Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS146443.roa
File:                     AS146443.roa (raw, json)
Hash identifier:          ZFRlj7VAjrwWqnMZbe9J4TnmxymmqlnE2gaiJWFtY7g=
Subject key identifier:   58:DC:C3:E1:34:4A:FD:CE:E4:11:9D:CE:24:9E:5E:E6:CD:E2:07:17
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       1539A1CF12FF4738CBDEC8E8C51793D249D28B94
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS146443.roa
Signing time:             Wed 04 Mar 2026 06:33:49 +0000
ROA not before:           Wed 04 Mar 2026 06:28:49 +0000
ROA not after:            Wed 03 Mar 2027 06:33:49 +0000
asID:                     146443
IP address blocks:        240a:aed1::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            15:39:a1:cf:12:ff:47:38:cb:de:c8:e8:c5:17:93:d2:49:d2:8b:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:28:49 2026 GMT
            Not After : Mar  3 06:33:49 2027 GMT
        Subject: CN=58DCC3E1344AFDCEE4119DCE249E5EE6CDE20717
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:05:60:e8:96:af:43:d9:58:f1:4a:85:50:bc:
                    d3:d5:02:04:94:15:de:36:99:ec:9d:cb:75:45:85:
                    86:de:4f:2f:b9:5e:0e:24:c7:18:70:0d:5b:d1:25:
                    c8:9a:3f:19:a4:db:a7:4c:b1:24:1e:90:de:e9:00:
                    f4:aa:ec:f4:46:79:1c:c3:ac:6a:41:6d:ec:ed:78:
                    c6:f6:56:d2:79:3e:d6:bc:19:ba:c0:46:c6:25:6d:
                    2b:a5:00:fd:a1:f1:37:68:5f:41:49:9c:a4:9e:e2:
                    5f:d3:c0:82:8a:ce:9e:73:db:e3:99:94:4d:5d:dd:
                    60:c2:40:5c:74:85:f2:03:a0:fb:2d:7b:74:79:c1:
                    22:9c:3b:e6:57:61:1b:98:ca:bf:d5:14:69:d9:17:
                    25:80:a9:6d:d8:51:0f:eb:7b:fc:87:18:61:aa:27:
                    c8:29:03:4e:9a:b6:d6:35:70:fe:ca:4e:59:d8:82:
                    3e:11:f7:8e:85:03:ff:fe:6d:24:bd:35:4d:85:5f:
                    4e:5a:99:96:13:eb:d2:e3:0c:8e:08:5d:61:36:de:
                    30:83:eb:7c:c8:c6:5e:5e:d2:c8:f3:f9:27:64:a5:
                    dc:24:3f:9c:e5:02:12:10:e0:ea:08:6f:a5:b9:38:
                    6d:d0:e1:dc:d4:e7:8c:97:ac:9f:d8:da:86:68:9c:
                    c4:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:DC:C3:E1:34:4A:FD:CE:E4:11:9D:CE:24:9E:5E:E6:CD:E2:07:17
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS146443.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:aed1::/32

    Signature Algorithm: sha256WithRSAEncryption
         c7:7e:94:79:e1:1c:9f:e6:46:d8:c3:89:90:0e:39:3e:f4:84:
         03:e0:19:9d:f8:7e:16:6e:f1:c5:97:77:2d:51:0c:6b:d7:fa:
         54:90:aa:03:ae:87:97:20:55:8b:30:0e:e0:3f:fe:2d:d6:f8:
         de:b8:f4:a2:b6:9b:b9:5b:50:4c:cd:2e:8a:11:ec:bb:36:42:
         96:2c:22:26:13:05:2b:b6:25:20:51:99:e8:85:48:d2:32:c5:
         d3:29:eb:ff:70:10:df:b9:8e:08:47:77:27:5d:8e:1a:c9:c6:
         42:a8:50:32:12:ff:6f:30:ab:22:7a:14:eb:7d:76:62:d5:40:
         3f:be:02:8e:87:f2:22:6e:44:dd:43:36:bd:2e:50:dc:56:b2:
         5e:fa:63:23:ff:ef:08:6c:92:ee:c9:62:2b:a0:ea:7b:f5:a0:
         61:2c:69:a2:4e:ae:a7:f6:f1:f7:c6:6e:5e:e6:ab:84:55:37:
         1a:5d:d9:50:15:7f:32:ac:cd:bd:da:68:32:c3:97:f9:c5:bc:
         01:99:53:7b:53:24:13:d8:5b:0e:d7:3e:88:9a:77:ed:ff:3c:
         b8:df:4a:f7:62:cb:97:bb:bc:f6:de:b0:b2:c1:9d:7e:4e:02:
         4f:63:96:e7:b3:2f:17:9f:20:5b:96:3e:e9:b9:17:e7:8a:de:
         4b:19:d6:55
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUFTmhzxL/RzjL3sjoxReT0knSi5QwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2Mjg0OVoX
DTI3MDMwMzA2MzM0OVowMzExMC8GA1UEAxMoNThEQ0MzRTEzNDRBRkRDRUU0MTE5
RENFMjQ5RTVFRTZDREUyMDcxNzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMUFYOiWr0PZWPFKhVC809UCBJQV3jaZ7J3LdUWFht5PL7leDiTHGHANW9El
yJo/GaTbp0yxJB6Q3ukA9Krs9EZ5HMOsakFt7O14xvZW0nk+1rwZusBGxiVtK6UA
/aHxN2hfQUmcpJ7iX9PAgorOnnPb45mUTV3dYMJAXHSF8gOg+y17dHnBIpw75ldh
G5jKv9UUadkXJYCpbdhRD+t7/IcYYaonyCkDTpq21jVw/spOWdiCPhH3joUD//5t
JL01TYVfTlqZlhPr0uMMjghdYTbeMIPrfMjGXl7SyPP5J2Sl3CQ/nOUCEhDg6ghv
pbk4bdDh3NTnjJesn9jahmicxO0CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBRY3MPh
NEr9zuQRnc4knl7mzeIHFzAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NjQ0My5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
rtEwDQYJKoZIhvcNAQELBQADggEBAMd+lHnhHJ/mRtjDiZAOOT70hAPgGZ34fhZu
8cWXdy1RDGvX+lSQqgOuh5cgVYswDuA//i3W+N649KK2m7lbUEzNLooR7Ls2QpYs
IiYTBSu2JSBRmeiFSNIyxdMp6/9wEN+5jghHdyddjhrJxkKoUDIS/28wqyJ6FOt9
dmLVQD++Ao6H8iJuRN1DNr0uUNxWsl76YyP/7whsku7JYiug6nv1oGEsaaJOrqf2
8ffGbl7mq4RVNxpd2VAVfzKszb3aaDLDl/nFvAGZU3tTJBPYWw7XPoiad+3/PLjf
Svdiy5e7vPbesLLBnX5OAk9jluezLxefIFuWPum5F+eK3ksZ1lU=
-----END CERTIFICATE-----