Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS146527.roa
File:                     AS146527.roa (raw, json)
Hash identifier:          eVfmEhJIfsG3/Y2H/A4YLP2WEaHfv8+l6NIBOKO8O3E=
Subject key identifier:   2F:C3:9C:F2:27:65:FE:CF:9B:42:BD:29:69:64:CA:8F:93:66:EC:6D
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       4E47B78C2115DCC270941979977722EB274FA3FC
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS146527.roa
Signing time:             Wed 04 Mar 2026 06:39:14 +0000
ROA not before:           Wed 04 Mar 2026 06:34:14 +0000
ROA not after:            Wed 03 Mar 2027 06:39:14 +0000
asID:                     146527
IP address blocks:        240a:af25::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4e:47:b7:8c:21:15:dc:c2:70:94:19:79:97:77:22:eb:27:4f:a3:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:34:14 2026 GMT
            Not After : Mar  3 06:39:14 2027 GMT
        Subject: CN=2FC39CF22765FECF9B42BD296964CA8F9366EC6D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:d0:19:78:b2:32:07:17:4c:81:86:81:15:02:
                    5d:0b:91:6b:c2:82:80:4d:40:b4:64:7b:63:c9:73:
                    3d:41:1a:1b:ca:f9:03:e2:06:d3:fa:65:ba:c8:12:
                    03:7a:bb:2d:69:ea:a7:85:26:0a:ec:3e:70:13:7c:
                    98:ab:1e:18:de:a6:f0:32:d2:92:e6:6f:df:58:3d:
                    d5:6c:0a:ee:7f:61:19:54:77:de:59:34:57:8c:f7:
                    21:c4:10:f3:c4:19:04:c1:62:ee:66:3a:77:fe:63:
                    0a:7c:9c:cd:57:4d:5b:62:39:f1:79:6c:89:3d:1f:
                    aa:88:d1:17:a5:a4:d8:f5:37:b0:9d:b8:e7:6f:8b:
                    c6:16:ad:8f:ac:73:e2:54:26:84:ff:19:a6:ff:80:
                    16:fb:2d:bb:7e:2f:bb:94:cb:c8:22:94:fd:9a:a8:
                    88:57:5d:d1:9f:b8:4a:0a:10:9f:55:8a:7e:bc:ca:
                    58:b2:83:ac:2b:b4:5e:af:53:b8:28:2a:9e:17:19:
                    ed:af:43:95:3f:8b:a2:8d:e6:ff:f8:dc:6a:a4:2c:
                    00:47:48:c1:57:79:a3:52:d6:a0:aa:21:5b:b0:59:
                    36:89:2d:55:d6:93:53:60:5b:69:31:dd:2f:53:41:
                    4a:f0:97:f0:26:0c:4e:a3:9f:aa:39:11:94:01:0e:
                    39:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:C3:9C:F2:27:65:FE:CF:9B:42:BD:29:69:64:CA:8F:93:66:EC:6D
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS146527.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:af25::/32

    Signature Algorithm: sha256WithRSAEncryption
         46:9e:bd:52:83:47:46:c2:aa:00:c7:12:84:6b:57:5b:60:13:
         46:74:9e:63:f2:fd:93:63:99:d4:94:6c:73:f4:f4:d5:6d:32:
         02:9c:bb:b4:87:1f:d7:73:71:25:e4:99:b6:cf:ea:cc:5f:7b:
         4f:3f:71:d5:bc:46:6a:d5:11:4c:ba:f6:ff:72:eb:65:6c:38:
         d5:f6:2a:07:79:d2:0e:bb:15:f8:41:a0:49:ca:ac:6f:cb:b6:
         b1:50:f0:bd:e0:35:c6:7d:5f:f3:22:85:42:08:d1:69:2a:88:
         39:e3:f8:b5:a0:a2:27:c0:df:b6:7e:31:99:94:c8:9c:4c:24:
         60:1b:1c:88:31:6c:32:6a:e5:64:c7:34:c4:a6:df:e3:29:10:
         59:14:b2:05:5a:23:f4:85:36:93:48:ca:d8:9f:50:35:df:22:
         fe:15:cc:d9:9f:ee:c3:39:05:a3:93:78:6b:28:51:eb:b9:5c:
         eb:21:c0:87:8e:b1:0f:96:41:ae:b1:de:ff:56:11:ca:25:23:
         61:bd:1b:a0:b5:fc:9c:57:6a:65:4d:be:df:b6:31:95:75:a8:
         e0:45:98:23:e6:9c:83:d7:25:38:ae:ba:27:a1:8e:95:63:23:
         f8:49:a7:9c:03:5b:4a:95:d9:9c:1a:c6:9e:42:5e:61:48:14:
         ef:4b:00:94
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUTke3jCEV3MJwlBl5l3ci6ydPo/wwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MzQxNFoX
DTI3MDMwMzA2MzkxNFowMzExMC8GA1UEAxMoMkZDMzlDRjIyNzY1RkVDRjlCNDJC
RDI5Njk2NENBOEY5MzY2RUM2RDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALXQGXiyMgcXTIGGgRUCXQuRa8KCgE1AtGR7Y8lzPUEaG8r5A+IG0/plusgS
A3q7LWnqp4UmCuw+cBN8mKseGN6m8DLSkuZv31g91WwK7n9hGVR33lk0V4z3IcQQ
88QZBMFi7mY6d/5jCnyczVdNW2I58XlsiT0fqojRF6Wk2PU3sJ2452+Lxhatj6xz
4lQmhP8Zpv+AFvstu34vu5TLyCKU/ZqoiFdd0Z+4SgoQn1WKfrzKWLKDrCu0Xq9T
uCgqnhcZ7a9DlT+Loo3m//jcaqQsAEdIwVd5o1LWoKohW7BZNoktVdaTU2BbaTHd
L1NBSvCX8CYMTqOfqjkRlAEOORsCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQvw5zy
J2X+z5tCvSlpZMqPk2bsbTAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NjUyNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
ryUwDQYJKoZIhvcNAQELBQADggEBAEaevVKDR0bCqgDHEoRrV1tgE0Z0nmPy/ZNj
mdSUbHP09NVtMgKcu7SHH9dzcSXkmbbP6sxfe08/cdW8RmrVEUy69v9y62VsONX2
Kgd50g67FfhBoEnKrG/LtrFQ8L3gNcZ9X/MihUII0WkqiDnj+LWgoifA37Z+MZmU
yJxMJGAbHIgxbDJq5WTHNMSm3+MpEFkUsgVaI/SFNpNIytifUDXfIv4VzNmf7sM5
BaOTeGsoUeu5XOshwIeOsQ+WQa6x3v9WEcolI2G9G6C1/JxXamVNvt+2MZV1qOBF
mCPmnIPXJTiuuiehjpVjI/hJp5wDW0qV2Zwaxp5CXmFIFO9LAJQ=
-----END CERTIFICATE-----