Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS146555.roa
File:                     AS146555.roa (raw, json)
Hash identifier:          gQAbS+xBmZNEvxk9up48qpwHqT0zmiYljk4f/Us2tLI=
Subject key identifier:   9B:1D:EF:26:CC:67:88:8B:EB:28:03:2B:91:2B:3E:00:1F:F2:5E:F1
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       543EA97D439EE77142CB80FADD3064BB79EB7C20
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS146555.roa
Signing time:             Wed 04 Mar 2026 06:39:22 +0000
ROA not before:           Wed 04 Mar 2026 06:34:22 +0000
ROA not after:            Wed 03 Mar 2027 06:39:22 +0000
asID:                     146555
IP address blocks:        240a:af41::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            54:3e:a9:7d:43:9e:e7:71:42:cb:80:fa:dd:30:64:bb:79:eb:7c:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:34:22 2026 GMT
            Not After : Mar  3 06:39:22 2027 GMT
        Subject: CN=9B1DEF26CC67888BEB28032B912B3E001FF25EF1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:00:b7:4b:d6:d9:fb:f2:83:5e:60:b7:0e:75:
                    58:ab:8c:90:4d:b0:8b:a7:a0:4c:5f:4a:c2:af:40:
                    93:7f:be:0d:ae:11:f1:21:9c:a6:02:11:cc:c0:e7:
                    b5:82:bf:1b:27:24:56:e6:69:af:02:c2:77:26:53:
                    44:56:82:1e:28:d1:c9:55:12:8b:63:e6:ad:ef:0a:
                    c5:82:8b:70:ba:c8:32:3a:b0:6e:11:b2:0c:a3:39:
                    d8:92:5f:26:b4:7c:12:22:8c:5c:14:3d:a5:66:2d:
                    ab:ae:93:71:63:cc:51:b6:e0:2a:e0:14:32:07:0b:
                    5c:1e:49:99:06:ec:84:21:44:c5:0f:85:10:b2:47:
                    b4:10:df:ca:08:dc:30:50:81:1b:3a:69:7d:87:74:
                    c6:2c:82:1b:44:9c:38:0c:c2:09:3e:64:ee:9b:3c:
                    78:cb:36:7f:09:07:28:75:41:d8:69:35:ab:f8:a6:
                    37:ea:c5:c0:cf:4d:f6:a2:15:f9:6b:e5:cc:ec:32:
                    8f:51:90:28:73:0d:0d:16:5b:a1:6d:4c:23:3d:88:
                    4c:34:b5:dc:39:27:f7:73:31:ae:c9:1e:14:4b:1f:
                    b1:dd:67:36:81:09:70:a1:9a:b9:91:61:c3:fd:3f:
                    53:6a:00:72:a5:e5:24:76:2c:cc:db:d8:7f:22:e9:
                    4e:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:1D:EF:26:CC:67:88:8B:EB:28:03:2B:91:2B:3E:00:1F:F2:5E:F1
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS146555.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:af41::/32

    Signature Algorithm: sha256WithRSAEncryption
         5a:ec:b0:f0:db:50:e8:5c:6b:fe:c7:31:1c:6f:f6:34:58:62:
         c4:6e:84:6e:02:61:52:86:e0:1c:15:55:ea:9c:02:8a:51:7b:
         20:c5:e3:26:a9:d9:2e:47:e3:4b:55:1f:67:a6:cb:e4:7a:56:
         7a:78:df:6e:e4:33:dc:92:2b:61:eb:68:66:13:89:6c:f3:81:
         50:33:b8:e8:d1:77:54:3d:59:09:46:1d:9b:6d:46:60:25:2f:
         e7:f5:89:00:19:99:cb:56:13:86:b0:9f:00:01:50:11:7e:7b:
         64:34:79:3d:32:db:c6:ec:d8:17:15:ed:f4:48:44:e2:77:74:
         1c:17:95:9a:24:e5:12:1c:cf:b5:c0:6b:cd:ec:f2:85:66:72:
         8e:da:33:6a:ff:33:2a:0e:1c:2f:66:18:4b:57:1a:77:f5:e5:
         e8:18:95:c1:f3:45:ab:4a:dd:f0:79:74:24:16:46:36:a7:08:
         f4:fa:53:ac:dd:3b:ca:70:b0:6a:7c:47:9d:7d:b4:42:ee:e1:
         4d:bb:b5:cd:4f:8f:35:f1:65:38:b8:c3:73:e3:c5:40:0b:cd:
         d6:5f:79:75:72:b6:35:57:e3:d0:86:b3:72:1b:bc:69:e6:62:
         01:cf:48:18:21:2f:44:12:a3:af:65:83:a6:5c:0c:b6:09:df:
         c4:08:d6:c5
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUVD6pfUOe53FCy4D63TBku3nrfCAwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MzQyMloX
DTI3MDMwMzA2MzkyMlowMzExMC8GA1UEAxMoOUIxREVGMjZDQzY3ODg4QkVCMjgw
MzJCOTEyQjNFMDAxRkYyNUVGMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALUAt0vW2fvyg15gtw51WKuMkE2wi6egTF9Kwq9Ak3++Da4R8SGcpgIRzMDn
tYK/GyckVuZprwLCdyZTRFaCHijRyVUSi2Pmre8KxYKLcLrIMjqwbhGyDKM52JJf
JrR8EiKMXBQ9pWYtq66TcWPMUbbgKuAUMgcLXB5JmQbshCFExQ+FELJHtBDfygjc
MFCBGzppfYd0xiyCG0ScOAzCCT5k7ps8eMs2fwkHKHVB2Gk1q/imN+rFwM9N9qIV
+WvlzOwyj1GQKHMNDRZboW1MIz2ITDS13Dkn93MxrskeFEsfsd1nNoEJcKGauZFh
w/0/U2oAcqXlJHYszNvYfyLpTtsCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBSbHe8m
zGeIi+soAyuRKz4AH/Je8TAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NjU1NS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
r0EwDQYJKoZIhvcNAQELBQADggEBAFrssPDbUOhca/7HMRxv9jRYYsRuhG4CYVKG
4BwVVeqcAopReyDF4yap2S5H40tVH2emy+R6Vnp4327kM9ySK2HraGYTiWzzgVAz
uOjRd1Q9WQlGHZttRmAlL+f1iQAZmctWE4awnwABUBF+e2Q0eT0y28bs2BcV7fRI
ROJ3dBwXlZok5RIcz7XAa83s8oVmco7aM2r/MyoOHC9mGEtXGnf15egYlcHzRatK
3fB5dCQWRjanCPT6U6zdO8pwsGp8R519tELu4U27tc1PjzXxZTi4w3PjxUALzdZf
eXVytjVX49CGs3IbvGnmYgHPSBghL0QSo69lg6ZcDLYJ38QI1sU=
-----END CERTIFICATE-----