8:63:b5:b0:2e:
                    54:e6:24:98:13:ba:12:49:34:11:96:0f:90:23:83:
                    4b:d7:0c:61:dc:e0:91:07:a3:23:38:c3:61:c4:e0:
                    c9:ba:da:51:0c:de:cd:72:10:03:8f:b2:6f:f3:51:
                    32:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:B8:E2:6D:65:66:A3:F5:58:19:6C:01:9D:93:C1:F1:F0:0A:6E:15
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS146402.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:aea8::/32

    Signature Algorithm: sha256WithRSAEncryption
         68:30:57:3e:00:67:cd:63:b2:3d:2f:08:c9:2b:4e:d8:b4:0b:
         21:3b:eb:01:70:0e:7e:95:ed:f4:21:10:d4:a6:e0:36:e1:ac:
         69:2a:3e:ba:b4:0c:d7:34:ee:a6:53:fe:14:2c:26:02:93:4e:
         74:1c:45:de:5f:4b:0e:a6:48:d9:13:5b:37:8b:52:0b:f8:d9:
         72:c9:67:ac:08:24:e2:ab:6f:a5:fd:86:5a:b0:db:8c:dc:2f:
         ab:19:e9:1b:76:f2:14:54:9a:fc:57:eb:5c:7e:7d:7c:a7:f7:
         24:7a:a9:06:14:f8:2b:fa:22:e6:3c:d8:e2:54:7d:aa:b8:1c:
         8d:4d:9a:2e:86:34:a2:dd:3a:cb:aa:96:fb:21:49:cc:6e:4d:
         6e:24:65:ac:93:34:1f:16:1d:40:8f:ad:fd:70:50:b5:6b:f5:
         b2:39:b2:9a:ff:6d:7b:11:59:37:c7:b1:ca:9a:ea:20:99:42:
         90:31:f7:09:ea:9b:0c:b0:c5:6d:f9:32:b8:fd:e4:03:98:4c:
         90:3c:9a:1b:77:ba:07:25:34:9a:04:01:a5:9f:4d:ab:da:52:
         b5:49:7b:0c:81:7e:ec:68:fb:5e:d5:00:c9:76:38:2a:72:d9:
         9c:58:89:9c:1f:fa:dd:a0:0b:e0:1d:d6:9a:7f:c3:9c:3a:dc:
         ff:9a:5b:63
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUQQoHdsg1bZhaYRMyueFrykiANgIwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MzAwN1oX
DTI3MDMwMzA2MzUwN1owMzExMC8GA1UEAxMoMDdCOEUyNkQ2NTY2QTNGNTU4MTk2
QzAxOUQ5M0MxRjFGMDBBNkUxNTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMcOVl4auppXDM4cnpITM5rk8NC1J8wUK76Krt4ACh67XBJQlxMYG79Pm4kr
gw6O+kzHgu+rgBUo4eyxD21deUIQjn9QeSr1JvmO03DHyYoSIjmQyR0++HWPbhp1
ERo5UYtxzlIPGgLeFJTE2lheWFnyxRjvYtwbeBbLmziur4ZPfITD0Y1X2OHrHXXZ
Bq2WRI6EPbB5V9+YnUF6as7i7ofdTUdjHzE1edM+c/CLT98NftsPY61/DYR5+KH3
bts7BILixY7Ql45lcus2WvhjtbAuVOYkmBO6Ekk0EZYPkCODS9cMYdzgkQejIzjD
YcTgybraUQzezXIQA4+yb/NRMpcCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQHuOJt
ZWaj9VgZbAGdk8Hx8ApuFTAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NjQwMi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
rqgwDQYJKoZIhvcNAQELBQADggEBAGgwVz4AZ81jsj0vCMkrTti0CyE76wFwDn6V
7fQhENSm4DbhrGkqPrq0DNc07qZT/hQsJgKTTnQcRd5fSw6mSNkTWzeLUgv42XLJ
Z6wIJOKrb6X9hlqw24zcL6sZ6Rt28hRUmvxX61x+fXyn9yR6qQYU+Cv6IuY82OJU
faq4HI1Nmi6GNKLdOsuqlvshScxuTW4kZayTNB8WHUCPrf1wULVr9bI5spr/bXsR
WTfHscqa6iCZQpAx9wnqmwywxW35Mrj95AOYTJA8mht3ugclNJoEAaWfTavaUrVJ
ewyBfuxo+17VAMl2OCpy2ZxYiZwf+t2gC+Ad1pp/w5w63P+aW2M=
-----END CERTIFICATE-----