Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS146602.roa
File:                     AS146602.roa (raw, json)
Hash identifier:          cYUm0//W2sWH1zbZODGNMhzVwLb86rw3gmnzCwN2uho=
Subject key identifier:   DE:B3:D0:81:3A:79:4B:82:22:BF:8E:2B:D9:26:C5:EF:51:8F:AE:6B
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       3D8CAA8FB74A3DABFEC1B7ECBBB70459466CBBFC
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS146602.roa
Signing time:             Wed 04 Mar 2026 06:39:54 +0000
ROA not before:           Wed 04 Mar 2026 06:34:54 +0000
ROA not after:            Wed 03 Mar 2027 06:39:54 +0000
asID:                     146602
IP address blocks:        240a:af70::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:8c:aa:8f:b7:4a:3d:ab:fe:c1:b7:ec:bb:b7:04:59:46:6c:bb:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:34:54 2026 GMT
            Not After : Mar  3 06:39:54 2027 GMT
        Subject: CN=DEB3D0813A794B8222BF8E2BD926C5EF518FAE6B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:47:ff:d8:ea:6e:19:90:ac:a6:4b:f9:30:d6:
                    dd:05:ae:37:99:9b:fc:6a:85:5b:ee:fe:ae:25:4a:
                    19:9f:93:ac:44:b0:1d:22:20:8e:a7:07:42:7c:25:
                    79:a3:a4:61:f0:a4:de:fb:ec:bd:c2:5b:bd:13:f2:
                    91:70:c4:51:37:e2:1a:5c:04:bd:6f:3f:88:ac:13:
                    07:2d:67:ed:1c:78:db:9c:5a:06:30:ca:97:48:62:
                    02:24:89:64:d2:f0:47:b5:74:f7:00:d4:c4:42:da:
                    37:32:23:36:54:68:c1:00:95:d1:70:5b:81:04:54:
                    7d:fa:c5:2c:b2:d0:af:35:e4:d9:3d:18:3e:ab:dd:
                    38:b1:60:f5:24:0c:79:de:c6:d0:05:3f:58:82:43:
                    aa:7d:be:ae:42:6f:ef:4e:6e:f1:16:cc:f4:a8:00:
                    0e:e9:2e:79:f1:03:a3:2a:66:fe:b6:68:d0:46:68:
                    28:8c:fc:c6:86:8f:a4:f9:73:04:35:70:bd:f5:ae:
                    59:a6:22:62:3a:75:e4:02:0e:61:c1:06:a9:99:92:
                    2b:40:c4:5e:a9:6e:d6:32:11:5e:25:fc:ce:32:49:
                    ef:18:b6:69:ea:1c:55:0b:c0:11:55:a1:88:57:be:
                    36:97:d2:af:66:00:15:56:e9:6f:e2:dd:94:60:de:
                    80:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:B3:D0:81:3A:79:4B:82:22:BF:8E:2B:D9:26:C5:EF:51:8F:AE:6B
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS146602.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:af70::/32

    Signature Algorithm: sha256WithRSAEncryption
         c2:35:97:36:22:c6:d9:3b:f5:00:d4:16:df:a3:e4:b1:4d:6b:
         bc:18:90:1d:85:d9:9d:99:01:67:cc:d5:10:54:d7:d5:ad:35:
         1b:23:ae:89:32:56:38:aa:e6:f1:9a:ea:db:c5:15:6e:0d:07:
         1c:b7:bf:24:8e:44:da:f5:6e:a6:fd:d0:4b:6a:2c:01:b5:af:
         d8:b3:a7:9b:ee:0b:2d:ab:1b:51:89:b3:29:aa:df:d9:d9:a1:
         32:f7:ce:cb:8b:15:1e:cb:55:db:ff:39:d5:7a:30:6f:8d:57:
         ad:b8:27:ca:cd:76:1a:dc:c5:0c:86:88:68:42:65:6d:32:eb:
         84:f0:07:71:f4:3e:f7:8f:52:dc:6c:65:20:9b:25:2d:ed:90:
         ba:cf:4a:4f:f8:35:dc:53:9c:dd:b5:e6:cd:d5:dc:99:5b:e4:
         ee:88:5b:cc:9b:15:f0:36:a4:71:d7:ba:24:c9:07:98:10:49:
         35:44:3e:70:63:31:ac:3c:83:68:48:11:a6:30:05:bd:dd:4f:
         60:24:b3:0e:b7:d5:63:27:12:ea:ab:f1:a1:70:f9:af:aa:27:
         0f:07:98:9a:2f:7d:f2:b2:56:3f:2d:25:3a:5e:44:7c:5e:dc:
         74:46:26:7b:62:77:65:63:28:99:cf:59:3d:19:0c:e9:ca:29:
         0a:bb:09:8e
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUPYyqj7dKPav+wbfsu7cEWUZsu/wwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MzQ1NFoX
DTI3MDMwMzA2Mzk1NFowMzExMC8GA1UEAxMoREVCM0QwODEzQTc5NEI4MjIyQkY4
RTJCRDkyNkM1RUY1MThGQUU2QjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKZH/9jqbhmQrKZL+TDW3QWuN5mb/GqFW+7+riVKGZ+TrESwHSIgjqcHQnwl
eaOkYfCk3vvsvcJbvRPykXDEUTfiGlwEvW8/iKwTBy1n7Rx425xaBjDKl0hiAiSJ
ZNLwR7V09wDUxELaNzIjNlRowQCV0XBbgQRUffrFLLLQrzXk2T0YPqvdOLFg9SQM
ed7G0AU/WIJDqn2+rkJv705u8RbM9KgADukuefEDoypm/rZo0EZoKIz8xoaPpPlz
BDVwvfWuWaYiYjp15AIOYcEGqZmSK0DEXqlu1jIRXiX8zjJJ7xi2aeocVQvAEVWh
iFe+NpfSr2YAFVbpb+LdlGDegGcCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBTes9CB
OnlLgiK/jivZJsXvUY+uazAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NjYwMi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
r3AwDQYJKoZIhvcNAQELBQADggEBAMI1lzYixtk79QDUFt+j5LFNa7wYkB2F2Z2Z
AWfM1RBU19WtNRsjrokyVjiq5vGa6tvFFW4NBxy3vySORNr1bqb90EtqLAG1r9iz
p5vuCy2rG1GJsymq39nZoTL3zsuLFR7LVdv/OdV6MG+NV624J8rNdhrcxQyGiGhC
ZW0y64TwB3H0PvePUtxsZSCbJS3tkLrPSk/4NdxTnN215s3V3Jlb5O6IW8ybFfA2
pHHXuiTJB5gQSTVEPnBjMaw8g2hIEaYwBb3dT2Aksw631WMnEuqr8aFw+a+qJw8H
mJovffKyVj8tJTpeRHxe3HRGJntid2VjKJnPWT0ZDOnKKQq7CY4=
-----END CERTIFICATE-----