Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS146433.roa
File:                     AS146433.roa (raw, json)
Hash identifier:          6z5vVk49oInQs7Ui3YI6xzx00fYJa4JFGl1vUFix3gU=
Subject key identifier:   23:40:57:7A:84:29:87:B4:1B:E1:80:8A:80:B8:86:F5:3F:AC:50:2D
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       37F3D57C5EC46ED13AAA4619424C68486BCE7422
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS146433.roa
Signing time:             Wed 04 Mar 2026 06:33:48 +0000
ROA not before:           Wed 04 Mar 2026 06:28:48 +0000
ROA not after:            Wed 03 Mar 2027 06:33:48 +0000
asID:                     146433
IP address blocks:        240a:aec7::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:f3:d5:7c:5e:c4:6e:d1:3a:aa:46:19:42:4c:68:48:6b:ce:74:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:28:48 2026 GMT
            Not After : Mar  3 06:33:48 2027 GMT
        Subject: CN=2340577A842987B41BE1808A80B886F53FAC502D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:c6:b4:0b:f1:c9:d1:12:1d:14:6a:db:9e:3a:
                    0b:42:cf:32:0b:ed:4b:24:a5:de:d4:af:2c:70:70:
                    8f:bc:7c:7b:d6:cc:79:a5:02:2b:1a:01:14:eb:ba:
                    4d:cd:f4:cd:c9:ce:40:a8:36:3d:83:da:e3:47:8e:
                    bc:ae:2c:9a:97:75:3e:7a:9c:ae:e4:ed:3a:a8:53:
                    62:e9:da:5a:55:46:12:52:7e:ae:c8:f2:d9:03:98:
                    a8:05:7e:e4:59:84:4c:1c:52:2f:e8:03:d7:cb:e7:
                    df:5a:0c:fb:74:c0:ba:c8:fd:74:5f:81:52:20:cf:
                    ea:db:90:a7:ad:20:e3:20:69:b2:8a:31:4c:c1:95:
                    b5:33:15:d7:4e:04:ce:15:d9:d1:ff:b9:6a:c9:7e:
                    89:14:ed:93:ea:f5:29:07:22:20:75:f2:31:db:31:
                    07:e0:fc:4e:ca:31:c8:03:7b:a9:e6:f1:78:a0:71:
                    e2:08:04:bb:08:f7:59:d2:d7:f9:5a:74:55:23:13:
                    74:30:d6:49:ed:19:e0:f9:fa:20:4b:c0:fe:86:ce:
                    fb:34:54:69:70:9f:eb:47:98:8c:6b:99:5d:b4:c8:
                    56:56:5a:04:f2:fa:df:1c:b7:1b:22:34:68:80:05:
                    b1:00:5c:5e:15:12:e1:67:97:a1:d1:31:9a:9e:fb:
                    4e:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:40:57:7A:84:29:87:B4:1B:E1:80:8A:80:B8:86:F5:3F:AC:50:2D
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS146433.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:aec7::/32

    Signature Algorithm: sha256WithRSAEncryption
         79:11:1a:2a:dc:b2:32:b9:d0:a6:f1:f8:4b:09:aa:40:9e:f9:
         f0:cb:53:7b:3a:16:a9:6b:5c:4a:e3:ab:b5:a9:15:83:6d:2a:
         f2:af:64:42:ba:95:6f:ed:4f:55:be:c7:42:10:84:34:97:e2:
         9a:98:77:a0:f5:7e:d9:ba:fb:d9:82:7d:73:d5:d8:60:e3:34:
         bd:72:e2:85:f5:96:87:8e:f1:94:33:42:e0:5a:48:d8:97:bb:
         8f:e4:45:a4:ac:63:62:de:80:d6:7e:ba:2c:c2:6d:f6:4b:94:
         4f:6b:9c:ea:19:60:5f:34:8d:36:ab:fc:92:26:3d:f6:ce:ba:
         51:aa:d3:10:c9:7b:76:bf:ca:ab:d3:27:8f:15:c6:ce:c6:b0:
         fe:3b:d4:f9:4d:1d:27:25:5b:19:36:86:16:84:b2:ec:e8:9e:
         28:70:3a:a7:18:c7:f0:4e:06:09:65:ac:f8:a0:68:a5:80:f0:
         21:24:17:a1:d4:87:e6:82:ff:67:8d:e2:de:38:02:ce:2a:89:
         3d:6a:51:61:51:53:20:fe:5e:01:a0:6d:65:db:d5:58:f3:6d:
         1f:22:b5:d2:c4:81:cf:9f:07:1d:7f:86:8f:bc:92:60:2f:03:
         2f:d0:b1:5d:77:87:d9:98:c1:ab:c8:64:29:0d:5a:e4:f0:e1:
         64:9a:b6:05
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUN/PVfF7EbtE6qkYZQkxoSGvOdCIwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2Mjg0OFoX
DTI3MDMwMzA2MzM0OFowMzExMC8GA1UEAxMoMjM0MDU3N0E4NDI5ODdCNDFCRTE4
MDhBODBCODg2RjUzRkFDNTAyRDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJvGtAvxydESHRRq2546C0LPMgvtSySl3tSvLHBwj7x8e9bMeaUCKxoBFOu6
Tc30zcnOQKg2PYPa40eOvK4smpd1PnqcruTtOqhTYunaWlVGElJ+rsjy2QOYqAV+
5FmETBxSL+gD18vn31oM+3TAusj9dF+BUiDP6tuQp60g4yBpsooxTMGVtTMV104E
zhXZ0f+5asl+iRTtk+r1KQciIHXyMdsxB+D8TsoxyAN7qebxeKBx4ggEuwj3WdLX
+Vp0VSMTdDDWSe0Z4Pn6IEvA/obO+zRUaXCf60eYjGuZXbTIVlZaBPL63xy3GyI0
aIAFsQBcXhUS4WeXodExmp77TtsCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQjQFd6
hCmHtBvhgIqAuIb1P6xQLTAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NjQzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
rscwDQYJKoZIhvcNAQELBQADggEBAHkRGircsjK50Kbx+EsJqkCe+fDLU3s6Fqlr
XErjq7WpFYNtKvKvZEK6lW/tT1W+x0IQhDSX4pqYd6D1ftm6+9mCfXPV2GDjNL1y
4oX1loeO8ZQzQuBaSNiXu4/kRaSsY2LegNZ+uizCbfZLlE9rnOoZYF80jTar/JIm
PfbOulGq0xDJe3a/yqvTJ48Vxs7GsP471PlNHSclWxk2hhaEsuzonihwOqcYx/BO
BgllrPigaKWA8CEkF6HUh+aC/2eN4t44As4qiT1qUWFRUyD+XgGgbWXb1VjzbR8i
tdLEgc+fBx1/ho+8kmAvAy/QsV13h9mYwavIZCkNWuTw4WSatgU=
-----END CERTIFICATE-----