Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS146494.roa
File:                     AS146494.roa (raw, json)
Hash identifier:          KmW3IBTGd0q2DySvYEGmeR6NDxWuRy7uS+tBJwAV7Vc=
Subject key identifier:   DD:EB:73:48:2D:56:DA:E5:A0:91:DB:DB:14:9C:FE:D3:05:A3:4A:6D
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       19CC8D0EE28BD628736BF2625AB32EB254DEA56F
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS146494.roa
Signing time:             Wed 04 Mar 2026 06:33:47 +0000
ROA not before:           Wed 04 Mar 2026 06:28:47 +0000
ROA not after:            Wed 03 Mar 2027 06:33:47 +0000
asID:                     146494
IP address blocks:        240a:af04::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            19:cc:8d:0e:e2:8b:d6:28:73:6b:f2:62:5a:b3:2e:b2:54:de:a5:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:28:47 2026 GMT
            Not After : Mar  3 06:33:47 2027 GMT
        Subject: CN=DDEB73482D56DAE5A091DBDB149CFED305A34A6D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:aa:34:3e:ee:4c:4f:43:9f:09:c3:98:7f:12:
                    7e:b5:1f:d7:66:8a:20:4a:a0:70:42:d7:ad:d7:ad:
                    06:37:3e:6a:91:2f:a0:a2:42:84:cd:05:a9:39:a1:
                    fb:96:8f:de:ab:09:9b:2d:66:5b:85:13:d9:af:58:
                    84:aa:e5:6d:f8:9a:e0:56:c6:04:80:35:48:55:04:
                    ef:0b:11:98:d7:1e:da:1f:06:d0:33:a8:22:d0:e8:
                    37:e2:3b:f5:5a:62:9c:21:65:2a:d3:cc:e2:ab:e9:
                    d0:da:1d:38:86:c7:3e:23:fa:3f:e1:5f:45:21:61:
                    cb:0c:46:c8:a3:58:88:04:48:fa:e3:ff:bb:1d:e3:
                    0e:ad:89:65:14:3b:a8:05:c1:e3:4d:5d:b2:8c:89:
                    76:32:31:0c:c7:9a:60:bb:5f:d4:18:08:c7:3c:3e:
                    68:c6:8c:be:da:34:fc:44:c2:34:be:6a:0f:c8:a6:
                    71:bc:45:41:16:03:1c:d3:8c:99:0a:19:83:0c:b5:
                    1c:83:06:6a:3a:26:04:74:9c:f7:6c:2b:e2:d5:49:
                    59:98:04:04:b0:d4:4b:8a:72:65:8d:9d:37:a1:5a:
                    30:ac:db:32:7a:0f:fb:7c:6e:3f:87:3f:8c:d1:2c:
                    58:e4:18:04:92:76:a3:78:9e:cb:b5:84:5c:e0:2a:
                    d8:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:EB:73:48:2D:56:DA:E5:A0:91:DB:DB:14:9C:FE:D3:05:A3:4A:6D
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS146494.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:af04::/32

    Signature Algorithm: sha256WithRSAEncryption
         0a:e6:1b:b0:ca:f2:4e:db:4f:47:d1:6f:93:6b:83:96:87:2a:
         5c:10:d1:d5:78:b9:34:53:5f:56:99:cc:fc:10:5d:66:ba:a2:
         e1:92:38:c0:89:a9:99:23:5e:7c:d0:83:ee:0e:c1:96:38:c2:
         0c:44:fa:65:0a:99:ce:52:11:d6:77:dc:4f:37:e3:08:c3:5b:
         90:45:c6:f7:7f:1d:c4:81:91:41:65:44:20:26:56:22:fc:94:
         24:c8:4f:1a:46:83:24:b2:a9:50:ee:d1:a8:c3:88:b5:47:49:
         1d:55:b0:8e:dd:03:23:8a:59:b4:c7:45:9c:09:1f:7b:1d:c7:
         a7:5e:2c:3f:f9:6f:0f:cd:4e:fa:f5:96:c6:2a:0e:39:d3:c7:
         d6:92:44:97:c5:fa:d6:f6:da:57:49:58:c7:02:0d:1d:23:6f:
         ae:ee:19:18:71:ec:fb:c1:a0:3e:7a:a9:5c:22:95:cd:8b:38:
         91:7b:b1:2b:26:85:07:75:e9:24:b2:42:3d:39:ad:9b:7c:3e:
         a8:ce:e9:5e:74:56:96:93:75:97:c1:41:54:78:cb:13:5b:a7:
         14:33:14:3f:96:92:88:45:4a:e2:df:e1:57:0a:da:bf:72:f5:
         bb:d8:ca:d6:ad:9f:13:aa:c3:ac:44:26:c7:58:cf:a1:b5:10:
         3f:da:31:c4
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUGcyNDuKL1ihza/JiWrMuslTepW8wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2Mjg0N1oX
DTI3MDMwMzA2MzM0N1owMzExMC8GA1UEAxMoRERFQjczNDgyRDU2REFFNUEwOTFE
QkRCMTQ5Q0ZFRDMwNUEzNEE2RDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJ2qND7uTE9DnwnDmH8SfrUf12aKIEqgcELXrdetBjc+apEvoKJChM0FqTmh
+5aP3qsJmy1mW4UT2a9YhKrlbfia4FbGBIA1SFUE7wsRmNce2h8G0DOoItDoN+I7
9VpinCFlKtPM4qvp0NodOIbHPiP6P+FfRSFhywxGyKNYiARI+uP/ux3jDq2JZRQ7
qAXB401dsoyJdjIxDMeaYLtf1BgIxzw+aMaMvto0/ETCNL5qD8imcbxFQRYDHNOM
mQoZgwy1HIMGajomBHSc92wr4tVJWZgEBLDUS4pyZY2dN6FaMKzbMnoP+3xuP4c/
jNEsWOQYBJJ2o3iey7WEXOAq2MUCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBTd63NI
LVba5aCR29sUnP7TBaNKbTAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NjQ5NC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
rwQwDQYJKoZIhvcNAQELBQADggEBAArmG7DK8k7bT0fRb5Nrg5aHKlwQ0dV4uTRT
X1aZzPwQXWa6ouGSOMCJqZkjXnzQg+4OwZY4wgxE+mUKmc5SEdZ33E834wjDW5BF
xvd/HcSBkUFlRCAmViL8lCTITxpGgySyqVDu0ajDiLVHSR1VsI7dAyOKWbTHRZwJ
H3sdx6deLD/5bw/NTvr1lsYqDjnTx9aSRJfF+tb22ldJWMcCDR0jb67uGRhx7PvB
oD56qVwilc2LOJF7sSsmhQd16SSyQj05rZt8PqjO6V50VpaTdZfBQVR4yxNbpxQz
FD+WkohFSuLf4VcK2r9y9bvYytatnxOqw6xEJsdYz6G1ED/aMcQ=
-----END CERTIFICATE-----