Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS146432.roa
File:                     AS146432.roa (raw, json)
Hash identifier:          Lg0TkTlVkhXnbDVKGse9PXJ5O4bxA09CYQDF9AJOHHQ=
Subject key identifier:   FA:10:73:98:63:9D:5C:85:FC:75:7E:D5:83:FF:1F:06:88:35:6D:D1
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       357A954B2112B2B67A1DAA31CADEB8671D51F631
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS146432.roa
Signing time:             Wed 04 Mar 2026 06:34:18 +0000
ROA not before:           Wed 04 Mar 2026 06:29:18 +0000
ROA not after:            Wed 03 Mar 2027 06:34:18 +0000
asID:                     146432
IP address blocks:        240a:aec6::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:7a:95:4b:21:12:b2:b6:7a:1d:aa:31:ca:de:b8:67:1d:51:f6:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:29:18 2026 GMT
            Not After : Mar  3 06:34:18 2027 GMT
        Subject: CN=FA107398639D5C85FC757ED583FF1F0688356DD1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:a1:45:65:55:94:6b:cd:5a:22:5a:7d:c0:35:
                    80:4d:ab:11:42:ce:d9:29:97:5f:a3:7a:e2:82:9d:
                    0f:9b:16:1f:07:47:29:f6:64:a2:49:d4:95:e9:69:
                    6d:55:86:fc:0e:8b:50:6b:1f:20:d8:4f:21:08:b3:
                    46:1b:19:9a:b2:d3:f5:ef:5d:66:3c:74:f3:9e:7d:
                    42:14:76:85:e9:76:99:e3:70:af:30:20:22:7a:d5:
                    26:03:fc:6c:e6:4a:ef:2a:c9:90:5f:ab:14:99:3f:
                    3c:7e:c9:c1:28:73:08:f1:0d:de:c4:fe:3e:ba:ab:
                    7b:07:49:19:1e:d3:68:f8:87:85:04:85:8c:d9:cc:
                    78:2a:90:e5:5a:8c:1c:e4:d7:9f:ff:e1:a9:1d:67:
                    83:89:3e:fb:f2:93:47:84:63:9c:a3:3b:1a:39:87:
                    72:7a:14:fb:bd:90:41:45:28:5c:a3:11:09:c6:1f:
                    23:30:b1:d9:ac:f6:2f:b5:a5:b3:bc:1f:54:c6:e8:
                    2d:be:0e:c0:1f:d2:b4:ed:20:6a:3f:16:94:38:56:
                    90:5a:86:66:ce:cd:29:0e:f7:6f:b0:66:80:91:f8:
                    70:24:0e:08:4c:db:77:f1:15:34:aa:a9:87:0e:f9:
                    58:77:00:db:17:3a:65:9a:93:2a:2e:24:ef:3a:74:
                    29:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:10:73:98:63:9D:5C:85:FC:75:7E:D5:83:FF:1F:06:88:35:6D:D1
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS146432.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:aec6::/32

    Signature Algorithm: sha256WithRSAEncryption
         00:8a:1c:96:be:47:91:e2:6e:c5:b6:ad:84:85:bc:fc:e6:3f:
         a2:72:c4:6e:94:4e:01:52:9e:09:a6:54:8a:24:cd:75:17:2e:
         45:17:d2:b7:0f:34:07:02:3b:06:c6:b8:51:dc:af:c2:0b:68:
         36:fc:6c:f1:f2:6e:63:ba:12:6a:76:ad:cb:83:b2:17:75:55:
         a6:6b:6d:d9:c5:76:e6:ad:a5:7e:cb:7a:2c:01:06:ca:24:98:
         f4:80:13:3c:4f:2f:55:ed:28:75:1a:11:af:21:e7:bd:44:44:
         b0:c2:b2:ba:7d:f3:ee:83:9a:ac:7b:f5:35:86:48:14:84:ee:
         40:5a:c3:45:17:de:5a:40:c3:80:12:87:b2:63:3a:fd:05:89:
         c0:bb:0e:8a:42:c3:6f:4c:bb:e3:24:f4:65:7c:33:15:40:d8:
         56:1c:89:27:c9:27:a3:34:6b:e3:26:96:23:4f:05:51:0c:a7:
         f3:5e:3f:1d:05:33:39:b7:89:06:b2:a3:42:1e:7e:12:09:9d:
         9b:ea:e7:8c:12:71:c8:98:c8:e5:69:b2:95:7d:0b:12:2a:b8:
         99:06:a5:96:2a:bf:5f:34:ee:f4:62:99:ae:16:d9:55:cb:dc:
         85:d4:31:2c:8f:48:78:49:4d:f8:36:a8:24:37:af:42:02:20:
         3c:2f:a9:c5
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUNXqVSyESsrZ6Haoxyt64Zx1R9jEwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MjkxOFoX
DTI3MDMwMzA2MzQxOFowMzExMC8GA1UEAxMoRkExMDczOTg2MzlENUM4NUZDNzU3
RUQ1ODNGRjFGMDY4ODM1NkREMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALOhRWVVlGvNWiJafcA1gE2rEULO2SmXX6N64oKdD5sWHwdHKfZkoknUlelp
bVWG/A6LUGsfINhPIQizRhsZmrLT9e9dZjx08559QhR2hel2meNwrzAgInrVJgP8
bOZK7yrJkF+rFJk/PH7JwShzCPEN3sT+PrqrewdJGR7TaPiHhQSFjNnMeCqQ5VqM
HOTXn//hqR1ng4k++/KTR4RjnKM7GjmHcnoU+72QQUUoXKMRCcYfIzCx2az2L7Wl
s7wfVMboLb4OwB/StO0gaj8WlDhWkFqGZs7NKQ73b7BmgJH4cCQOCEzbd/EVNKqp
hw75WHcA2xc6ZZqTKi4k7zp0KRMCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBT6EHOY
Y51chfx1ftWD/x8GiDVt0TAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NjQzMi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
rsYwDQYJKoZIhvcNAQELBQADggEBAACKHJa+R5HibsW2rYSFvPzmP6JyxG6UTgFS
ngmmVIokzXUXLkUX0rcPNAcCOwbGuFHcr8ILaDb8bPHybmO6Emp2rcuDshd1VaZr
bdnFduatpX7LeiwBBsokmPSAEzxPL1XtKHUaEa8h571ERLDCsrp98+6Dmqx79TWG
SBSE7kBaw0UX3lpAw4ASh7JjOv0FicC7DopCw29Mu+Mk9GV8MxVA2FYciSfJJ6M0
a+MmliNPBVEMp/NePx0FMzm3iQayo0IefhIJnZvq54wScciYyOVpspV9CxIquJkG
pZYqv1807vRima4W2VXL3IXUMSyPSHhJTfg2qCQ3r0ICIDwvqcU=
-----END CERTIFICATE-----