Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS146563.roa
File:                     AS146563.roa (raw, json)
Hash identifier:          SRj8q9qwhHLnvYvpercTQ+p62VKK3u2KtzE8Zfz0tpc=
Subject key identifier:   B6:3B:6B:76:2D:F3:2E:EB:EA:D9:8E:A3:B2:FB:46:B1:AB:3D:CC:30
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       50A3C853496F0A8449F6723D8E6CE5D02F49A3EE
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS146563.roa
Signing time:             Wed 04 Mar 2026 06:39:28 +0000
ROA not before:           Wed 04 Mar 2026 06:34:28 +0000
ROA not after:            Wed 03 Mar 2027 06:39:28 +0000
asID:                     146563
IP address blocks:        240a:af49::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            50:a3:c8:53:49:6f:0a:84:49:f6:72:3d:8e:6c:e5:d0:2f:49:a3:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:34:28 2026 GMT
            Not After : Mar  3 06:39:28 2027 GMT
        Subject: CN=B63B6B762DF32EEBEAD98EA3B2FB46B1AB3DCC30
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:32:ec:2b:40:cb:2b:52:03:f5:6b:f8:3b:f5:
                    2d:58:f5:45:64:a1:1f:51:d9:60:e5:74:d5:1c:bd:
                    88:d2:66:9a:00:ce:e6:b6:fc:d6:cb:1d:66:4d:b3:
                    52:af:90:f5:ad:12:a4:22:63:a6:1e:3a:cb:97:18:
                    17:26:06:82:0f:f6:42:cf:59:96:e7:03:fd:85:ca:
                    60:2e:fc:98:90:12:85:80:43:e2:8b:59:15:a9:85:
                    ea:d2:76:2f:30:4f:b5:04:9d:cf:a5:26:d6:65:32:
                    c7:c3:f8:04:1a:6a:1e:77:64:b1:4c:66:30:81:b1:
                    19:5d:23:10:e4:49:dd:c9:82:49:09:57:41:c2:6e:
                    87:8c:29:92:c9:7a:02:9b:37:64:87:43:45:b0:e4:
                    e3:30:48:3b:7c:cd:e1:ef:f8:47:de:0f:36:f6:8d:
                    e8:16:f5:a5:d8:9b:68:ab:7d:98:3b:68:58:6f:e1:
                    71:c2:f6:c3:43:53:4f:45:de:98:a9:98:a5:b9:1d:
                    64:bc:91:23:a8:50:2d:66:fd:93:3b:45:c0:20:12:
                    bc:54:2e:58:1a:3e:db:7c:6e:f3:e5:e1:68:af:7f:
                    aa:13:e3:73:5e:1d:97:e3:6c:14:f7:6d:a6:77:97:
                    47:01:a8:98:db:97:38:e8:46:55:26:6a:7e:19:74:
                    fc:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:3B:6B:76:2D:F3:2E:EB:EA:D9:8E:A3:B2:FB:46:B1:AB:3D:CC:30
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS146563.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:af49::/32

    Signature Algorithm: sha256WithRSAEncryption
         82:e5:3d:61:fe:c1:21:6b:bd:75:40:73:13:b9:f4:20:7a:d1:
         44:db:55:56:4d:e1:84:9b:35:0f:9c:9b:85:ba:3a:e5:c2:49:
         16:f3:bf:4a:e2:86:33:14:40:f6:7c:de:02:6a:f9:91:7c:f2:
         2f:ed:ff:1f:68:04:0a:c5:e7:cf:63:24:97:c6:d0:d5:9d:e4:
         8b:85:7f:bf:46:57:09:d1:5e:e0:ae:78:8d:b9:99:aa:55:08:
         d8:34:8f:67:2e:4f:0d:c6:07:85:15:1d:85:34:3b:e6:ea:46:
         d6:36:c8:78:b9:bc:ec:90:c6:d8:84:f8:0b:a6:3c:e1:a8:b7:
         1f:ed:39:c8:2f:32:11:cf:68:01:21:25:82:d3:8a:f2:53:d0:
         6d:da:7f:d1:fd:07:c5:f4:7a:c8:33:aa:be:97:c8:ff:0a:8b:
         8b:87:e2:f9:cc:e8:39:f3:e7:57:b9:14:9a:f8:1f:42:5b:04:
         6a:cc:ee:5d:13:4c:51:51:03:14:b2:46:d6:bb:09:38:7b:49:
         13:c7:8f:f6:73:19:d5:80:57:99:21:bc:30:5a:6d:31:79:da:
         de:3f:da:33:94:2f:3c:15:d7:61:2a:7e:be:c2:d5:c1:54:86:
         92:bb:59:e4:13:73:85:e0:3a:47:cd:f1:c5:f1:d8:54:3c:e3:
         68:3d:6e:5e
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUUKPIU0lvCoRJ9nI9jmzl0C9Jo+4wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MzQyOFoX
DTI3MDMwMzA2MzkyOFowMzExMC8GA1UEAxMoQjYzQjZCNzYyREYzMkVFQkVBRDk4
RUEzQjJGQjQ2QjFBQjNEQ0MzMDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALMy7CtAyytSA/Vr+Dv1LVj1RWShH1HZYOV01Ry9iNJmmgDO5rb81ssdZk2z
Uq+Q9a0SpCJjph46y5cYFyYGgg/2Qs9ZlucD/YXKYC78mJAShYBD4otZFamF6tJ2
LzBPtQSdz6Um1mUyx8P4BBpqHndksUxmMIGxGV0jEORJ3cmCSQlXQcJuh4wpksl6
Aps3ZIdDRbDk4zBIO3zN4e/4R94PNvaN6Bb1pdibaKt9mDtoWG/hccL2w0NTT0Xe
mKmYpbkdZLyRI6hQLWb9kztFwCASvFQuWBo+23xu8+XhaK9/qhPjc14dl+NsFPdt
pneXRwGomNuXOOhGVSZqfhl0/KECAwEAAaOCAcUwggHBMB0GA1UdDgQWBBS2O2t2
LfMu6+rZjqOy+0axqz3MMDAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NjU2My5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
r0kwDQYJKoZIhvcNAQELBQADggEBAILlPWH+wSFrvXVAcxO59CB60UTbVVZN4YSb
NQ+cm4W6OuXCSRbzv0rihjMUQPZ83gJq+ZF88i/t/x9oBArF589jJJfG0NWd5IuF
f79GVwnRXuCueI25mapVCNg0j2cuTw3GB4UVHYU0O+bqRtY2yHi5vOyQxtiE+Aum
POGotx/tOcgvMhHPaAEhJYLTivJT0G3af9H9B8X0esgzqr6XyP8Ki4uH4vnM6Dnz
51e5FJr4H0JbBGrM7l0TTFFRAxSyRta7CTh7SRPHj/ZzGdWAV5khvDBabTF52t4/
2jOULzwV12Eqfr7C1cFUhpK7WeQTc4XgOkfN8cXx2FQ842g9bl4=
-----END CERTIFICATE-----