Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS146471.roa
File:                     AS146471.roa (raw, json)
Hash identifier:          h694LvSpA/dIt8kvHrrOTXIo6nd1HsyEGawHfqBVQCE=
Subject key identifier:   F1:AC:FF:09:37:E5:B6:48:24:C1:61:44:02:DF:BE:76:FE:54:E1:0F
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       1E399030872791C12A811373591C99F10CE7E328
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS146471.roa
Signing time:             Wed 04 Mar 2026 06:34:45 +0000
ROA not before:           Wed 04 Mar 2026 06:29:45 +0000
ROA not after:            Wed 03 Mar 2027 06:34:45 +0000
asID:                     146471
IP address blocks:        240a:aeed::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:39:90:30:87:27:91:c1:2a:81:13:73:59:1c:99:f1:0c:e7:e3:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:29:45 2026 GMT
            Not After : Mar  3 06:34:45 2027 GMT
        Subject: CN=F1ACFF0937E5B64824C1614402DFBE76FE54E10F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:d8:f2:18:93:23:7d:b6:b2:75:34:58:9a:74:
                    4b:e6:cc:1d:7d:5f:0f:60:3c:fc:7c:36:7e:87:47:
                    f1:f1:b9:50:92:13:88:35:e4:16:66:69:92:74:51:
                    1d:8f:39:e3:30:b8:a8:86:45:95:07:87:28:10:51:
                    d9:b5:d9:a2:61:4b:46:f2:23:3a:4d:8e:3d:e1:23:
                    54:37:f2:89:6a:87:f0:1a:08:ff:70:db:da:09:a2:
                    14:cb:da:19:0d:09:89:36:1f:b4:84:e9:86:0d:5d:
                    46:ad:b0:75:ad:d7:eb:7e:ac:6d:9d:22:d8:70:f0:
                    0c:0f:ca:da:ac:7d:f2:e5:fb:a9:ce:10:70:48:1d:
                    32:a2:f7:f1:01:85:15:e3:a1:f5:a4:0e:59:9b:f1:
                    f4:15:e4:c6:bb:0a:32:15:d6:6a:39:ea:87:a5:b2:
                    35:fd:5d:0c:1d:ad:f4:3c:2c:26:5a:5d:ad:46:4e:
                    f1:08:07:fd:c4:67:45:4d:db:7c:d5:37:07:fc:96:
                    c6:ff:56:13:c5:71:ba:8e:68:dd:c4:3c:1f:1f:2a:
                    3c:2a:af:fd:a0:7e:82:e8:1e:cc:75:17:56:1e:8b:
                    66:9c:2b:05:fb:30:ec:70:5e:67:0f:ca:d3:a2:14:
                    26:75:d8:e1:e9:e7:20:a6:58:3f:d3:10:1a:6e:eb:
                    f2:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:AC:FF:09:37:E5:B6:48:24:C1:61:44:02:DF:BE:76:FE:54:E1:0F
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS146471.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:aeed::/32

    Signature Algorithm: sha256WithRSAEncryption
         11:93:e3:47:a2:bc:e4:f9:17:00:c1:4d:f4:05:1d:18:5d:6e:
         23:59:d9:8f:2a:27:85:29:b8:d1:52:b1:01:4f:21:eb:bd:a4:
         35:3d:65:54:77:32:90:e3:03:78:ca:c5:b8:f3:92:9c:a0:4f:
         f0:76:02:bd:21:1a:f5:8f:b0:4c:9e:3e:51:eb:c8:e1:fb:d1:
         50:86:69:d8:ef:3b:57:bf:21:e6:fc:37:95:96:ad:8f:1c:12:
         a1:80:d0:2a:30:dd:2c:43:af:fd:1a:57:0b:51:65:ff:54:e5:
         c6:1c:88:f6:fd:5c:6a:b3:88:b4:4a:99:46:ee:d7:c0:8d:64:
         ce:f4:45:3d:83:41:76:d4:48:e1:5a:50:74:4f:d3:96:3d:0b:
         30:ca:be:c8:15:b0:1a:06:19:b4:43:0a:24:78:51:67:2f:62:
         31:cb:b8:11:6c:4c:fd:c7:f7:ba:f3:79:e0:d7:6c:45:89:94:
         5a:29:79:5b:c8:c3:cb:c5:70:27:7f:68:4f:7a:74:85:13:be:
         fa:25:34:f0:55:81:58:5f:c0:b0:66:a9:e1:41:82:14:db:8e:
         50:d4:9e:26:16:eb:5a:4e:9f:04:b0:a0:e5:08:e8:37:3e:78:
         9f:b9:bc:e5:6b:51:73:2d:d8:27:99:b9:cb:86:c6:7e:22:b2:
         e2:c2:96:fc
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUHjmQMIcnkcEqgRNzWRyZ8Qzn4ygwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2Mjk0NVoX
DTI3MDMwMzA2MzQ0NVowMzExMC8GA1UEAxMoRjFBQ0ZGMDkzN0U1QjY0ODI0QzE2
MTQ0MDJERkJFNzZGRTU0RTEwRjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKrY8hiTI322snU0WJp0S+bMHX1fD2A8/Hw2fodH8fG5UJITiDXkFmZpknRR
HY854zC4qIZFlQeHKBBR2bXZomFLRvIjOk2OPeEjVDfyiWqH8BoI/3Db2gmiFMva
GQ0JiTYftITphg1dRq2wda3X636sbZ0i2HDwDA/K2qx98uX7qc4QcEgdMqL38QGF
FeOh9aQOWZvx9BXkxrsKMhXWajnqh6WyNf1dDB2t9DwsJlpdrUZO8QgH/cRnRU3b
fNU3B/yWxv9WE8Vxuo5o3cQ8Hx8qPCqv/aB+gugezHUXVh6LZpwrBfsw7HBeZw/K
06IUJnXY4ennIKZYP9MQGm7r8sUCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBTxrP8J
N+W2SCTBYUQC3752/lThDzAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NjQ3MS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
ru0wDQYJKoZIhvcNAQELBQADggEBABGT40eivOT5FwDBTfQFHRhdbiNZ2Y8qJ4Up
uNFSsQFPIeu9pDU9ZVR3MpDjA3jKxbjzkpygT/B2Ar0hGvWPsEyePlHryOH70VCG
adjvO1e/Ieb8N5WWrY8cEqGA0Cow3SxDr/0aVwtRZf9U5cYciPb9XGqziLRKmUbu
18CNZM70RT2DQXbUSOFaUHRP05Y9CzDKvsgVsBoGGbRDCiR4UWcvYjHLuBFsTP3H
97rzeeDXbEWJlFopeVvIw8vFcCd/aE96dIUTvvolNPBVgVhfwLBmqeFBghTbjlDU
niYW61pOnwSwoOUI6Dc+eJ+5vOVrUXMt2CeZucuGxn4isuLClvw=
-----END CERTIFICATE-----