Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS146547.roa
File:                     AS146547.roa (raw, json)
Hash identifier:          CVtnDj71jX3n/fCs/GyuHVl9rRXoDVlUgJlNT1MHFWY=
Subject key identifier:   57:F0:8C:13:A2:D4:F6:24:CE:A4:12:4E:82:65:7F:14:DF:EB:DA:C1
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       63D571961131FD028B314C6A563ABF6D9CC68506
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS146547.roa
Signing time:             Wed 04 Mar 2026 06:39:47 +0000
ROA not before:           Wed 04 Mar 2026 06:34:47 +0000
ROA not after:            Wed 03 Mar 2027 06:39:47 +0000
asID:                     146547
IP address blocks:        240a:af39::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:d5:71:96:11:31:fd:02:8b:31:4c:6a:56:3a:bf:6d:9c:c6:85:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:34:47 2026 GMT
            Not After : Mar  3 06:39:47 2027 GMT
        Subject: CN=57F08C13A2D4F624CEA4124E82657F14DFEBDAC1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:3b:90:be:1c:0d:7d:d4:d3:80:7e:01:dd:c0:
                    8d:e6:86:90:0c:51:8d:5a:5f:ed:2c:13:5f:2b:ea:
                    6d:31:09:8a:b0:4a:52:96:02:14:83:38:5f:fb:d5:
                    2f:75:d9:e6:80:28:30:5c:59:c0:df:8f:b4:bc:8d:
                    ff:42:b0:1a:7a:3b:0d:b0:b3:3e:86:3d:7a:fd:be:
                    e2:86:e7:c1:d0:4b:61:88:67:00:20:a2:a0:1b:37:
                    d8:57:9b:00:da:79:fb:e5:f3:4a:1d:87:68:9a:95:
                    d9:60:db:6f:58:c2:b8:e8:71:92:23:18:41:cb:17:
                    ff:45:f2:f1:ee:23:ff:8c:53:5f:e5:66:6c:08:92:
                    c7:6a:b3:f7:5c:92:5e:4f:01:1a:07:e9:12:05:8d:
                    7a:43:0e:08:1a:ea:53:ec:cc:26:33:01:9f:0f:6d:
                    5a:81:a4:ca:b4:42:2b:cd:06:e0:d6:bb:a5:10:a0:
                    68:68:98:98:39:bf:6c:aa:37:b5:54:ef:bf:b0:59:
                    28:d9:06:35:ec:cc:86:76:7a:f3:f0:65:ae:05:5d:
                    7e:2b:9f:ec:0c:8b:ee:d3:a6:bf:d7:c8:f3:12:78:
                    21:fd:ef:38:05:18:56:ee:51:b5:8d:c9:87:c2:21:
                    ad:a8:2a:2a:98:a6:5e:e6:bd:cb:a6:5e:f2:5d:38:
                    78:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:F0:8C:13:A2:D4:F6:24:CE:A4:12:4E:82:65:7F:14:DF:EB:DA:C1
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS146547.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:af39::/32

    Signature Algorithm: sha256WithRSAEncryption
         22:f5:ce:45:5e:ee:67:cd:07:53:5f:3e:12:4c:01:a2:78:20:
         7a:34:2c:d9:18:85:4d:8b:93:aa:10:ed:a6:50:05:3a:fb:0f:
         27:a0:ae:c0:d8:20:60:25:bd:10:1b:5e:9b:2f:6a:45:50:8b:
         39:4a:24:93:d5:28:24:fc:03:a5:4f:23:ab:1b:2a:34:db:33:
         ac:98:b3:e0:97:3a:71:41:75:45:43:88:db:3b:da:5d:ec:6f:
         e7:ed:5c:ac:4c:be:bf:cc:d3:c2:d6:f8:e0:ba:7e:bf:bc:64:
         72:b6:eb:bf:67:80:7e:02:71:aa:cb:bc:e7:6f:36:5d:fa:de:
         e8:72:2b:b3:dc:f9:09:d4:5e:83:3d:6e:87:75:a9:47:d7:1f:
         57:ca:4f:f4:2d:36:61:6b:84:58:ba:d7:26:f2:e4:68:8f:15:
         79:f8:56:8e:af:5a:0a:2c:37:16:c5:35:56:66:6c:ce:0e:cb:
         61:75:3f:a8:c2:c0:ba:40:93:64:a8:21:4f:21:23:d8:b4:23:
         2c:84:b8:9d:85:34:72:7d:c4:f5:6d:9d:79:4c:72:1a:f8:14:
         26:2a:72:3b:a8:5e:22:f5:96:08:e2:90:8d:ae:29:dc:89:22:
         1f:aa:98:ae:94:21:d2:0f:42:60:69:61:9c:e4:6e:be:3a:ad:
         1d:c6:81:9b
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUY9VxlhEx/QKLMUxqVjq/bZzGhQYwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MzQ0N1oX
DTI3MDMwMzA2Mzk0N1owMzExMC8GA1UEAxMoNTdGMDhDMTNBMkQ0RjYyNENFQTQx
MjRFODI2NTdGMTRERkVCREFDMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANQ7kL4cDX3U04B+Ad3AjeaGkAxRjVpf7SwTXyvqbTEJirBKUpYCFIM4X/vV
L3XZ5oAoMFxZwN+PtLyN/0KwGno7DbCzPoY9ev2+4obnwdBLYYhnACCioBs32Feb
ANp5++XzSh2HaJqV2WDbb1jCuOhxkiMYQcsX/0Xy8e4j/4xTX+VmbAiSx2qz91yS
Xk8BGgfpEgWNekMOCBrqU+zMJjMBnw9tWoGkyrRCK80G4Na7pRCgaGiYmDm/bKo3
tVTvv7BZKNkGNezMhnZ68/BlrgVdfiuf7AyL7tOmv9fI8xJ4If3vOAUYVu5RtY3J
h8IhragqKpimXua9y6Ze8l04eGcCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBRX8IwT
otT2JM6kEk6CZX8U3+vawTAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NjU0Ny5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
rzkwDQYJKoZIhvcNAQELBQADggEBACL1zkVe7mfNB1NfPhJMAaJ4IHo0LNkYhU2L
k6oQ7aZQBTr7DyegrsDYIGAlvRAbXpsvakVQizlKJJPVKCT8A6VPI6sbKjTbM6yY
s+CXOnFBdUVDiNs72l3sb+ftXKxMvr/M08LW+OC6fr+8ZHK2679ngH4CcarLvOdv
Nl363uhyK7Pc+QnUXoM9bod1qUfXH1fKT/QtNmFrhFi61yby5GiPFXn4Vo6vWgos
NxbFNVZmbM4Oy2F1P6jCwLpAk2SoIU8hI9i0IyyEuJ2FNHJ9xPVtnXlMchr4FCYq
cjuoXiL1lgjikI2uKdyJIh+qmK6UIdIPQmBpYZzkbr46rR3GgZs=
-----END CERTIFICATE-----