Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS146418.roa
File:                     AS146418.roa (raw, json)
Hash identifier:          fwr/5PkeVZTdhxUJkN+WM1w58lCCfRLhcI/aCnV12eQ=
Subject key identifier:   2F:59:4F:A9:9C:48:0A:F5:7B:7A:C3:31:6E:F6:F7:D8:88:77:81:54
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       1EE903C18C7B11A44F24CE181FBF75773AB45825
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS146418.roa
Signing time:             Wed 04 Mar 2026 06:34:07 +0000
ROA not before:           Wed 04 Mar 2026 06:29:07 +0000
ROA not after:            Wed 03 Mar 2027 06:34:07 +0000
asID:                     146418
IP address blocks:        240a:aeb8::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:e9:03:c1:8c:7b:11:a4:4f:24:ce:18:1f:bf:75:77:3a:b4:58:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:29:07 2026 GMT
            Not After : Mar  3 06:34:07 2027 GMT
        Subject: CN=2F594FA99C480AF57B7AC3316EF6F7D888778154
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:96:6c:ec:a6:66:97:c7:f7:07:77:f8:98:32:
                    7f:0e:66:c3:db:12:ed:b1:23:fe:b1:03:59:53:18:
                    f6:2d:a0:63:11:f5:ff:26:a4:c0:36:72:d9:05:33:
                    88:23:c9:c8:d1:37:68:d5:14:b6:f8:a8:81:8f:a7:
                    68:39:11:43:23:fc:33:7a:44:a8:85:c2:bf:99:14:
                    4a:f4:5a:5a:9d:38:29:75:af:35:09:71:a1:7d:c2:
                    bc:e3:f4:9b:85:13:a1:a1:ca:53:4f:5c:b5:aa:34:
                    5c:00:27:dd:77:a5:d8:17:7a:a5:1c:2f:36:44:71:
                    d6:b7:f6:3f:78:5b:23:4c:2e:f9:e9:68:eb:51:6b:
                    8b:cd:40:e1:dd:dc:e8:3f:ee:ad:61:8f:a5:5a:a5:
                    a1:00:bc:d0:90:7e:44:d2:4d:eb:9a:8b:da:f4:ae:
                    9b:68:6d:2d:ac:57:cb:dc:a8:b8:22:ec:9b:65:79:
                    0b:f4:85:6e:6b:cf:53:8c:c3:95:93:8f:24:af:5f:
                    c4:a2:90:bf:ee:52:ae:f9:f3:c0:cd:94:c6:7b:2e:
                    61:d7:73:c5:ad:40:6e:59:df:5b:ed:72:9c:1a:1b:
                    35:a7:15:4d:a6:0f:08:f2:b9:0c:a2:de:4f:e4:f1:
                    d4:44:68:c2:23:b1:3c:35:e5:0a:70:43:64:a4:c5:
                    4c:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:59:4F:A9:9C:48:0A:F5:7B:7A:C3:31:6E:F6:F7:D8:88:77:81:54
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS146418.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:aeb8::/32

    Signature Algorithm: sha256WithRSAEncryption
         4e:6d:07:11:f0:60:3a:d1:26:a8:2b:6e:7f:fd:91:fd:a4:06:
         93:64:e2:a5:9f:87:c3:8b:0d:1d:4f:a9:ca:6c:2d:f2:d3:7e:
         f2:c5:9b:94:8b:e3:52:d2:e0:67:43:c2:21:40:a7:c4:fd:b2:
         98:d2:9b:50:cb:31:a9:05:eb:42:41:77:cd:c8:90:35:ef:b8:
         64:5b:87:26:46:47:17:ab:88:aa:2c:fc:2f:86:02:ac:96:1d:
         4e:8f:40:dd:da:47:28:71:50:18:5e:fa:59:20:55:1e:57:c0:
         18:6f:b2:c1:ab:c9:cf:fa:18:ef:d1:e3:b4:77:22:b3:9c:63:
         82:80:a8:c8:4f:b1:a9:41:79:a5:bf:dd:0d:bd:13:fe:14:e6:
         71:f5:61:01:7d:28:5a:84:a2:09:c5:7b:c9:b8:ab:98:52:d7:
         12:d3:5b:aa:e0:38:b2:3e:9d:0f:27:97:11:07:6e:e3:12:de:
         31:52:e6:1d:9a:42:eb:43:d6:6d:59:0a:38:57:41:c9:ee:59:
         07:bd:84:a8:fc:ce:37:74:20:f5:3b:e3:0e:d4:3d:a0:18:a4:
         66:7a:52:0a:07:b2:04:a2:96:d5:8d:26:23:19:c5:27:9e:d6:
         18:49:cb:ca:66:77:c8:50:1e:cb:31:ec:72:d8:52:e1:54:3e:
         89:05:f7:bc
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUHukDwYx7EaRPJM4YH791dzq0WCUwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MjkwN1oX
DTI3MDMwMzA2MzQwN1owMzExMC8GA1UEAxMoMkY1OTRGQTk5QzQ4MEFGNTdCN0FD
MzMxNkVGNkY3RDg4ODc3ODE1NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAN+WbOymZpfH9wd3+Jgyfw5mw9sS7bEj/rEDWVMY9i2gYxH1/yakwDZy2QUz
iCPJyNE3aNUUtviogY+naDkRQyP8M3pEqIXCv5kUSvRaWp04KXWvNQlxoX3CvOP0
m4UToaHKU09ctao0XAAn3Xel2Bd6pRwvNkRx1rf2P3hbI0wu+elo61Fri81A4d3c
6D/urWGPpVqloQC80JB+RNJN65qL2vSum2htLaxXy9youCLsm2V5C/SFbmvPU4zD
lZOPJK9fxKKQv+5SrvnzwM2UxnsuYddzxa1AblnfW+1ynBobNacVTaYPCPK5DKLe
T+Tx1ERowiOxPDXlCnBDZKTFTPUCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQvWU+p
nEgK9Xt6wzFu9vfYiHeBVDAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NjQxOC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
rrgwDQYJKoZIhvcNAQELBQADggEBAE5tBxHwYDrRJqgrbn/9kf2kBpNk4qWfh8OL
DR1PqcpsLfLTfvLFm5SL41LS4GdDwiFAp8T9spjSm1DLMakF60JBd83IkDXvuGRb
hyZGRxeriKos/C+GAqyWHU6PQN3aRyhxUBhe+lkgVR5XwBhvssGryc/6GO/R47R3
IrOcY4KAqMhPsalBeaW/3Q29E/4U5nH1YQF9KFqEognFe8m4q5hS1xLTW6rgOLI+
nQ8nlxEHbuMS3jFS5h2aQutD1m1ZCjhXQcnuWQe9hKj8zjd0IPU74w7UPaAYpGZ6
UgoHsgSiltWNJiMZxSee1hhJy8pmd8hQHssx7HLYUuFUPokF97w=
-----END CERTIFICATE-----