Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS146498.roa
File:                     AS146498.roa (raw, json)
Hash identifier:          AXEJKZBweMau2WGyHu1yx/O8uTgVs1g26/3Wp8h+eAk=
Subject key identifier:   21:97:D6:CF:DE:EC:3F:A5:EE:B2:8B:C2:0C:AC:57:BA:99:5A:4E:E5
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       51C64C6B3B4ED7C327CD00938987259860994696
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS146498.roa
Signing time:             Wed 04 Mar 2026 06:33:31 +0000
ROA not before:           Wed 04 Mar 2026 06:28:31 +0000
ROA not after:            Wed 03 Mar 2027 06:33:31 +0000
asID:                     146498
IP address blocks:        240a:af08::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            51:c6:4c:6b:3b:4e:d7:c3:27:cd:00:93:89:87:25:98:60:99:46:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:28:31 2026 GMT
            Not After : Mar  3 06:33:31 2027 GMT
        Subject: CN=2197D6CFDEEC3FA5EEB28BC20CAC57BA995A4EE5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:b4:c6:12:a3:43:2c:c6:a7:1a:b5:a0:92:fe:
                    7a:21:49:10:98:44:87:a7:40:88:e6:c8:5b:0d:43:
                    38:be:56:d5:02:cf:07:47:12:aa:7e:04:b0:11:12:
                    b9:4c:42:b1:9c:e9:39:1a:25:0b:55:01:ff:00:fa:
                    66:44:05:75:02:3b:56:08:98:5e:ee:8d:d7:c8:aa:
                    29:34:57:78:66:66:7b:e6:c0:18:bd:c9:74:6d:39:
                    da:c5:78:04:cc:6f:c5:d8:8b:6e:68:5b:cd:29:fb:
                    f7:79:97:46:1e:46:73:55:a8:95:03:98:a7:28:2b:
                    8a:d0:72:94:c3:9f:aa:21:3b:c2:e6:dd:a6:47:63:
                    cf:4f:5e:a2:ac:bf:c6:8a:7c:f7:89:d4:f3:5a:51:
                    fc:62:d9:e5:c0:62:e4:c7:15:48:97:cb:56:b0:72:
                    de:d5:01:ae:bd:bb:87:d1:10:d4:8b:37:1c:36:ae:
                    97:52:16:0d:53:94:eb:b3:c3:d2:0e:05:f6:ce:60:
                    34:00:1e:49:97:db:d6:b2:78:5c:57:87:bf:07:bf:
                    05:0a:43:0e:e5:e3:c8:e1:cb:21:31:56:02:00:cc:
                    43:a8:93:c9:0a:37:93:e6:90:57:8f:07:22:e0:5d:
                    1f:c1:8b:1b:6b:94:d9:07:d4:2c:a5:7b:e2:06:90:
                    36:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:97:D6:CF:DE:EC:3F:A5:EE:B2:8B:C2:0C:AC:57:BA:99:5A:4E:E5
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS146498.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:af08::/32

    Signature Algorithm: sha256WithRSAEncryption
         d6:77:91:80:23:39:f5:70:00:65:3f:62:dd:47:c7:44:07:9a:
         32:87:56:5c:e1:23:4a:ad:87:12:c7:25:22:b1:6c:03:58:cd:
         80:68:79:b1:9e:be:86:c6:4b:10:45:4c:cb:49:8c:88:f7:f7:
         e9:f3:53:3e:48:08:53:4f:a9:7d:d5:64:e4:59:83:e8:ea:72:
         ee:b7:c7:9d:9d:2d:45:25:70:8c:da:16:af:35:58:79:8e:39:
         cb:85:aa:06:02:da:c0:b8:02:ee:54:1a:4d:a8:a5:d8:22:5e:
         53:cd:d3:68:22:f7:19:ae:2a:93:2e:30:52:63:59:44:0d:5a:
         de:42:97:b0:1e:6d:40:1e:0f:b4:d9:95:61:46:07:3b:9e:03:
         46:17:59:b8:75:a6:e9:f4:c1:1d:9d:78:bc:61:be:d3:a0:61:
         d1:f9:ae:4e:98:d7:cb:d0:e2:aa:d5:df:b7:7c:76:49:53:ed:
         c5:fb:e7:22:e7:8d:01:ff:8b:73:76:c8:1c:94:49:14:3e:68:
         e9:de:6d:9f:e4:ec:04:dc:16:a1:d5:21:08:fd:b5:90:99:78:
         ff:7d:ed:09:65:a5:f4:f3:ae:58:d7:6c:55:e3:75:3e:5c:9e:
         14:5f:f4:ea:80:29:b6:36:10:4a:62:af:60:4a:7e:01:d7:be:
         95:cd:b1:99
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUUcZMaztO18MnzQCTiYclmGCZRpYwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MjgzMVoX
DTI3MDMwMzA2MzMzMVowMzExMC8GA1UEAxMoMjE5N0Q2Q0ZERUVDM0ZBNUVFQjI4
QkMyMENBQzU3QkE5OTVBNEVFNTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALi0xhKjQyzGpxq1oJL+eiFJEJhEh6dAiObIWw1DOL5W1QLPB0cSqn4EsBES
uUxCsZzpORolC1UB/wD6ZkQFdQI7VgiYXu6N18iqKTRXeGZme+bAGL3JdG052sV4
BMxvxdiLbmhbzSn793mXRh5Gc1WolQOYpygritBylMOfqiE7wubdpkdjz09eoqy/
xop894nU81pR/GLZ5cBi5McVSJfLVrBy3tUBrr27h9EQ1Is3HDaul1IWDVOU67PD
0g4F9s5gNAAeSZfb1rJ4XFeHvwe/BQpDDuXjyOHLITFWAgDMQ6iTyQo3k+aQV48H
IuBdH8GLG2uU2QfULKV74gaQNv8CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQhl9bP
3uw/pe6yi8IMrFe6mVpO5TAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NjQ5OC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
rwgwDQYJKoZIhvcNAQELBQADggEBANZ3kYAjOfVwAGU/Yt1Hx0QHmjKHVlzhI0qt
hxLHJSKxbANYzYBoebGevobGSxBFTMtJjIj39+nzUz5ICFNPqX3VZORZg+jqcu63
x52dLUUlcIzaFq81WHmOOcuFqgYC2sC4Au5UGk2opdgiXlPN02gi9xmuKpMuMFJj
WUQNWt5Cl7AebUAeD7TZlWFGBzueA0YXWbh1pun0wR2deLxhvtOgYdH5rk6Y18vQ
4qrV37d8dklT7cX75yLnjQH/i3N2yByUSRQ+aOnebZ/k7ATcFqHVIQj9tZCZeP99
7QllpfTzrljXbFXjdT5cnhRf9OqAKbY2EEpir2BKfgHXvpXNsZk=
-----END CERTIFICATE-----