Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS146519.roa
File:                     AS146519.roa (raw, json)
Hash identifier:          GqNueF0uJioTI0RTtjggvgQOZggooGJM0MZt/mXHdCk=
Subject key identifier:   62:81:7E:9F:3B:F1:8B:40:26:B8:82:54:AA:BD:86:E1:B5:66:CC:96
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       6DB96779E015970F671E040E7E0100CC3420FECD
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS146519.roa
Signing time:             Wed 04 Mar 2026 06:39:48 +0000
ROA not before:           Wed 04 Mar 2026 06:34:48 +0000
ROA not after:            Wed 03 Mar 2027 06:39:48 +0000
asID:                     146519
IP address blocks:        240a:af1d::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6d:b9:67:79:e0:15:97:0f:67:1e:04:0e:7e:01:00:cc:34:20:fe:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:34:48 2026 GMT
            Not After : Mar  3 06:39:48 2027 GMT
        Subject: CN=62817E9F3BF18B4026B88254AABD86E1B566CC96
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:3b:3d:d3:d1:ff:5e:3e:d4:a6:a1:c1:15:61:
                    e5:66:40:f1:f2:70:17:bf:65:ae:03:69:4d:39:89:
                    54:57:cb:5a:87:58:af:01:35:1f:73:d1:90:d6:41:
                    4e:d8:71:36:a6:a6:07:e2:e3:5b:82:32:c4:79:18:
                    09:fa:a3:4d:ca:5d:25:92:6f:81:b8:16:9f:cb:e3:
                    b2:f4:ae:05:b8:da:89:4a:aa:9c:71:1d:01:c3:4f:
                    56:73:17:6e:d5:9e:d8:82:4e:d6:b3:d5:81:7a:cf:
                    31:d4:34:ec:90:69:1d:fa:0a:89:02:9f:b7:c7:6b:
                    64:48:86:8f:b1:e0:c4:3d:e4:79:99:19:2c:e1:a9:
                    ee:89:1a:01:ae:a7:95:10:76:45:e1:40:9c:8d:8c:
                    a9:50:3b:df:01:54:4f:64:17:ee:6d:e0:6e:22:e9:
                    e1:50:e0:95:4f:87:37:0c:bd:a5:82:6e:7d:2b:14:
                    b6:32:51:8a:ed:a8:dd:f1:57:e5:a0:2f:e0:72:5f:
                    30:a6:92:23:fb:61:40:d5:68:b5:44:fe:d5:d2:57:
                    23:9d:0d:3f:d2:ee:19:98:8c:3a:54:da:b1:70:c5:
                    40:f7:e2:d4:65:9f:53:be:63:57:dd:29:d1:0c:30:
                    bb:f4:2b:03:ad:ae:8f:dd:7f:17:5f:5b:b6:01:33:
                    57:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:81:7E:9F:3B:F1:8B:40:26:B8:82:54:AA:BD:86:E1:B5:66:CC:96
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS146519.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:af1d::/32

    Signature Algorithm: sha256WithRSAEncryption
         b7:06:60:4c:2c:2d:14:40:5e:d6:8e:90:b9:b0:4d:03:59:90:
         c4:d2:50:b2:28:77:69:7c:b5:e2:fe:36:b6:29:d4:bc:4f:4c:
         9d:a4:93:36:99:23:b4:86:25:71:77:66:90:75:9c:98:5b:33:
         d0:77:80:3e:a9:75:f0:8e:3a:75:7a:97:76:21:b9:6f:cf:0a:
         43:9f:c4:bc:c6:f2:0d:66:be:d7:5c:7a:da:17:fe:65:4b:c3:
         72:bd:f2:1d:e3:b7:d7:26:da:45:dd:f0:d9:4b:42:00:dc:73:
         be:80:ad:26:7d:1f:58:78:93:61:97:32:67:df:09:97:5d:81:
         90:e7:89:a0:f8:12:93:b9:3f:19:0c:43:33:1c:0e:f1:e5:84:
         22:63:6a:d3:fc:0e:ed:fd:ee:10:04:e2:b4:87:ff:d5:b5:f9:
         86:01:81:62:b9:f7:29:02:48:39:9b:aa:8e:c1:aa:f8:e0:ba:
         31:ea:f3:0d:7a:be:f4:78:dd:16:b9:45:a5:1a:b3:6c:42:14:
         a2:1e:59:04:88:bc:93:4f:33:bc:cb:2e:8f:69:08:eb:9d:0d:
         eb:2b:09:17:b5:b9:c3:8b:99:f6:e8:bd:84:07:3d:e7:c3:3f:
         a3:47:72:96:5d:9d:a6:5d:e3:c9:bd:51:3c:df:c5:80:56:53:
         a6:61:fb:da
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUbblneeAVlw9nHgQOfgEAzDQg/s0wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MzQ0OFoX
DTI3MDMwMzA2Mzk0OFowMzExMC8GA1UEAxMoNjI4MTdFOUYzQkYxOEI0MDI2Qjg4
MjU0QUFCRDg2RTFCNTY2Q0M5NjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL07PdPR/14+1KahwRVh5WZA8fJwF79lrgNpTTmJVFfLWodYrwE1H3PRkNZB
TthxNqamB+LjW4IyxHkYCfqjTcpdJZJvgbgWn8vjsvSuBbjaiUqqnHEdAcNPVnMX
btWe2IJO1rPVgXrPMdQ07JBpHfoKiQKft8drZEiGj7HgxD3keZkZLOGp7okaAa6n
lRB2ReFAnI2MqVA73wFUT2QX7m3gbiLp4VDglU+HNwy9pYJufSsUtjJRiu2o3fFX
5aAv4HJfMKaSI/thQNVotUT+1dJXI50NP9LuGZiMOlTasXDFQPfi1GWfU75jV90p
0Qwwu/QrA62uj91/F19btgEzV68CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBRigX6f
O/GLQCa4glSqvYbhtWbMljAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NjUxOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
rx0wDQYJKoZIhvcNAQELBQADggEBALcGYEwsLRRAXtaOkLmwTQNZkMTSULIod2l8
teL+NrYp1LxPTJ2kkzaZI7SGJXF3ZpB1nJhbM9B3gD6pdfCOOnV6l3YhuW/PCkOf
xLzG8g1mvtdcetoX/mVLw3K98h3jt9cm2kXd8NlLQgDcc76ArSZ9H1h4k2GXMmff
CZddgZDniaD4EpO5PxkMQzMcDvHlhCJjatP8Du397hAE4rSH/9W1+YYBgWK59ykC
SDmbqo7BqvjgujHq8w16vvR43Ra5RaUas2xCFKIeWQSIvJNPM7zLLo9pCOudDesr
CRe1ucOLmfbovYQHPefDP6NHcpZdnaZd48m9UTzfxYBWU6Zh+9o=
-----END CERTIFICATE-----