Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS146558.roa
File:                     AS146558.roa (raw, json)
Hash identifier:          hyf7FnV3bYJGXwQBtS1noiiedV1Z08prQhsXdNETfRE=
Subject key identifier:   9F:E9:76:A0:21:8F:A3:98:C4:ED:D7:BE:F3:1B:67:94:C9:D9:0E:90
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       624995ADE2A1E4BCC17F8B23D9DB9786BC05D4DE
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS146558.roa
Signing time:             Wed 04 Mar 2026 06:39:19 +0000
ROA not before:           Wed 04 Mar 2026 06:34:19 +0000
ROA not after:            Wed 03 Mar 2027 06:39:19 +0000
asID:                     146558
IP address blocks:        240a:af44::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            62:49:95:ad:e2:a1:e4:bc:c1:7f:8b:23:d9:db:97:86:bc:05:d4:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:34:19 2026 GMT
            Not After : Mar  3 06:39:19 2027 GMT
        Subject: CN=9FE976A0218FA398C4EDD7BEF31B6794C9D90E90
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:8e:43:61:d5:00:c9:86:f3:0f:58:95:bd:9f:
                    66:e2:2d:23:ad:7c:e7:82:e7:be:ae:44:e5:26:31:
                    56:92:56:17:29:8c:fd:5f:d0:77:34:09:ca:63:73:
                    22:e3:26:e5:37:94:9d:a4:ff:0f:94:4a:27:91:2d:
                    a2:ec:b8:ed:a0:55:e9:a4:ac:bc:68:26:69:76:b5:
                    5e:70:55:09:69:30:ef:58:c6:e0:ae:01:51:57:e9:
                    02:55:05:df:dc:4b:b3:15:65:ab:c9:fd:3c:0b:0c:
                    e3:57:93:31:24:67:3b:77:24:cc:bc:b4:3b:eb:69:
                    c2:88:db:40:b3:5f:6f:c7:68:44:8c:b3:c2:29:4b:
                    fc:e0:2e:d2:b8:17:a1:21:1d:e2:d1:70:76:c6:d6:
                    01:e3:0b:dc:79:8d:33:93:67:23:fd:3b:3c:aa:5b:
                    67:24:a1:7a:58:c1:05:d6:da:a8:73:96:15:bf:2a:
                    ad:fa:95:2b:a6:50:35:fd:a3:73:b3:c6:96:ef:0f:
                    7a:63:46:3a:08:01:ac:a2:f9:1e:55:a2:d9:dc:c9:
                    61:4c:2d:17:18:c4:88:65:a1:1a:24:8c:c9:c5:0b:
                    f5:6e:6e:76:97:57:e1:e6:7e:20:e5:2a:e3:d7:73:
                    2d:bb:0a:09:c6:cb:8a:08:17:93:c6:48:33:74:c7:
                    41:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:E9:76:A0:21:8F:A3:98:C4:ED:D7:BE:F3:1B:67:94:C9:D9:0E:90
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS146558.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:af44::/32

    Signature Algorithm: sha256WithRSAEncryption
         d8:6c:00:1e:f2:93:95:27:d7:3c:89:58:ec:00:91:8b:15:3b:
         70:83:29:28:b5:9e:e0:d1:9f:da:60:57:d0:b8:3f:71:db:ce:
         9e:6b:c9:bb:82:11:00:68:8a:45:b0:56:37:fb:c7:10:57:2d:
         39:8d:d2:3f:e0:e0:24:4c:ab:1f:db:31:80:f2:7f:6b:f1:a6:
         fc:de:80:e8:8b:d8:b6:68:e8:18:08:f1:04:35:b1:83:0b:d7:
         d9:ba:80:8f:ab:b8:55:51:86:66:b7:a2:f2:24:e8:5e:1e:45:
         e4:ec:e0:24:1c:74:05:cd:96:73:42:2f:c4:a9:43:38:26:10:
         6b:d0:3b:04:97:c1:13:61:43:6b:5a:6d:e7:20:a7:fb:a7:5a:
         7b:31:30:52:68:46:d9:8e:38:47:41:a4:46:bb:64:61:90:bb:
         16:f5:a8:f2:d0:53:93:bf:d2:a3:21:19:25:1e:5f:0d:38:09:
         44:7d:e1:79:dd:c6:0f:31:7d:08:ba:87:bd:3d:98:34:2f:a1:
         70:ca:61:dd:3c:63:2c:b7:bd:3a:b5:c5:eb:1c:1e:93:08:5e:
         9e:26:63:11:20:f0:90:05:1f:52:92:3c:36:c9:84:3e:2b:a6:
         da:fa:05:60:5a:8a:2f:17:e1:e4:16:85:9d:c5:82:d2:17:73:
         85:77:d0:ab
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUYkmVreKh5LzBf4sj2duXhrwF1N4wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MzQxOVoX
DTI3MDMwMzA2MzkxOVowMzExMC8GA1UEAxMoOUZFOTc2QTAyMThGQTM5OEM0RURE
N0JFRjMxQjY3OTRDOUQ5MEU5MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMuOQ2HVAMmG8w9Ylb2fZuItI61854Lnvq5E5SYxVpJWFymM/V/QdzQJymNz
IuMm5TeUnaT/D5RKJ5Etouy47aBV6aSsvGgmaXa1XnBVCWkw71jG4K4BUVfpAlUF
39xLsxVlq8n9PAsM41eTMSRnO3ckzLy0O+tpwojbQLNfb8doRIyzwilL/OAu0rgX
oSEd4tFwdsbWAeML3HmNM5NnI/07PKpbZySheljBBdbaqHOWFb8qrfqVK6ZQNf2j
c7PGlu8PemNGOggBrKL5HlWi2dzJYUwtFxjEiGWhGiSMycUL9W5udpdX4eZ+IOUq
49dzLbsKCcbLiggXk8ZIM3THQZcCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBSf6Xag
IY+jmMTt177zG2eUydkOkDAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NjU1OC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
r0QwDQYJKoZIhvcNAQELBQADggEBANhsAB7yk5Un1zyJWOwAkYsVO3CDKSi1nuDR
n9pgV9C4P3Hbzp5rybuCEQBoikWwVjf7xxBXLTmN0j/g4CRMqx/bMYDyf2vxpvze
gOiL2LZo6BgI8QQ1sYML19m6gI+ruFVRhma3ovIk6F4eReTs4CQcdAXNlnNCL8Sp
QzgmEGvQOwSXwRNhQ2tabecgp/unWnsxMFJoRtmOOEdBpEa7ZGGQuxb1qPLQU5O/
0qMhGSUeXw04CUR94Xndxg8xfQi6h709mDQvoXDKYd08Yyy3vTq1xescHpMIXp4m
YxEg8JAFH1KSPDbJhD4rptr6BWBaii8X4eQWhZ3FgtIXc4V30Ks=
-----END CERTIFICATE-----