Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS146582.roa
File:                     AS146582.roa (raw, json)
Hash identifier:          jFcegGbmAGWemPSS1VWA5nb3LGPH5RFfnR1ar45Jk8o=
Subject key identifier:   9B:46:B1:54:50:96:34:BF:81:88:8B:CA:1B:55:F7:6B:69:80:74:6F
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       38780C3A5D89A00A0347C3A88744834B2412C3C2
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS146582.roa
Signing time:             Wed 04 Mar 2026 06:39:34 +0000
ROA not before:           Wed 04 Mar 2026 06:34:34 +0000
ROA not after:            Wed 03 Mar 2027 06:39:34 +0000
asID:                     146582
IP address blocks:        240a:af5c::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            38:78:0c:3a:5d:89:a0:0a:03:47:c3:a8:87:44:83:4b:24:12:c3:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:34:34 2026 GMT
            Not After : Mar  3 06:39:34 2027 GMT
        Subject: CN=9B46B154509634BF81888BCA1B55F76B6980746F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:01:de:70:da:4c:64:29:ce:22:c6:5e:f6:c2:
                    53:c8:41:fc:40:b0:41:f0:ed:30:da:51:96:ae:41:
                    07:aa:0d:e1:b3:8e:d4:93:fb:7b:27:70:01:f6:e4:
                    22:69:18:10:62:03:67:e8:51:b2:87:74:02:ef:89:
                    78:16:46:5d:e3:6b:b3:b8:99:a4:86:00:54:89:20:
                    b7:c1:bb:7a:a4:92:bc:0b:12:aa:fa:1b:68:41:26:
                    b5:78:0c:d5:41:54:d5:e3:53:f9:bf:a0:9e:7d:2a:
                    f1:10:c0:e2:66:da:35:2d:10:d9:08:46:84:b3:e3:
                    ec:61:b5:5a:d5:98:65:63:b7:f0:1d:3d:08:18:f4:
                    9f:cc:26:37:26:3e:35:86:f2:05:92:83:d2:00:56:
                    b9:01:35:6f:db:ed:b8:c0:e4:93:32:56:db:ed:d4:
                    01:ae:99:2f:53:ab:0e:1d:60:97:27:00:99:30:15:
                    e8:d0:64:c2:3d:b3:2e:13:a1:a2:8f:3a:3a:03:2a:
                    86:d0:22:f1:84:99:28:89:f5:cc:7c:3e:c8:e8:56:
                    a2:a2:74:24:ba:b8:6f:88:f0:ac:57:7b:dc:55:6c:
                    bc:54:61:50:f3:74:2e:83:96:7c:9f:45:85:a3:fe:
                    e2:c9:f0:f4:9a:35:2a:b1:63:44:a9:dd:f5:5b:23:
                    8b:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:46:B1:54:50:96:34:BF:81:88:8B:CA:1B:55:F7:6B:69:80:74:6F
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS146582.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:af5c::/32

    Signature Algorithm: sha256WithRSAEncryption
         46:81:25:57:e8:b0:dd:a9:03:71:4f:01:b0:82:c3:5c:96:52:
         1d:8f:44:a9:d7:60:f6:35:c6:56:4d:35:83:a6:88:26:c0:c6:
         f1:01:88:99:80:9a:f7:d3:13:bf:06:af:e6:66:0d:33:1f:f5:
         22:0f:72:2a:f5:8c:f6:67:4c:36:78:36:43:d9:28:76:d1:fc:
         af:ef:0a:29:9d:c7:5a:b7:9f:07:f7:f3:99:e7:d9:36:e1:59:
         bf:a4:05:e3:44:eb:4a:57:a5:b6:36:b1:96:c2:93:7f:65:98:
         02:68:bd:0c:2d:81:b2:66:df:95:2f:21:4c:b6:20:7f:41:98:
         eb:e0:09:d7:51:ef:95:2f:39:d4:3d:78:1c:42:e2:f5:6d:30:
         f4:cd:43:91:ea:38:31:4f:56:53:c1:60:23:a3:c1:1a:48:49:
         ad:25:4c:de:63:83:b6:85:67:59:ba:02:d8:ed:ce:c4:77:19:
         98:c3:6d:dc:2f:34:83:9a:f7:3c:91:88:b9:49:ed:e1:09:ae:
         6a:31:7a:8b:67:18:e6:8c:0f:11:0a:98:bc:5a:10:08:0b:58:
         3b:4a:c3:8c:34:02:d3:64:36:66:64:ae:d6:a0:b1:dd:94:e5:
         b0:eb:c0:6b:d1:81:59:61:eb:14:ae:87:8c:56:d5:49:b9:91:
         b2:29:33:d8
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUOHgMOl2JoAoDR8Ooh0SDSyQSw8IwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MzQzNFoX
DTI3MDMwMzA2MzkzNFowMzExMC8GA1UEAxMoOUI0NkIxNTQ1MDk2MzRCRjgxODg4
QkNBMUI1NUY3NkI2OTgwNzQ2RjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMYB3nDaTGQpziLGXvbCU8hB/ECwQfDtMNpRlq5BB6oN4bOO1JP7eydwAfbk
ImkYEGIDZ+hRsod0Au+JeBZGXeNrs7iZpIYAVIkgt8G7eqSSvAsSqvobaEEmtXgM
1UFU1eNT+b+gnn0q8RDA4mbaNS0Q2QhGhLPj7GG1WtWYZWO38B09CBj0n8wmNyY+
NYbyBZKD0gBWuQE1b9vtuMDkkzJW2+3UAa6ZL1OrDh1glycAmTAV6NBkwj2zLhOh
oo86OgMqhtAi8YSZKIn1zHw+yOhWoqJ0JLq4b4jwrFd73FVsvFRhUPN0LoOWfJ9F
haP+4snw9Jo1KrFjRKnd9Vsji70CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBSbRrFU
UJY0v4GIi8obVfdraYB0bzAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NjU4Mi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
r1wwDQYJKoZIhvcNAQELBQADggEBAEaBJVfosN2pA3FPAbCCw1yWUh2PRKnXYPY1
xlZNNYOmiCbAxvEBiJmAmvfTE78Gr+ZmDTMf9SIPcir1jPZnTDZ4NkPZKHbR/K/v
Cimdx1q3nwf385nn2TbhWb+kBeNE60pXpbY2sZbCk39lmAJovQwtgbJm35UvIUy2
IH9BmOvgCddR75UvOdQ9eBxC4vVtMPTNQ5HqODFPVlPBYCOjwRpISa0lTN5jg7aF
Z1m6AtjtzsR3GZjDbdwvNIOa9zyRiLlJ7eEJrmoxeotnGOaMDxEKmLxaEAgLWDtK
w4w0AtNkNmZkrtagsd2U5bDrwGvRgVlh6xSuh4xW1Um5kbIpM9g=
-----END CERTIFICATE-----