Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS146537.roa
File:                     AS146537.roa (raw, json)
Hash identifier:          sps+QUXuj0j1F631SNkivXfY7q587hjKcAJGCqUbtt8=
Subject key identifier:   92:4E:97:DC:FA:F7:94:33:7C:64:14:8F:81:0A:09:C0:16:6E:0B:18
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       6828678D50F4DE40CD250859D4D775147FF52FF1
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS146537.roa
Signing time:             Wed 04 Mar 2026 06:39:50 +0000
ROA not before:           Wed 04 Mar 2026 06:34:50 +0000
ROA not after:            Wed 03 Mar 2027 06:39:50 +0000
asID:                     146537
IP address blocks:        240a:af2f::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:28:67:8d:50:f4:de:40:cd:25:08:59:d4:d7:75:14:7f:f5:2f:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:34:50 2026 GMT
            Not After : Mar  3 06:39:50 2027 GMT
        Subject: CN=924E97DCFAF794337C64148F810A09C0166E0B18
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:5e:2e:df:4d:12:90:8e:a1:61:43:e5:7f:e8:
                    f5:2b:23:b4:10:68:7b:5b:7e:be:f9:a4:70:3f:30:
                    e2:c6:65:4b:04:79:fc:e7:56:4f:c6:be:1d:bc:bf:
                    69:8f:bd:f8:e3:f7:ef:fb:e1:09:4a:cd:52:5d:ee:
                    c7:2d:a6:5b:6a:b1:ed:5a:38:6f:36:1a:e8:9c:18:
                    86:0c:17:7a:86:9e:e4:ed:1c:a3:9c:b4:4a:7e:ca:
                    cd:72:1b:f1:e5:24:41:5f:29:0f:5d:47:e0:d1:fe:
                    d0:82:9b:a7:1e:d4:f3:c2:ad:3c:c2:8c:24:15:ae:
                    e8:fc:89:c6:c9:92:c9:b5:4b:95:81:86:aa:86:5c:
                    ca:cc:95:1a:80:84:79:cd:8e:60:86:c3:d9:5f:fe:
                    05:39:99:a4:56:05:cf:ff:9c:28:59:1a:80:5f:37:
                    a7:6c:f3:f6:9d:2a:99:94:d7:fa:8b:67:a8:9b:c8:
                    af:bd:48:4d:2c:90:bd:df:21:93:eb:9e:5c:75:34:
                    02:38:18:49:31:e4:15:e9:b9:b9:fc:ff:2b:ec:b7:
                    6f:4f:6c:a8:43:8f:c4:db:58:00:17:91:dd:b4:e3:
                    05:ec:64:b2:72:7c:5d:6f:34:1b:8b:33:78:eb:7d:
                    9b:38:99:9f:a5:99:39:77:23:ba:56:8f:7e:c4:ba:
                    db:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:4E:97:DC:FA:F7:94:33:7C:64:14:8F:81:0A:09:C0:16:6E:0B:18
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS146537.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:af2f::/32

    Signature Algorithm: sha256WithRSAEncryption
         92:1f:e9:32:20:af:c0:f3:12:73:38:81:9e:eb:a4:ce:b8:0f:
         aa:ad:54:b9:cb:58:a2:94:b6:0d:24:62:f3:b2:cf:1e:72:f8:
         4d:cb:0e:86:15:8c:a1:d2:27:e4:22:d2:5e:89:91:6b:3c:36:
         71:da:79:ac:51:58:c4:a8:69:ac:a6:c9:57:f6:2b:39:37:fd:
         de:ee:23:d3:08:e9:a2:91:cc:86:e7:d0:64:d8:92:1b:69:22:
         92:50:0a:a9:7f:6c:1f:57:88:c2:1c:62:da:f8:58:42:b1:1c:
         49:2c:5b:ad:77:67:93:40:5b:50:22:52:62:d1:8b:58:84:1e:
         83:1e:21:7e:a7:85:db:a2:f8:d2:7c:fc:4f:6e:6d:58:e7:63:
         33:9f:11:db:b3:9b:58:74:10:88:3d:4b:89:45:a4:11:09:d3:
         ce:ed:37:53:20:5b:2e:56:b7:71:7b:80:7c:bc:1d:84:f9:13:
         0a:9a:2a:c5:e4:8b:69:9a:ba:4f:58:e2:2d:31:d3:b7:95:86:
         d7:d3:fb:d9:a2:31:2c:60:96:24:4a:e2:be:95:1e:6f:4f:d2:
         8f:99:05:a4:dc:65:d4:52:7b:3d:e1:db:5a:bc:7c:c0:c9:70:
         f9:4a:66:73:41:20:e3:5e:cc:ad:02:ae:7b:3d:5c:a5:c1:36:
         65:16:92:02
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUaChnjVD03kDNJQhZ1Nd1FH/1L/EwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MzQ1MFoX
DTI3MDMwMzA2Mzk1MFowMzExMC8GA1UEAxMoOTI0RTk3RENGQUY3OTQzMzdDNjQx
NDhGODEwQTA5QzAxNjZFMEIxODCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALBeLt9NEpCOoWFD5X/o9SsjtBBoe1t+vvmkcD8w4sZlSwR5/OdWT8a+Hby/
aY+9+OP37/vhCUrNUl3uxy2mW2qx7Vo4bzYa6JwYhgwXeoae5O0co5y0Sn7KzXIb
8eUkQV8pD11H4NH+0IKbpx7U88KtPMKMJBWu6PyJxsmSybVLlYGGqoZcysyVGoCE
ec2OYIbD2V/+BTmZpFYFz/+cKFkagF83p2zz9p0qmZTX+otnqJvIr71ITSyQvd8h
k+ueXHU0AjgYSTHkFem5ufz/K+y3b09sqEOPxNtYABeR3bTjBexksnJ8XW80G4sz
eOt9mziZn6WZOXcjulaPfsS627ECAwEAAaOCAcUwggHBMB0GA1UdDgQWBBSSTpfc
+veUM3xkFI+BCgnAFm4LGDAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NjUzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
ry8wDQYJKoZIhvcNAQELBQADggEBAJIf6TIgr8DzEnM4gZ7rpM64D6qtVLnLWKKU
tg0kYvOyzx5y+E3LDoYVjKHSJ+Qi0l6JkWs8NnHaeaxRWMSoaaymyVf2Kzk3/d7u
I9MI6aKRzIbn0GTYkhtpIpJQCql/bB9XiMIcYtr4WEKxHEksW613Z5NAW1AiUmLR
i1iEHoMeIX6nhdui+NJ8/E9ubVjnYzOfEduzm1h0EIg9S4lFpBEJ087tN1MgWy5W
t3F7gHy8HYT5EwqaKsXki2mauk9Y4i0x07eVhtfT+9miMSxgliRK4r6VHm9P0o+Z
BaTcZdRSez3h21q8fMDJcPlKZnNBIONezK0Crns9XKXBNmUWkgI=
-----END CERTIFICATE-----